Hornetsecurity IT Security Incident Center

» Get Updates

Latest IT Security Incident Reports

July 17, 2019 - Evite Application get hacked, exposes over 100 million user accounts

Evite  – Data Breach 

  • Date Issued:  July 17, 2019
  • Target Company: Evite

Report Details

July 14th  it was reported that 100,985,047 unique user accounts for Evite had been exposed in a data breach. The stolen data was put up for sale on Dream Market on the dark web. It has been determined that the hack was orchestrated by ‘Gnosticplayers’. The user information contained names, email addresses, passwords, date of birth, phone numbers. It was originally believed that only 10 million accounts were accessed, but Have I Been Pwned shows that over 100 million were breached.

July 17, 2019 - Sprint Customer Accounts Breached through Samsung "Add a Line" Feature

Sprint – Accounts Breached

    • Date Issued:  July 17, 2019

Report Details

Hackers breached Sprint customer accounts using Samsung’s ‘Add a Line” feature on their website. So what was information was exposed?

Stolen information included:

– customers’ names

– billing addresses

– phone numbers

– device IDs

– previous billing history

– add on service portal

Sprint reset pins to protect compromised accounts, but it is suggested that customers should place a fraud alert on credit reports, as well as monitor bank accounts for unusual activity.

July 16, 2019 - Syracuse City School District and Onondaga County Public Library Disabled by Ransomware

Syracuse City School District / Public Library – Ransomware 

    • Date Issued:  July 9, 2019

Report Details

Hackers launched a ransomware attack on Syracuse City School District which along with disabling their systems, also led to the shut down of Onondaga County Public Library’s online catalog and account network. Upon notice of the breach, the school began restoration of their back end, and filed an investigation immediately. The breach trickled to the library and all branches are currently shut down from accessing accounts and online catalogs still. Phone services were affected as well for both parties. The FBI has recommended that no ransom be paid, but the insurance company backing the parties says they should pay up!

July 12, 2019 - LaPorte County, Indiana dishes out $130,000 in Bitcoin for Ransom

LaPorte County, Indiana – Ryuk Ransomware 

  • Date Issued:  July 6, 2019
  • Target Company: LaPorte County, Indiana

Report Details

LaPorte County, Indiana suffered a data breach from a ransomware attack on July 6th. The breach disabled network services, and impacted computer networks, email accounts, and their website. LaPorte County worked with the FBI to attempt to decrypt the files, but the FBI decryption keys were unable to work. The failed decryption led to a Bitcoin ransom payout out of $130,000 USD. Luckily, an insurance policy for the county was able to cover $100,000 of the ransom. The policy was implemented just a year earlier after request by the county liability agent, John Jones. The ransomware that crushed LaPorte County’s systems was a form of Ryuk.




July 12, 2019 - KHSU Radio Station in Humboldt County, hit by Ransomware attack

KHSU Radio Station – Ransomware 

  • Date Issued:  July 1, 2019
  • Target Company: KHSU Radio Station

Report Details

KHSU Radio Stations owned by Humboldt State University, suffered a ransomware attack at the beginning of the month that shut down the station’s programming systems and storage servers. One positive thing to note, there was no important information on the compromised servers. They aren’t sure of the source for the attack, and there was no specific ransom requested. KHSU is currently in the process of rebuilding and reprogramming its security systems.

July 12, 2019 – K12.com MongoDB database exposes 7 million student records

K12.com MongoDB Database – Bug in Software 

  • Date Issued:  July 12, 2019
  • Target Company: K12.com 

Report Details

Over 7 million student records from K12.com were exposed due to a fault in a MongoDB database. The records were accessible for over a week before they were secured. The visible information included

  • Primary personal email address
  • Full name
  • Gender
  • Age
  • Birthdate
  • School name
  • Authentication keys for accessing ALS accounts & presentations

The database was visible to the public from June 23-July 1, but it is unknown whether or not the activity was malicious. K12.com came out and stated that they take data privacy extremely seriously, and that they are doing everything they can to make sure no malicious activity takes place.




