RansomwareNewz Desk – Equifax, Russian Kangaroos, NATO

Welcome, welcome, welcome to RansomwareNewz straight outta Boston. We begin with news about Equifax, where things have gone from bad to worse to Dante’s ninth level of hell!

No, RWNZ hasn’t recruited John Oliver but (trendsetters that we are!) hacking stories have become the subject of entire episodes of HBO’s Last Week Tonight. In case you missed Sunday night’s report on the Equifax data breach which placed 140 million Americans in danger of identity theft, here it is in its full glory:


And this news just in – Equifax has been hit again, this time by malvertising. Security blogger Randy Abrams noticed that a sequence of third-party content delivery network called Centerbluray was a browser hijacker is a malware program and featured a fake Flash Player Installer.

An Equifax spokesperson said “The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content,” but in behavior we should all be used to, didn’t fess up to their mistake, instead offering this message…

on an unencrypted, unauthenticated HTTP page!

Go Equifax! No, please… just go.


If you haven’t encountered Kangaroo Ransomware yet, you’re lucky. It’s brought to you by the producers of the Apocalypse, Fabiansomware and Esmeralda Ransomware strains.

Yet, unlike most other Ransomware infections, this family is not spread through exploits, cracks, phishing sites or Trojans, but instead by the developer manually hacking into computers using Remote Desktops.  They then drop, execute the malware and copy the unique ID and encryption key from the victim system before the authors perform a language check – if the default language comes back as Russian, Ukrainian or Belarusian, the ransomware will terminate.

And here was me thinking Kangaroos spoke Australian.

When the ransomware is executed, the above screen (which contains the victim’s unique ID and their encryption key) will be shown. After utilizing an anti-Forensics technique known as time-stomping, Kangaroo makes one more attempt to cover its tracks as it clears your SYSTEM and SECURITY logs and deletes shadow copy backups from your system. Thanks, Vladimir. Speaking of whom…


If hacking the election, using Facebook and Twitter to sway voting and STEALING Australia’s most iconic marsupial, the propaganda machine that is Russia stepped up its aggressive stance by hacking into the smartphones of NATO troops in Poland.

The Wall Street Journal, citing NATO troops and officials, reported that Russia had compromised the smartphones of 4,000 NATO troops and also uses surveillance drones to access information on operations and troop numbers in the area.

US Army Lt. Col. Christopher L’Heureux, leader of the NATO base in Poland told the WSJ that he found evidence of a Russian IP address trying to access his phone. “They were geolocating me, whoever it was,” he said. “I was like, ‘What the heck is this?’”

It’s the future, Lieutenant Colonel. It’s called “Cyber Warfare” and it’s here to stay.


And speaking of dystopian futures, it’s not only the military that will suffer. Two American cities have been locked down by ransomware attacks in October alone.

The first attack targeted Englewood in Colorado and brought down the city’s internal network. The cyber attack was relatively small, leaving the city’s civic center unable to process credit cards and the city’s library unable to place items on hold or accept late fines.

The second cyber attack was much more serious. A drive-by download attack – thought to have occurred when a single city employee opened a malware infected .pdf file – locked down the small city of Issaquah, Washington State for four days. Though the city has a population of 30,000 and is reckoned to be the second-fastest growing suburb in Washington state, Issaquah has only two IT staff dedicated to infrastructure.

So when the city’s technological infrastructure; from phones, networks, servers, desktops, applications and cloud services was crippled by Cryptolocker Ransomware, our friends over at Unitrends leapt into action to save the day.

The fascinating story of how Ransomware almost took down a whole city is too much to replicate in our weekly RansomwareNewz roundup, but you can read all about it here.

While we don’t want to be scaremongers, this really is the shape of things to come. It won’t be long before the Russians are hacking our infrastructures on a daily basis. Sleep well!



Leave a Reply

Your email address will not be published. Required fields are marked *