Ryuk Ransomware Attack Sprung by Frugal Student

A student who purchased a cracked copy of a visualisation software unwittingly became the gateway for malicious actors under the name ‘Totoro’ to spring Ryuk ransomware on a biomolecular institute.

The unlicensed software downloaded by the student was filled with malware and equipped with keyloggers that stole the credentials and subsequently allowed threat actors to gain access to the European biomolecular research institution, which is involved in Covid-19 research. A week’s worth of research data was lost as a result of the attack.

US fuel pipeline hackers 'didn't mean to create problems'

Colonial Pipeline was hit with a ransomware attack that took them offline over the weekend. The FBI later confirmed the attack was orchestrated by the criminal group DarkSide.

Colonial Pipeline is a major US pipeline that carries 2.5 billion barrels per day - amounting to around 45% of the East Coasts supply of petrol, jet fuel and diesel.
The NCSC's Early Warning service

The NCSC has released a free service that is designed to detect and inform organisations of potential cyber attacks on their network. The Early Warning service works by filtering millions of events received by the NCSC every day and, using the IP and domain names businesses provide, it correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal.

All UK organisations with a static IP address or domain name are eligible for Early Warning.

Cloud Security

Cloud services are becoming an integral part of businesses and with 55% of organisations in the UK planning to invest in cloud technology within the next 12 months; the rise in popularity of cloud services is set to continue. Cloud services provide organisations system resources, such as data storage and computing power, without the need for hardware, direct user management or internal infrastructure.

Unfortunately, the presence of a business outside of an isolated company network poses new and potentially dangerous security risks.
NCSC’s 14 Principles of Cyber Security
  1. Data in transit protection
It is best practice for user data being transported between networks to be adequately protected against tampering and malicious eavesdropping.
  1. Asset protection and resilience
User data and asset processing/storing it should be protected against physical tampering, damage, loss or seizure.
  1. Separation between users
The compromised or malicious data of one service user should not be able to effect another.
  1. Governance framework
The cloud service provider should have a security governance framework that manages and directs its management of information and services within it.
  1. Operational security
The cloud service needs to be operated and managed securely in order to intercept, detect or prevent attacks.
  1. Personnel security
Where service provider personnel have access to your data and systems, you should have confidence in their integrity.
  1.  Secure development
Services should be designed to identify and mitigate threats to their security. Services that aren’t may be vulnerable to security issues which could compromise, cause loss to your data or allow malicious activity.
  1. Supply chain security
The cloud service provider should ensure that its supply chain adequately supports all of the security principles which the service claims to implement.
  1. Secure user management
Your service provider should make the tools available for you to securely manage your use of their service. Management interfaces and procedures are a vital part of the security barrier, preventing unauthorised access and alteration of your resources, applications and data.
  1. Identity and authentication
All access to service interfaces should be limited to authenticated and authorised individuals.
  1. External interface protection
All external or less trusted interfaces of the service should be identified and appropriately dealt with.
  1. Secure service administration
Systems used for administration of a cloud service will have privileged access to that service; therefore, their compromise would have significant impact. A compromise could allow malicious actors to bypass security controls and steal or manipulate large volumes of data.
  1. Audit information for users
You should be provided with the audit records needed to monitor access to your service and the data held within it. The type of audit information available to you will have a direct impact on your ability to detect and respond to inappropriate or malicious activity within reasonable timescales.
  1. Secure use of the service
The security of cloud services and the data held within them can be undermined if you use the service poorly. Consequently, you will have certain responsibilities when using the service in order for your data to be adequately protected.

TeaBot Trojan Targets Banks via Hijacked Android Handsets

Researchers have uncovered a malicious Trojan that has the ability to steal the SMS messages and credentials of victims as well as take over their device altogether. The Trojan, first spotted in Italy, has been dubbed TeaBot and is thought to have targeted at least 60 European banks.
Trust Wallet, MetaMask crypto wallets targeted by new support scam

Mobile app cryptocurrency wallets, Trust Wallet and MetaMask, have become the targets in an ongoing and severe Twitter phishing campaign intended to swipe funds. The scammers behind the phish are posing as the apps support team (or fake users vouching for the support team) and are prompting Twitter users with genuine complaints to visit a site and fill out a support form. The fraudulent form will ask users for their name, email address and the 12 recovery phrases for the wallet - with this information the scammer has full access to the victim’s wallet.
Microsoft: Threat actors target aviation orgs with new malware

Microsoft has issued a warning regarding an ongoing spear-phishing campaign that has been targeting travel and aerospace organisations. The campaigns targeting these organisations utilise a malware loader in order to deploy multiple RAT’s (remote access trojans).
Joint advisory: Further TTPs associated with SVR cyber actors

The NCSC in conjunction with the US Department for Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA), the National Security Agency and the FBI, have recently published an advisory report regarding detection and mitigation of SVR activity following the SolarWinds compromise as well as further details of tactics, techniques and procedures associated with SVT threat actors.

What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

SME Inputs 

Join our monthly online webinars aimed specifically at Small and Medium-sized Enterprises to discover what cyber threats could potentially impact your business and get the latest advice and cyber awareness training for all staff. To register visit:

Cyber Security Awareness Webinars: Schools and Education

Join our online webinar aimed at schools and educational organisations and discover how cyber attacks and ransomware are being used to target them. Get the latest advice and cyber awareness training for all staff.

Please note: All participants are screened before being invited to the event. Please use your corporate email address when registering.

Cyber Choices: Virtual School and Education Events

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Get in touch with us if your school or organisation would like support with staff training. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.

Our colleagues in the West Midlands Police Economic Crime Unit also produce cyber and fraud focused business newsletters. If you wish to subscribe to their newsletter, please e-mail  - 


The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp