A Ransomware Gang Bought Facebook Ads to Troll Its Victim

This week, president Donald Trump continued to contest the results of the United States presidential election, which he lost handily to Joe Biden. But along the way, the Trump campaign’s lawsuits and other offensives have inadvertently demonstrated just how free of fraud the election was.

We also took a deep dive into the world of Covid-19 apps, which represent a privacy minefield, especially when developers don’t use Apple and Google’s Bluetooth-based protocol. And a former Microsoft engineer was sentenced to nine years in prison for stealing $10 million in store credit from the company.

Elsewhere, we showed you how to stop WhatsApp from hogging so much of your phone’s storage, and how to set up parental controls on all of your accounts. And lastly, if you have some time to set aside this weekend, check out this feature from our December/January issue about the lengths that hackers went to to expose rampant corruption in Brazil.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

Ransomware continues to evolve in all sorts of unpleasant and unexpected ways. The latest spin: The notorious Ragnar Locker gang apparently hacked into a deejay’s Facebook page and took out ads through his account to pressure the Campari Group, a recent victim, to pay up. (Yes, that sentence was a journey!) The ad campaign hit nearly 8,000 Facebook users before it got shut down. The ad itself warned that the hackers would release Campari’s data online if they failed to capitulate. As ransomware groups become increasingly emboldened, expect them to continue showing up in unexpected places—and causing unfathomable damage.

Authorities have warned for months that public health organizations and vaccine developers would be high-value targets for state-sponsored hacking groups. And lo! Microsoft this week revealed that Russia and North Korea have both gone on the offensive, targeting seven researchers and pharmaceutical companies at work on a Covid-19 vaccine. In some cases, they’ve had success, though it’s unclear who the affected companies are to begin with. As infection and hospitalization rates continue to spike, expect more hacking shenanigans to follow, as countries without strong research pipelines seek ill-gained shortcuts.

For those who have not been closely following the social media accounts of the Defense Department’s cybersecurity boffins, know that they’ve taken on a delightful new tone over the last few months. More specifically, US Cyber Command has been calling out foreign hackers not only with details of their operations, but Photoshop projects that would make a grungy message board proud. The efficacy of shaming Russia and China with cartoon bears and headphone-wearing sloths, respectively, is uncertain at best. But it’s fun! And that’s worth a lot, especially in these times.

The bad news: Google patched two new Chrome zero-day bugs this week, which brings the tally to five dangerous flaws in under a month. The good news: Your browser has almost certainly auto-updated by now, meaning that you should be good to go. Still, it’s a reminder that even the most well-resourced software in the world can have issues. The important thing is how quickly they’re fixed.


More Great WIRED Stories

Source

Author: showrunner