{"id":26677,"date":"2019-01-25T08:18:52","date_gmt":"2019-01-25T15:18:52","guid":{"rendered":"https://www.webroot.com/blog/?p=26677"},"modified":"2019-03-20T17:16:31","modified_gmt":"2019-03-20T23:16:31","slug":"cyber-news-rundown-anatova-ransomware-infects-the-globe","status":"publish","type":"post","link":"https://www.webroot.com/blog/2019\/01\/25\/cyber-news-rundown-anatova-ransomware-infects-the-globe\/","title":{"rendered":"Cyber News Rundown: Anatova Ransomware Infects the Globe"},"content":{"rendered":"\n<h2>Anatova Ransomware Reaches Global Market<\/h2>\n\n\n\n<p>A new <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-anatova-ransomware-supports-modules-for-extra-functionality\/\">ransomware\nfamily<\/a>, dubbed Anatova by researchers, has been infecting machines across\nthe globe. During encryption, Anatova appears to focus on small files to speed\nup overall encryption times, but doesn\u2019t append the encrypted files with a new\nextension. Unexpectedly, this variant demands DASH crypto coins, rather than\nusing a currency with a less visible transaction ledger. It also uses several tactics\nto prevent analysis in both real-world and virtual environments. <\/p>\n\n\n\n<h2>Android Malware Remains Dormant until it Detects Motion<\/h2>\n\n\n\n<p>On the Google Play store, researchers have discovered several\n<a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/01\/google-play-malware-used-phones-motion-sensors-to-conceal-itself\/\">malicious\napps<\/a> that rely on an unusual trigger to install a banking Trojan: motion\nsensors. By monitoring the motion sensor in a specific mobile device, the\nmalware can determine if it is a real victim device or a research emulator (which\nwould likely remain stationary during analysis.) In particular, one of these\ninsidious apps was downloading the Anubis banking Trojan, which launched a fake\nAndroid update screen to start keylogging in hopes of capturing banking\ncredentials. <\/p>\n\n\n\n<h2>Google Faces First Major GDPR Fine<\/h2>\n\n\n\n<p>Regulators in France have issued a <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/googles-50m-gdpr-fine-heralds-a\/\">fine\nagainst Google<\/a> for two separate complaints, the first being the company\u2019s\nmisuse of their users\u2019 data, the second being the legal use of that data\nwithout providing the user enough details to give fully-informed consent. This\nfine is the first issued by the CNIL, the official regulator for France, and\ncould cost Google up to $57 million. <\/p>\n\n\n\n<h2>ElasticSearch Database Exposes Online Gambling Bets<\/h2>\n\n\n\n<p>In the last couple days, security researchers have\ndiscovered a database holding sensitive information on dozens of <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/online-casino-database-leaks-details-of-over-100-million-bets\/\">online\ncasino sites<\/a>\u2019 bettors. After contacting the hosting provider,\nresearchers verified that the database, which contained over 100 million bet\nentries, had finally been secured. However, it\u2019s still unclear whether the database\u2019s\nowner or the ISP was responsible.<\/p>\n\n\n\n<h2>Chinese Crypto Farms Get Unique Ransomware Strain<\/h2>\n\n\n\n<p>Since China houses most of the world\u2019s <a href=\"https:\/\/www.zdnet.com\/article\/new-ransomware-strain-is-locking-up-bitcoin-mining-rigs-in-china\/\">cryptocurrency\nmining farms<\/a>, it comes as little surprise that malware authors are beginning\nto focus on this lucrative market. By infecting Antminer devices, which mine\nLitecoin and Bitcoin, this variant can quickly shut down the device and prevent\nfurther mining operations. Victims must choose between paying an extremely high\nransom and allowing the infection to spread to thousands of other devices. For victims\nwho do not pay, this variant also threatens to shut down devices\u2019 fans, causing\nthem to overheat and eventually destroy themselves. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Anatova Ransomware Reaches Global Market A new ransomware family, dubbed Anatova by researchers, has been infecting machines across the globe. During encryption, Anatova appears to focus on small files to speed up overall encryption times, but doesn\u2019t append the encrypted files with a new extension. Unexpectedly, this variant demands DASH crypto coins, rather than using [&hellip;]<\/p>\n","protected":false},"author":47,"featured_media":27299,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[21935,21936,21940,21944],"yst_prominent_words":[23841,6423,6409,19393,4969,3615,3517,8787,3483,23845,20443,4837,4329,3477,5799,23843,16739,3937,7771,5439],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26677"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/47"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=26677"}],"version-history":[{"count":2,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26677\/revisions"}],"predecessor-version":[{"id":26717,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26677\/revisions\/26717"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/27299"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=26677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=26677"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=26677"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=26677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}