200,000 Comcast Login Credentials Available on the Dark Web

This week, we hear the latest on the Comcast security breach where credentials were leaked on the Dark Web and why victims of the Power Worm ransomware virus will be unable to recover files.


200,000 Comcast login credentials leaked on the Dark Web 

Over the weekend, nearly 590,000 Comcast email addresses and passwords were posted for sale on the Dark Web. According to a Security Affairs article, “As proof of the authenticity of the Comcast data, the seller published a list of 112 accounts requesting $300 USD for 100,000 accounts. The entire list of 590,000 accounts goes for $1,000 USD.”

According to the Comcast security team, the systems of the company have not been compromised. Comcast checked the leaked data and “it seems that of the 590,000 records offered for sale on the black marketplace, about 200,000 of them [are] still active.”

It is likely that the active and valid data is recycled, stemming from a collection of data resulting from other data breaches.

References: 200,000 Comcast login credentials available on the Dark Web | Comcast Resets Passwords After Login Details Posted on Dark Web


Mitigation Strategies:


Power Worm Ransomware Victims Unable to Recover Files 

As a result of coding mistakes in a malicious data encryption program, anyone hit by the Power Worm virus will be unable to recover files.

Usually, viruses known as ransomware decrypt files when victims have paid a substantial fee; however, one variant of Power Worm destroys keys that could help recover any data that was scrambled.

The news comes as hackers produce ransomware that is aimed at websites and encrypts data sitting on servers. The Power Worm ransomware infects Microsoft Word and Excel files but the latest poorly written update goes after additional types of data files it finds on a victim's machine.

It is believed the errors arose when the creator tried to simplify the decryption process. As a result, there is no key created for the files it encrypts when it compromises a computer.

"There is, unfortunately, nothing that can be done for victims of this infection," wrote malware researcher Lawrence Abrams on the Bleeping Computer tech news website. "If you have been affected by this ransomware, your only option is to restore from a back-up."  

References:  Badly coded ransomware locks away data forever | Poorly coded ransomware forgets your decryption key, locking up your data forever

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures to detect the malware attempting specifically observed callback information
  • Netflow traffic may also reveal large data transfers and data leakage
  • Log management could detect external IP information from the attacker if logs are configured