Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Russian Hackers Amass Over a Billion Internet Passwords (The New York Times)
A Russian crime ring has collected more than 1.2 billion username/password combinations and 500 million e-mail addresses, according to researchers with Hold Security. The criminals appear to be using the stolen information to send spam on social networks at the behest of other groups, earning a fee in return. Victimized companies have not been named, due to nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable.
- New Site Recovers Files Locked by Cryptolocker Ransomware (KrebsOnSecurity)
Researchers with FireEye and Fox-IT have launched a free online service to help victims unlock and recover files scrambled by the malware CryptoLocker. Cybercriminals used the malware to hold users’ personal files for a ransom, costing a few hundred to several thousand dollars for access. According to Fox-It, 1.3 percent of victims paid a CryptoLocker ransom.
The U.S. Computer Emergency Response Team, in cooperation with the U.S. Secret Service and Trustwave’s Spiderlabs, have issued an alert regarding a newly identified variant of malware installed on point-of-sale systems. The malware, called “Backoff,” scrapes credit card data from an infected computer’s memory. Currently, commercial antivirus products are unable to identify this malware.
Olanrewaju Abiola, of Baltimore, Maryland, pleaded guilty to conspiracy to commit access device fraud for his role in an identity theft and credit card fraud ring. The scheme resulted in at least $200,000 in losses and involved more than 250 victims. Abiola faces a maximum of five years in prison.