July 11, 2019 - Philadelphia Federal Credit Union Customers hit with fraudulent transactions

Philadelphia Federal Credit Union – Malicious Hack

  • Date Issued: July 11
  • Target Company: Philadelphia Federal Credit Union
  • Undisclosed Email that led Department Chair to transfer funds 

Report Details

Nearly 400 customers of the Philadelphia Federal Credit Union fell victim to a breach over the weekend, in which hackers made fraudulent purchases of $200-$500 with customers debit cards. Something important to note is that the fraudulent funds were actually withdrawn from ATMs, meaning the hackers used the credit card date to make their own debit cards with the stolen numbers. PFCU has stated they will work to reimburse customers who were effected, and are working with security experts to find out what really occurred.


July 9, 2019 - Hackers exploit a pizza shop’s website to deliver diet pill scam campaigns

Pizza Shop Website – Website Hacked to Run Spam Campaign 

  • Date Issued:  July 9, 2019
  • Target CompanyPizza Delivery Shop’s Website

Report Details

A pizza delivery shop whom had been running an outdated version of WordPress (4.9.6), were infiltrated by hackers whom had been running a highly sophisticated scam campaign through hyperlinks on the shop’s website homepage. The scam campaign revolved around Xenical, a diet pill company. The scam website promoted DietxPills, and was connected to a server of 46 other sites who sold medications without requiring prescriptions.

July 8, 2019 – LaPorte County (Indiana) government faces tough time following malware attack

Malware Attack – LaPorte County (Indiana)

  • Date Issued: July 8, 2019
  • Target Company: LaPorte County (Indiana)
  • Attack Type:  Malware attack impacting the government email systems and the county website

Report Details

LaPorte County Board of Commissioners President Dr. Vidya Kora has revealed that a malware attack had occurred on July 6, 2019. This has disabled the county’s computer and email systems.

The county has begun working with security experts to respond to such cyber attacks. The experts will also coordinate the county to repair the affected systems and improve the security to prevent such virus infection.

July 8, 2019 – American Land Title Association Suffers Data Breach Compromising Over 600 Company Records

American Land Title Association (ALTA) – Email Phishing Campaign/Data Breach

  • Date Issued: July 9, 2019
  • Target Company: American Land Title Association (ALTA)
  • Breach Type: Email Phishing Campaign – Data Breach

Report Details

The American Land Title Association (ALTA) suffered a data breach compromising hundreds of company records in a phishing campaign.

ALTA is the U.S. national trade association representing nearly 6000 title insurance companies, title and settlement agents, independent abstracters, title searchers, and real estate attorneys.

The files obtained from the hacker contain almost 600 data entries for title and non-title companies. The data included domain identification, IP addresses, usernames, and passwords.

ALTA recommends the potentially impacted companies to monitor their systems for unauthorized access, and in case of any suspicious access immediately alert their IT departments.

The national trade association also recommends reporting any suspicious emails to the Federal Bureau of Investigation Internet Crime Complaint Center.

The association also suggested some steps to protect company systems which includes:

  • Scanning all the systems and devices for malware.
  • Updating or patching the installed software and operating systems.
  • Requiring company staff to update and change system passwords, especially those containing customer information and banking services.
July 8, 2019 – Maryland Department of Labor suffered data breach compromising PII of 78000 customers

Maryland Dept. of Labor -Data Breach

  • Date Issued: June 24, 2019
  • Target:  Customer’s Personally Identifiable Information

Report Details

The Maryland Department of Labor (Maryland DoL) suffered a data breach compromising the sensitive information of almost 78000 customers including their Social Security Numbers.

The customer information stored on the Literacy Works Information System and a legacy unemployment insurance service database were accessed by an unauthorized third party.

However, there has been no evidence that any personally identifiable information was downloaded or extracted from the compromised servers.

The files stored in the Literacy Works Information system were from 2009, 2010, and 2014. These files included names, Social Security numbers, dates of birth, city or county of residence, graduation dates, and record numbers.

The files stored in the legacy unemployment insurance service database were from 2013 and included names and Social Security numbers.

We live in an age of highly sophisticated information security threats. We are committed to doing all we can to protect our customers and their information,” James E. Rzepkowski, Acting Labor Secretary said in an interview.

The agency is providing two-years of free credit monitoring services for all impacted customers.

July 8, 2019 – Massive Magecart attack campaign breaches over 960 e-commerce stores

Magecart Hackers – Customized Malicious Javascript on e-commerce Websites

  • Date Issued: July 8th, 2019
  • Target: 962 e-commerce stores
  • Type of Attack:  PHP object injection exploit

Report Details

This latest Magecart campaign (automated attack campaign) breached over 962 e-commerce stores and successfully stole customers’ payment card details in just 24 hours time-frame.

