The French company CMA CGM is the latest notable victim of the ransomware. For days now, its computer systems have been at the mercy of hackers, especially the virus Ragnar Locker, which affected not only its website, but also eCommerce operating systems and other peripheral features.
It is a file encoding virus well known to experts due to its destructive results. It has in fact been specially designed by a team of hackers with the specific intent of blocking users' essential files. In order to extort the ransom money from them by threatening the destruction of the attacked system.
CMA CGM joins an already large list
The transalpine company represents only the last link in a chain that continues to lengthen. Before her, in fact, other companies had been hit, among which a prominent place belongs to Energias de Portugal (EDP). The Lisbon-based company is Portugal's leading electricity company and was forced to pay out 1580 to the attackers Bitcoin, or nearly 10 million dollars.
However, over double the amount paid by CWT, an American travel management company. Although this is probably not a consolation reason for the US company.
Garmin is also in check
According to the news leaked by Sky News, Garmin she would be forced to pay a hefty ransom after an attack took many of its products and services offline last month. To regain possession of his data, the company would have paid several million dollars and the payment would have been made through a company specializing in trading ransomware. Arete IR.
It was then to reveal the precise amount of the ransom paid BleepingComputer, who reported that Garmin had received a decryption key in order to access the data encrypted by the virus and that the initial ransom note was in the order of 10 million dollars.
OldGremilin prefers Russia
Also the Russia he finds himself having to deal, salty, with ransomware. Specifically with a hacker group called OldGremlin, which has mainly targeted banks and companies operating in the medical sector.
The team relies on a number of tools, including custom backdoor calls TinyPosh e TinyNode, which is entrusted with the task of downloading additional payloads. The ultimate goal is to encrypt the files in the infected system using TinyCryptor ransomware (also known as decr1pt). It also operates by means of spear-phishing emails within which false recommendations on the pandemic of coronavirus or requests for media interviews. In this way the defenses of the victims are broken down, prompting them to click on the malicious attachment that will bring the attack.
In Italy a real boom in ransomware
Our country also finds itself having to fight with hackers. The inexhaustible imagination of the attackers identified in the Enel invoices the ultimate tool to rely on to infect attacked systems.
Among the many illustrious victims along the beautiful country stand out Luxottica and Carraro group, operating in the agricultural machinery sector. In the latter case, the consequences also affected the employees, as seven hundred of them were forced into layoffs due to the production block. As proof of the danger of the malware used.