Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware 99

Ransomware Encryption Antivirus VPN 99

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

FEBRUARY 19, 2024

The gang also published several pictures of passports and company documents as proof of the hack. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. Cactus Ransomware has just posted Schneider Electric.

Ransomware 97

Ransomware Digital transformation Retail Antivirus 97

Security Affairs

MAY 22, 2024

“On September 30, 2023, OVT became aware of a security incident that resulted in the encryption of certain OVT systems by an unauthorized third party. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Data breaches 98

Data breaches Ransomware Manufacturing Encryption 98

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. After that, the following files are extracted, namely: Avira.exe : Legitimate injector from Avira Antivirus. In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication.

Antivirus 113

Antivirus Malware Banking Internet 113

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. SecurityAffairs – Ragnar Locker ransomware, hacking).

Encryption 93

Encryption Ransomware Energy and Utilities Advertising 93

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. SecurityAffairs – hacking, ransomware).

Ransomware 92

Ransomware Antivirus Encryption Backups 92

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware 87

Ransomware Malware Antivirus Encryption 87

Security Affairs

MARCH 3, 2023

“FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. ” reads the alert. ” continues the alert.

Ransomware 85

Ransomware Healthcare Antivirus Encryption 85

Security Affairs

DECEMBER 19, 2022

. “The actors customized previous ransomware binaries for the intended victim through the use of confidential information such as leaked accounts and unique company IDs as the appended file extension. Upon further analysis, we have learned that these flags are used for intermittent encryption.” Pierluigi Paganini.

Ransomware 118

Ransomware Encryption Healthcare Education 118

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Some info stealers may use encryption techniques to hide their communication with command-and-control servers, making it more challenging for security systems to detect malicious activities.

Banking 108

Banking Cybercrime Malware Accountability 108

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware 85

Ransomware Antivirus Backups Malware 85

Security Affairs

MAY 9, 2023

The new ransomware strain outstands for the use of encryption to protect the ransomware binary. CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer.

Ransomware 71

Ransomware VPN Antivirus Encryption 71

Security Affairs

MAY 4, 2022

The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption. SecurityAffairs – hacking, DLL hijacking). To nominate, please visit:?

Ransomware 97

Ransomware Antivirus Malware Encryption 97

Security Affairs

MARCH 9, 2023

“This payload extracts ScrubCrypt, which obfuscates and encrypts applications and makes them able to dodge security programs. The PowerShell script is encoded to avoid detection by AntiVirus solutions. The experts noticed that encrypted data at the top can be split into four parts using backslash “”.

Antivirus 84

Antivirus Encryption Hacking Cybercrime 84

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware 117

Ransomware Encryption Malware Accountability 117

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking 87

Hacking VPN Internet Internet 87

Security Affairs

OCTOBER 13, 2023

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing support for encrypting Linux systems, specifically VMware ESXi servers. bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software.

Ransomware 111

Ransomware System Administration Antivirus Malware 111

eSecurity Planet

JUNE 7, 2022

Protect your company computers, laptops and mobile devices with security products all managed via a cloud-based management console. The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. Heimdal Security. Improved Data Security.

Cybersecurity 124

Cybersecurity Identity Theft Encryption Antivirus 124

Security Affairs

MAY 11, 2021

The ACSC also provided the following recommendations: Patch operating systems and applications, and keep antivirus signatures up to date. Maintain offline, encrypted backups of data and regularly test your backups. SecurityAffairs – hacking, Avaddon). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 124

Ransomware Backups Antivirus DDOS 124

Security Affairs

AUGUST 27, 2022

Our investigation showed that the samples had leaked accounts, customer passwords, and unique company IDs used as extensions of encrypted files.” This ransomware has techniques for evading detection by taking advantage of the “safe mode” feature of a device to proceed with its encryption routine unnoticed. Trend Micro concludes.

Ransomware 95

Ransomware Encryption Accountability Antivirus 95

Security Affairs

AUGUST 6, 2022

This hashed password was not visible to any Slack clients; discovering it required actively monitoring encrypted network traffic coming from Slack’s servers.” Upon receiving the report from the security researcher, the company immediately addressed the flaw and investigated its potential impact on users. Pierluigi Paganini.

