AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/27/2019

1 – Louisiana Motor Vehicles Offices Reopening After Cyberattack

Eight regional locations for Louisiana’s Office of Motor Vehicles have reopened after a cyberattack crippled agency operations last week. Other branch locations will resume operations after technical staff ensures the computer systems are functioning properly. The regional offices that opened Monday are in Baton Rouge, New Orleans, Shreveport, Lake Charles, Alexandria, Monroe, Lafayette and Thibodaux. State officials asked people to delay their visits unless they have time-sensitive business. Long lines were expected, since motor vehicles offices have been shuttered for a week.


2 – New DeathRansom Ransomware Begins to Make a Name for Itself

A new ransomware called DeathRansom began with a rocky start, but has now resolved it’s issues and has begun to infect victims and encrypt their data. When DeathRansom was first being distributed, it pretended to encrypt files, but researchers and users found that they could just remove the appended .wctc extension and the files would become usable again. Starting around November 20th, though, something changed. Not only were victim’s files actually becoming encrypted, but there was a surge of submissions related to DeathRansom on the ransomware identification site, ID Ransomware.


3 – OneCoin crypto-scam lawyer found guilty of worldwide $400m fraud

A Florida lawyer who boasted of making “50 by 50” – as in, $50m by the age of 50 – is now facing a potential 50+ years behind bars for money laundering and lying to banks about funds flowing from OneCoin, a cryptocoin Ponzi scheme that started in Bulgaria but spread like a money-sucking fungus around the world. Mark Scott, 51, a former equity partner at the law firm Locke Lord LLP, was convicted in Manhattan Federal Court on Thursday for laundering about $400 million from the massive international OneCoin fraud. It’s not just an alleged mega-fraud; it’s also led to mega-busts, and its founder – The Missing Cryptoqueen, who talked millions of people into her scheme – has blinked out of sight.


4 – ID Thieves Turn to Snail Mail as Juicy Target for Financial Crimes

As it gets harder for cybercriminals to bypass business email compromise (BEC) defenses, some hackers are switching from email scams to real-mail cons. Researchers at Flashpoint said they are monitoring hacker forums where criminals are swapping tips on a growing ID theft and financial crime area, which entails abusing the United States Postal Service. The scam involves making bogus change-of-address or mail-forwarding requests on the behalf of unsuspecting victims. The abuse of USPS mail forwarding can facilitate credit-card fraud and numerous forms of identity theft, wrote Abigail Showman, a researcher with Flashpoint, in a recent post.


5 – IT services company hit with ransomware, cutting off nursing homes’ access to patient medical records

A technology company that provides services to more than 100 nursing home companies and long-term post-acute care facilities was hit with a ransomware attack that crippled its servers and cut off access to patient medical records. Hackers demanded a ransom of roughly $14 million in bitcoin. The hack against Virtual Care Provider Inc. (VCPI) means some locations cannot access patient records, use the internet, pay employees or order medications. The Milwaukee-based company provides internet access, cloud hosting and security services to primarily senior living and long-term care facilities, including 110 nursing home organizations with some 80,000 computers across 45 states.


6 – Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States. Two financial industry sources who track payment card fraud and asked to remain anonymous for this story said the four million cards were taken in breaches recently disclosed by restaurant chains Krystal, Moe’s, McAlister’s Deli and Schlotzsky’s. Krystal announced a card breach last month. The other three restaurants are all part of the same parent company and disclosed breaches in August 2019.


7 – US senator to investigate if foreign spyware used to target Americans

An influential US senator has told the Guardian he is examining the possible hacking of US citizens with technology sold by the NSO Group and other foreign surveillance companies, an issue he said raised “serious national security issues”. Ron Wyden’s remarks come just weeks after a lawsuit was filed by WhatsApp against NSO, alleging that the Israeli company’s malware was used against 1,400 WhatsApp users in 20 countries over a 14-day period this year. The lawsuit says that more than 100 human rights activists, journalists, lawyers and academics were among those targeted, and that at least one US phone number with a Washington DC area code was among those potentially compromised.


8 – It’s Way Too Easy to Get a .gov Domain Name

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain. Earlier this month, KrebsOnSecurity received an email from a researcher who said he got a .gov domain simply by filling out and emailing an online form, grabbing some letterhead off the homepage of a small U.S. town that only has a “.us” domain name, and impersonating the town’s mayor in the application.



On 21-22 November 2019, Europol’s European Union Internet Referral Unit (EU IRU) organised at its headquarters in The Hague the 16th joint Referral Action Days.  This coordinated action focused on the dissemination of online terrorist content. Among the items referred were propaganda videos and social media accounts glorifying or supporting terrorism and violent extremism.

Since July 2015, the EU IRU of Europol has been working with law enforcement authorities and online service providers to address the terrorist abuse of the internet in the framework of the EU Internet Forum.


10 – Holiday Scam Season Is Here for All Shoppers 

The holiday shopping season is in full swing, with Black Friday and Cyber Monday just around the corner, and scammers have been getting ready to cash in from their fraud campaigns. While some fraudsters target the online landscape fooling shoppers with lookalike domains, others focus on customers of brick and mortar retail stores. The latter take advantage of the flood of legitimate discounts to trick potential victims into giving information that could be used for attacks all year round.

Related Posts