Attackers inserted a customized Javascript on e-commerce sites, essentially inserting a fake credit card payment section. The customized skimmer script was designed to collect e-commerce customers’ payment details including full credit card data, names, phone numbers, and addresses.

Victims of this latest Magecart campaign are from all over the world, including the United States.  This newest attack appears to be a PHP object injection exploit for an existing vulnerability.


July 8, 2019 – Florida state worker steals resident’s Personally Identifiable Information (PII)

2,000 Florida Residents have their PII Stolen

  • Date Issued:  July 8, 2019
  • Target Company2,000 Florida residents

Report Details


About 2,000 Florida residents were potentially victimized by an employee of that state’s Department of Children and Family Services (DFCS) who accessed and used their PII to fraudulently make $260,000 in purchases.

Allegedly, state staffer Bertanicy Garcia, an interviewing clerk at the Miami DFCS, worked in conjunction with six accomplices to whom she distributed personal information gathered at her job enabling the gang to create fake credit cards and pull off tax fraud, The Gainsville Sun reported.

The investigation began in May when the sheriff’s office looked into Roxana Ruiz and Eduardo Lamigueiro when they opened multiple credit card accounts and used them to make several large purchases, The Sun reported. Information connecting the pair to Garcia was found on their cellphones leading to their arrest. However, they were released on bond and have since disappeared.

Lamigueiro allegedly sent Social Security information to Marcos Cobo-Gonzalez who used the information to commit tax fraud.”

(via scmagazine.com)

July 8, 2019 – The City of Griffin, Georgia hit with Phishing Email Scam that cost over $850,000

City of Griffin, GA – Malicious Phishing Scheme

  • Date Issued: July 8
  • Target Company: City of Griffin Finance Department
  • Undisclosed Email that led Department Chair to transfer funds 

Report Details

Hackers were able to get a massive payout through a sophisticated phishing scheme aimed at the City of Griffin’s Finance Department. The scam was designed to be an email requesting funds from their third party water company, PF Moon. The phishing email was targeted at the Finance Department Official Chuck Olmstead, and it worked because he was the one who fell for the scheme.” The Finance Department officials believed the email to be from the water treatment facilities PF Moon and had made the first transaction of $581,180.51 on June 21, 2019. This was followed by a second transaction – $221,318 – which was done on June 26, 2019. The total amount lost in these two transactions stood at $802,499.29.” The City of Griffin has yet to recover any funds from the transactions, and is currently working with the FBI to resolve the matter.


July 5, 2019 – Hackers gain access to 7-Eleven’s App, Steal over $500,000 from Japanese Customers

7-Eleven Mobile Phone App (7-Pay) – Data Breach 

  • Date Issued:  July 5, 2019
  • Target CompanyJapanese 7-Eleven 7-Pay App Downloaders

Report Details

Hackers were able to infiltrate 7-Eleven’s Mobile Phone Application through a security flaw in their 7Pay feature. The application was created for it’s Japanese market and was just released to the public on July 1, 2019. Victims reported they had been locked out of their accounts, just one day after creating them. 7-Eleven stated that over 900 accounts had been breached, stealing personal data and payment information through a faulty password reset function. The hack cost the 900 customers over 55 million Yen, or $500,000 USD. Immediately 7-Eleven had the banking accounts and cards suspended for the breached accounts, as well as shut down new registration for 7 Pay.

July 2, 2019 – Georgia Court Agency has its Systems Shut Down by Ransomware Attack

Georgia Court Agency – Ransomware 

  • Date Issued:  July 2, 2019
  • Target Company: Georgia Court Agency

Report Details

Right after three Florida Cities fall victim to attacks, the Administrative Office of the Courts in Georgia was targeted and taken down by Ransomware. The AOC reported that their infrastructure was taken offline by a ransomware infection. The AOC spokesperson, Bruce Shaw stated that they were able to cut off and quarantine the servers, but it has yet to be determined how many computers or systems were affected by the breach. The databases apparently contain no personal information. We are unsure if a ransom was paid at the moment.

