Jet CSIRT specialists have prepared for you another Friday collection of key information security news. Today in the TOP-3 - the removal of the Emotet trojan from all hosts, the recall of threats by the REvil group and a cyber attack on the Washington police. This week news was chosen by Alexander Akhremchik, a leading analyst of the Center for Monitoring and Response to Information Security Incidents Jet CSIRT, Jet Infosystems.
Read more under the cut.
Law enforcers removed Emotet Trojan from all infected hosts
Information security specialists of law enforcement agencies, who had previously gained access to the Emotet infrastructure, launched a procedure to remove it from all attacked hosts. A special file EmotetLoader.dll was sent through the load distribution channel, which deleted all entities created for fixing Emotet. According to Malwarebytes, all previously active Emotet servers are currently offline.
Threats to publish data stolen from Apple disappeared from REvil website
Last week, REvil operators said they had stolen data from Apple's supplier, Quanta Computer, and threatened to release the data. Now the scammers have removed all links related to this case from their blog on the darknet. At the same time, criminals continue to actively threaten other affected organizations. The reason for the removal of the Quanta Computer jailbreak remains unknown.
Babuk Locker attacked Washington police systems
Police officials confirmed to the BleepingComputer news portal that their systems were attacked by the Babuk Locker ransomware. Babuk Locker operators said they were able to steal more than 250 GB of unencrypted data as a result of the attack. The attackers now threaten to publish the stolen information within three days if the police do not pay the ransom.