Hey there, FixMeFans and StartMeStars! We’re back with another edition of our weekly cybersecurity roundup where we deliver the most recent comings and goings of the cybersecurity world.
This week’s roundup is bringing you news about how a cyber attack has forced live TV shows off-air on an Australian network. As well as how a ransomware admin has been refunding victims for their ransom payment. And finally how new Android malware has been discovered on numerous smartphones.
This past weekend, scheduled live programs on Australia’s Channel 9 TV network were disrupted following what is believed to have been a cyber attack.
As the channel’s “Weekend Today” was scheduled to go on air, the show’s presenters took to posting on Twitter to shed some light on the situation, citing “tech issues” had caused the disruptions to channel’s live program. While pre-recorded shows were played instead, the channel has since confirmed that the network had suffered a cyber attack, and that staff had been ordered to work from home indefinitely while attempts were made to restore systems back to normal operation.
Since the cyber attack, many have speculated that the incident had been state-sponsored, noting that the news presenters had been working on an investigation into ties between Russian President Valdimir Putin and poison-based assassinations, or due to the fact that newspapers under the Nine Entertainment’s umbrella had been critical of China.
Curious? You can read more on the situation here!
In a recent turn of events, it appears that a ransomware admin has had a change of heart and has begun refunding victims for their previous ransom payments.
After announcing the end of their operations, the administrator of Ziggy ransomware has stated that they plan to return the stolen money back to their victims. Ziggy ransomware was shut down back in February, with the administrator stating that they were “sad” about what they did and that they had “decided to publish all decryption keys.”
The following day, the group published an SQL file with 922 decryption keys that victims could use to unlock their files. The administrator had also made available a decryption tool to make the process easier, along with the source code for a decryptor that does not need an internet connection to work
On March 19, the Ziggy ransomware administrator had announced that they wanted to return the ransom funds back to its victims. Today, after a week of silence, the admin said that they were ready to revert payments. In this case, victims can contact admin using the given email address (email@example.com) with the proof of their payment in bitcoin, and the computer ID, and the money would be returned to the victim’s bitcoin wallet in about two weeks.
Need to brush up on your ransomware knowledge? Check out our article here on why you should never pay the ransom for your files.
You can read more about the situation here!
Researchers have recently discovered a new Android app called “System Update” that operates as a sophisticated Remote-Access Trojan (RAT) and is stealing data, messages, images and taking control of Android phones. Once the app has taken control, hackers can record audio and phone calls, take photos, review browser history, and access WhatsApp messages.
Fortunately, the app can only be installed via third-party Android app stores as it was never available on Google’s Play Store. Although this means the app is limited in how many devices it can infect, once a device is infected the app practically steals every bit of information it can get its hands on. It will also scan any external storage for stored or cached data, harvest it and deliver it to C2 servers when the user connects to a Wi-Fi network.
If you feel like you may be infected, you can check our guide here on protecting your smartphone from malware attacks!
You can also read more about the malware app here.
That’s all for this week’s roundup folks! We hope you’re staying safe with all that’s going on, especially when it comes to your cybersecurity!