July 2, 2019 – Father Bill's and MainSpring hit with a Ransomware Attack

Non-Profit Father Bill’s and MainSpring – Ransomware Attack

  • Date Issued: July 2, 2019
  • Target Company: Father Bill’s MainSpring Non-Profit Organization

Report Details


Yet again another ransomware attack hits, and this time it strikes the non-profit Father Bill’s and MainSpring, an organization that provides necessities for the homeless. Luckily, an anti-virus software was detected and blocked the threat in less than 30 seconds. Due to the anti-virus software, the ransomware was unable to encrypt or lock any of the files or computer systems. President and CEO, John Yawinski stated that there had be no exposure, and all files were restored without being compromised. The incident was immediately reported to the Massachusetts Attorney General Maura Healey, and any individual who had personal information stored within the system was notified.

July 1, 2019 – Malicious Android App Disguised as Game Steals Personal Information through Google Sign In API

‘Scary Granny ZOMBY Mod: The Horror Game 2019 – Malicious Android Game App

  • Date Issued: July 1, 2019
  • Target Company: ‘Scary Granny ZOMBY Mod’ Users with Google API Access
  • Google Sign-In API 
  • Malicious Fake Google Sign In API during in-game account creation

Report Details

It was uncovered by researchers at Wandera, that an Android mobile phone application with over 50,000 downloads was phishing personal information from its user base whom had created an account through the Google Sign-In API that was built in. The application, “Scary Granny ZOMBY Mod: The Horror Game 2019” was a malicious phishing scheme disguised as an android mobile puzzle phone game. In the application, it would prompt the user to pay $22: the user would then click out of the pop up. After the user exited out of that pop up, it would ask for an account to be created through Google’s Sign In API. Once the credentials were given through the app, the scheme had succeeded. The hackers now had access to Google accounts, and the personal information that goes along with them (banking credentials, credit card details, personal conversations and info).
July 1, 2019 – Summa Health Breached By Phishing Scheme Compromising Important Patient Information

Summa Health – Malicious Phishing Scheme

  • Date Issued: Through August 2018 – March 2019
  • Target Company: Summa Health
  • Undisclosed Email or Link that unleashed Ransomware on 4 Employee Accounts

Report Details

Summa Health spoke out about an incident they discovered within their infrastructure. Two employee accounts were accessed in August of 2018, and two other accounts were accessed between March 11 and March 29. The employee accounts that were breached contained over 500 patients’ personal information which included, names, dates of birth, medical records, patient account numbers, social security, driver’s license number, and clinical and treatment information. This attack was the result of a highly sophisticated phishing scheme. Summa immediately hired a forensic investigator and secured the breached accounts and is providing identity protection services and credit monitoring for those impacted by the hack.


June 28, 2019 – FDA warns about potential cyber-security concerns with certain Medtronic insulin pumps

MiniMed 508 Insulin Pump and MiniMed Paradigm Series are both vunverable to cyberattacks

  • Date Issued: June 28, 2019
  • Target Company: Medtronic 
  • Device Targeted: MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps
  • Attack Type:  Undisclosed cybersecurity vulnerabilities

Report Details

FDA announced Thursday, June 27th 2019 that some Medtronic MiniMed insulin pumps are being recalled because of potential cybersecurity risks and said that patients using these models should switch to models that are better equipped to protect against such potential risks.
The agency noted it is not aware of any confirmed reports of patient harm stemming from these potential cybersecurity risks. According to FDA, the potential risks are linked to the wireless communication between Medtronic’s MiniMed insulin pumps and other devices such as blood glucose meters, continuous glucose monitoring systems, the remote controller, and CareLink USB device used with these pumps. FDA said it “is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings.”
The recalled pumps are Medtronic’s MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps. The company is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities. Medtronic has identified about 4,000 U.S. patients who are potentially using insulin pumps that are vulnerable to this issue.
*FDA News Release (07/27/19)
June 28, 2019 – Unprotected database belonging to MedicareSupplement.com exposed almost 5 million user records

MedicareSupplement.com’s database of 5+ million left unprotected

  • Date Issued: June 28, 2019
  • Company: MedicareSupplement.com

Report Details

A security researcher, Bob Diachenko along with Comparitech uncovered a MedicareSupplement.com MongoDB database that was left open to the public without any authentication.  MedicareSupplement.com responed quickly by taking down the database and disabling public access.
  • The leaky database included almost 5 million records containing personal information of users such as names, addresses, dates of birth, gender, email addresses, and IP addresses.
  • Additionally, almost 239,000 records were related to insurance interest area such as cancer insurance.



