In this week’s edition of Security News in Review, we have stories about the U.S. Department of Homeland Security calling for mandatory disclosure of ransom payments, reports about the Babuk ransomware shutting down, and the revelation that a German police operation uninstalled Emotet.
Emotet malware nukes itself today from all infected computers worldwide -- This past Sunday, April 25, the Emotet malware was forcibly removed from one million computers worldwide in an operation driven by the German police. Law enforcement had delivered a module to the Emotet botnet in January that allowed them to eliminate the malware from all infected machines. They waited until April 25 to clean the machines so there was more time to gather evidence.
Report Calls for Mandatory Disclosure of Ransomware Payments -- DHS Secretary Alejandro Mayorkas said recently that the U.S. Department of Homeland Security would work with a private-sector think tank on ways to curb the rise of ransomware attacks. One part of the strategy could include mandatory disclosure of when victims give in and pay the ransom, which is one of 48 recommendations included in a recent report focused around reducing the incidence of ransomware attacks.
Ransomware gang Babuk claims DC’s Metropolitan Police was last caper – then goes dark -- The Russian-speaking ransomware gang behind Babuk posted a message that the DC Metropolitan Police hack was their last before they quickly retracted it and went dark. Some infosec professionals who track cybercriminals said the post may have been to dissuade law enforcement attention, which other financially motivated gangs have done recently. Most notably, the Ziggy ransomware gang shut down a few months ago in a preemptive bid to avoid law enforcement attention. That said, experts don’t expect Babuk’s operators to really go dark; it’s not uncommon for adversaries to say one thing and then do another.
A civilian cybersecurity reserve corps is needed for the Pentagon and DHS, lawmakers from both parties say -- Members of the U.S. Congress from both the Democrat and Republican parties have said they need a civilian reserve corps of cybersecurity experts to defend the nation’s digital infrastructure against attack. The requests in separate House and Senate bills appear to have come about in response to December’s SolarWinds incident, where more than 100 companies and a dozen federal agencies were caught up in the supply chain attack.
A crafty Linux malware has evaded detection for years and experts still don't know what it does -- Dating back at least to 2018, the RotaJakiro malware targeting Linux has evaded detection until recently. RotaJakiro employs a combination of ZLIB compression and several different encryption algorithms, which is what has allowed it to evade detection for so long. As a result, it was only recently named by security researchers.
Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks -- SharePoint servers are being targeted with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang putting an old bug into use, according to Threatpost. The initial attack vector comes in the form of a SharePoint document that looks legitimate and pushes urgency on the recipient. IBM’s threat research team has marked this phish as a high-risk threat and provided several recommendations to ThreatPost for how to resolve it.