Passwords 88

Passwords Password Management Antivirus Encryption 88

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Install and regularly update antivirus software on all hosts, and enable real time detection.

Ransomware 92

Ransomware DDOS Passwords Backups 92

CyberSecurity Insiders

JANUARY 6, 2023

Test security of systems and networks regularly. Support information security within organizational policies and programs. Requirement 2: Broader scope defining the need for security configuration management (SCM) on more types of assets. Requirement 5: It is no longer sufficient to just have standard antivirus software.

Antivirus 138

Antivirus Retail Software Accountability 138

Security Affairs

JANUARY 6, 2023

. “The hackers entered the system and encrypted the December database. ” According to the media outlet, the attack was sophisticated, and both the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) and the Romanian antivirus firm BitDefender were not able to decrypt the files. Pierluigi Paganini.

Ransomware 77

Ransomware Antivirus Media Encryption 77

Security Affairs

SEPTEMBER 20, 2020

Once gained the foothold in the target network, the attackers will attempt lateral movements to elevate the privileges and search for high-value machines to encrypt (i.e. SecurityAffairs – hacking, education institutions). backup servers, network shares, servers, auditing devices). PowerShell) to easily deploy tooling or ransomware.

Education 144

Education Ransomware Antivirus Backups 144

SecureList

MAY 28, 2024

But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. in their infrastructure, while the rest discovered they had been infiltrated via a third party only after data leakage or encryption.

VPN 75

VPN Accountability Passwords Antivirus 75

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. SecurityAffairs – hacking, Wannacry).

Malware 92

Malware Computers and Electronics Encryption Ransomware 92

Security Affairs

MARCH 17, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. The attackers implement a double extortion model using the PYSA ransomware to exfiltrate data from victims prior to encrypting their files.

Education 87

Education Ransomware Encryption Antivirus 87

Security Affairs

JULY 28, 2021

PKPLUG used a technique known as “ living off the land ” to bypass antivirus detection and target Microsoft Exchange servers. The analysis of the file revealed that it includes the encrypted and compressed PlugX payload. Aro.dat is, in fact, an encrypted and compressed PlugX payload.” SecurityAffairs – hacking,Thor RAT).

Encryption 109

Encryption Antivirus Malware Hacking 109

Security Affairs

APRIL 7, 2021

This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. At least in one case, an attack of the ransomware resulted in a temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted.” Pierluigi Paganini.

VPN 90

VPN Ransomware Antivirus Firmware 90

Security Affairs

AUGUST 9, 2022

The information gathered by the experts led them into believing that the goal of the attacks was cyberespionage, the researchers linked the campaigns with a Chinese APT group tracked as TA428 (aka Colourful Panda, BRONZE DUDLEY). . SecurityAffairs – hacking, industrial enterprises). com specified in the administrator’s contact data.

Encryption 91

Encryption Antivirus Malware Hacking 91

Security Affairs

AUGUST 26, 2019

The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes their shadow copies to make in impossible any recovery procedure. Below the ransom note dropped by the Nemty ransomware after the encryption process is completed. SecurityAffairs – Nemty ransomware, hacking).

Ransomware 88

Ransomware Malware Antivirus Encryption 88

Security Affairs

JULY 1, 2019

Even if the activity of Dridex decreased in the last couple of years, crooks continued to updates it adding new features such the support of XML scripts, hashing algorithms, peer-to-peer encryption, and peer-to-command-and-control encryption. SecurityAffairs – Dridex, hacking). ” reads the analysis published by eSentire.

Banking 72

Banking Antivirus Advertising Encryption 72

Security Affairs

NOVEMBER 19, 2022

. “When launched, BATLOADER uses MSI Custom Actions to launch malicious PowerShell activity or run batch scripts to aid in disabling security solutions and lead to the delivery of various encrypted malware payloads that is decrypted and launched with PowerShell commands.” SecurityAffairs – hacking, DEV-0569).

Ransomware 124

Ransomware Malware Antivirus Phishing 124

Security Affairs

MAY 4, 2023

FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.”

Ransomware 89

Ransomware Healthcare Education Encryption 89

Security Affairs

APRIL 30, 2021

.” The Portdoor backdoor implements multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration. ” continues the report.

Phishing 125

Phishing Malware Antivirus Encryption 125