June 28, 2019 - Huntington Ingalls compromised by a large-scale hacking campaign

Navy’s largest shipbuilder was the target of several organs of the Chinese government.

  • Date Issued: June 28, 2019
  • Targets: Huntington Ingalls, Navy and Navy-affiliated industrial base partners
  • Attack Variant:  Cloud Hopper

Report Details


According to a Reuters report, the Navy’s largest shipbuilder was the target of several organs of the Chinese government and the recipient of a hacking campaign.

Huntington Ingalls denied the allegation in a June 27 email to Fifth Domain (fifthdomain.com), saying, “there was no breach of information” from Newport News Shipyard, nor were their systems connected to a foreign server controlled by a Chinese group, known as APT10.

During a private briefing with HPE staff, Huntington Ingalls executives voiced concern the hackers could have accessed data from its biggest operation, the Newport News, Va., shipyard where it builds nuclear-powered submarines, said a person familiar with the discussions. It’s not clear whether any data was stolen,” Reuters reported.


June 28, 2019 – EA Gaming's Origin Platform Exposed 300 Milllion User Acer Accounts

EA Sports Gaming – Bug in Script on Subdomain

  • Date Issued: June 27, 2019
  • Target Company: EA Sports Gaming
  • Subdomain Bug Exploits Accounts

Report Details

EA Sports Gaming company just reported that a bug in the subdomain eaplayinvite.ea[.]com, which is exploited and can be hijacked by Azure users. A trust mechanism that was built into the script could be used to mess with the OAuth protocol. This protocol is used by EA to authenticate user. Once hijacked, a complete take-over of accounts is capable. It is believed that the hackers stole credit card information, and were used to make purchases.     
June 27, 2019 – Microsoft Warns Users of Malicious Campaign that Drops FlawedAmmyy RAT

FlawedAmmyy Remote Access Trojan (RAT)

  • Date Issued: June 25, 2019
  • Target:  Known to target the automotive industry and is associated with TA505’s campaigns.
  • Type of Attack:  Spam emails containing malicious .xls attachmentsmsiexec.exe deployed which downloads an MSI archive which executes a series of executable files and a FlawedAmmyy RAT is the final executable file in this series and is directly ran in memory.

Report Details


Microsoft has uncovered a new attack campaign which delivers the well-known FlawedAmmyy remote access trojan (RAT). The campaign has weaponized spam emails that come with a .xls attachment and makes use of Excel macros to spread the RAT. According to Microsoft’s Security Intelligence team, the campaign employs a complex infection chain to execute FlawedAmmyy RAT directly in memory.

The FlawedAmmyy RAT payload (malware) does not target a specific vulnerability and can compromise a fully-patched Windows system. Users are advised to be wary of suspicious emails written in foreign languages and make sure they do not open attachments present in them.


June 27, 2019 – Westwood Borough, NJ. Compromised by Undetected Malware Attack

Westwood Borough, Bergen County, New Jersey – Malware

  • Date Issued: June 27, 2019
  • Target: Customer Information (Banking, SS#, Addresses)

Report Details


Westwood Borough in Bergen County, New Jersey was breached by a malware attack that compromised data stored within their systems. The borough had hired a 3rd party forensics analysis company back in January, when they had noticed unusual activity within their network. The information compromised included Social Security numbers, State and Driving IDs, as well as bank account details.


The forensics analysis team stated they could not find how or where exactly the malware was unleashed. As a precaution Westwood wanted to bring this to the public’s attention

June 27, 2019 – Lake City, Florida crushed by Malicious Malware Link

Lake City, Florida crushed by Malicious Malware Link – Ransomware

  • Date Issued: June 27, 2019
  • Target: Lake City, Florida Local Government  

Report Details


Big time hackers target Lake City, Florida local government this week. The mayor stated the community paid a $460,000 ransom to get back control of their email and servers that had been down for two weeks ago. The ransomware attack froze city workers out of their email accounts which disabled the community’s ability to pay city bills online. Lake City’s insurance was able to cover the whole ransom, except for around $10,000. The mayor says this could lead to higher taxes for better insurance so this doesn’t happen again. The hackers were able to infiltrate the malware through an malicious email link that was clicked on by a city employee.


June 24, 2019 – U.S. government agencies targeted by Iranian spearphishing campaigns

U.S. Government Agencies targets of Iranian spearphishing campaigns

  • Date Issued: June 24, 2019
  • Target: Undisclosed U.S. government agencies 
  • Spearphishing campaigns

Report Details

Representatives from two cyber threat intelligence firms told Fifth Domain (fifthdomain.com) June 24 that they were aware Iran had conducted highly-customized spearphishing campaigns. In some cases, experts said, the attacks included what’s known as a lure document to entice victims to click and inadvertently install malware. U.S. government agencies were among the targets of the attacks.

June 24, 2019 – Marin Community Clinics Sodinokibi Ransonware attack

Marin Community Clinics – Sodinokibi Ransonware Attack

  • Date Issued: June 24, 2019
  • TargetMarin Community Clinics
  • Sodinokibi Ransonware attack via malicious link in email

Ransomware Methods

  • Genuine Looking Content
  • Disguised Hyperlinks
  • Cryptolock

Report Details

Marin Community Clinics was able to resume use of its computer system after being hit by a ransomware attack last week.

Unidentified hackers managed to encrypt the clinics’ data and demanded a ransom to decrypt it.  Mitesh Popat, the clinics’ CEO, said no patient information was compromised during the attack and little or no information was lost.

Cyber Threat Report

Read the latest Cyber Threat Report on current cyber threats now, benefit from exclusive assessments by Hornetsecurity security experts, and learn how you can effectively protect yourself as an organization. All figures and statistics on Advanced Persistent Threats, Malware and Digital Espionage are available at the following link.

» Get Report

Stay informed

Be the first to receive blog updates, threat alerts, information on cloud security trends, and details on new services from Hornetsecurity.

Threat Alerts

Get information about the latest cybercrime threats and dangers.

Exclusive Content Access

As a subscriber you get free access to exclusive content, such as case studies, white papers, webcasts, and other interesting information.

News and Updates

Get information on current cloud security trends in the form of technical papers.

Service Information

We are proud to inform you about new features of our services, as well as show you in detail how you can benefit from our services.

Benefit from our Premium Services

As one of the leading cloud security providers, we offer you a wide range of services for your email security. These include 365 Total Protection, Advanced Threat Protection and our Spam Filter Service.

» More

Test our innovative services today

Do not buy a pig in a poke, but get an insight into our Cloud Security Services in advance for a 30-day trial period. Find out how you can protect your business against cybercrime.

» More

Reliable services

We protect our customers against cyber attacks of various kinds. Our premium services – based on sophisticated engines – protect you against spam, business email compromise (BEC), phishing and ransomware.

» More

Hornetsecurity – The Cloud Security Pioneer

Our experienced specialists from the Security Lab recognize and analyze current threat situations. Benefit from our knowledge and convince yourself of our 24/7 Cloud Security Services.

» More

Latest Blog Articles & Security Informations

» Subscribe now

Mirai – The Botnet of Things

Mirai – The Botnet of Things

In October 2016, the Mirai botnet became widely known for the first time: the largest DDoS attack ever launched on the DNS provider “Dyn” shuts down Amazon and Netflix for several hours. The botnet consisted of hacked smart devices – an enormous security vulnerability in the Internet of Things was revealed. What does this mean for digitization in companies? And who exactly is behind the dangerous IoT virus Mirai?

Crypto mining – From the gold rush in the digital world

Crypto mining – From the gold rush in the digital world

Crypto currencies have established as a legitimate means of payment in the digital world. However, “mining” these currencies involves a great deal of effort – cybercriminals have developed methods to illegally gain access to the new gold. Especially companies are at the mercy…We examine the mining of modern times and clarify the most important questions.

Brute Force Attacks

A brute-force attack is a trial-and-error method used to obtain information such as passwords or other access codes. Here, the attacker tries a variety of …

» More

Cryptolocker Ransomware

The cryptolocker ransomware was a polymorphic virus, which was used to encrypted computer systems. The only option affected …

» More

Cyber Kill Chain

To identify and combat attacks along the Cyber Kill Chain in time, you need to understand the strategies of the criminals …

» More

Ransomware Kill Chain (Part 1)

Why ransomware is not a typical cyberattack? Normally, the data theft remains undetected. This is especially true when the systems are insufficiently protected. But it is quite a different case with ransomware …

» More

Ransomware Kill Chain (Part 2)

How to use the Ransomware Kill Chain model to devise countermeasures? The Ransomware Kill Chain using Wanna Cry as an example …

» More