Graham Cluley

MARCH 7, 2024

If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it's time to wake up. Read more in my article on the Tripwire State of Security blog. The FBI's latest annual Internet Crime Complaint Center (IC3) report has just been published, and makes for some grim reading.

Cybercrime 110

Cybercrime Internet Internet Scams 110

Krebs on Security

MAY 11, 2020

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Suspecting a ransomware attack, Diebold said it immediately began disconnecting systems on that network to contain the spread of the malware.

Ransomware 346

Ransomware Retail Malware Data breaches 346

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER? account on Carder[.]su su from 2008.

Malware 248

Malware Cybercrime Software Antivirus 248

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. “Sorry, but this is f *d up.

Ransomware 274

Ransomware Healthcare Cybercrime Government 274

Graham Cluley

MAY 11, 2023

Akira is a new family of ransomware, first used in cybercrime attacks in March 2023. Read more about the threat in my article on the Tripwire State of Security blog.

Ransomware 109

Ransomware Cybercrime Data breaches Malware 109

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. Over the past 24 hours, the crooks responsible for spreading the ransom malware “REvil” (a.k.a. A partial screenshot from the REvil ransomware group’s Dark Web blog.

Ransomware 302

Ransomware Backups Encryption Internet 302

Heimadal Security

OCTOBER 21, 2022

It is not often that ransomware groups attack Russian corporate networks, however OldGremlin, also known as TinyScouts, is one of the few cybercrime gangs that primarily focuses on Russian companies. The post OldGremlin Attacks Russian Organizations via Linux Ransomware appeared first on Heimdal Security Blog.

Ransomware 95

Ransomware Cybercrime Encryption Malware 95

Security Affairs

JUNE 7, 2022

Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. ” reads the analysis published by Mandiant.

Ransomware 129

Ransomware Cybercrime Malware Hacking 129

Security Boulevard

JANUARY 7, 2024

Recent reports have highlighted the return of the Carbanak Malware. As per the reports, it’s a banking malware used in ransomware attacks that leverages updated tactics for increased effectiveness. In this blog, we’ll […] The post Alert: Carbanak Malware Strikes Again With Updated Tactics appeared first on TuxCare.

Malware 67

Malware Banking Ransomware Software 67

Heimadal Security

JULY 6, 2021

We recently witnessed the appearance of a new ransomware strain that was dubbed as Diavol ransomware by the security researchers from FortiGuard Lab. Diavol ransomware could be linked to the Wizard Spider threat actor as the researchers discovered a few similarities in the M.O. used by the malware.

Ransomware 92

Ransomware Cybercrime Malware Cybersecurity 92

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Malware 88

Malware Cybercrime Banking Software 88

Security Affairs

JUNE 6, 2022

LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. ransomware to evade sanctions. Pierluigi Paganini.

Hacking 130

Hacking Ransomware Cybersecurity Cybercrime 130

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. It continues: “Prior to deploying the ransomware, Snatch threat actors were observed spending up to three months on a victim’s system.

Ransomware 222

Ransomware Accountability Cybercrime Backups 222

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. Pierluigi Paganini.

Ransomware 133

Ransomware Encryption Malware Cybercrime 133

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware).

Ransomware 93

Ransomware Cybercrime Malware Hacking 93

Security Affairs

APRIL 24, 2023

It is interesting to note that the domain was also hosting malware a variant of the TrueBot malware. “While the ultimate goal of the current activity leveraging PaperCut’s software is unknown, these links (albeit somewhat circumstantial) to a known ransomware entity are concerning. .

Cybercrime 76

Cybercrime Software Education Ransomware 76

Security Affairs

APRIL 20, 2023

Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware. Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. “V3 should be updated to the latest version so that malware infection can be prevented.

Ransomware 84

Ransomware Malware Encryption Hacking 84

Heimadal Security

MARCH 8, 2021

There seem to be no boundaries for ransomware innovation as cybercrime gangs, such as REvil Ransomware (aka Sodinokibi), are always looking for new ways to make crypto-locking malware even more profitable.

DDOS 98

DDOS Ransomware Cybercrime Malware 98

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. Kloster’s blog enthused. “We A copy of the passport for Denis Emelyantsev, a.k.a.

Cybercrime 224

Cybercrime Advertising IoT Malware 224

Krebs on Security

DECEMBER 16, 2019

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. The message displayed at the top of the Maze Ransomware public shaming site. Follow the news!”

Ransomware 222

Ransomware Data breaches Healthcare Cybercrime 222

Security Affairs

APRIL 25, 2022

At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November.

Ransomware 104

Ransomware Antivirus Passwords Malware 104

Malwarebytes

MARCH 18, 2022

Among these interested parties TAG found the Conti and Diavol ransomware groups. Because Exotic Lily’s methods involved a lot of detail, they are believed to require a level of human interaction that is rather unusual for cybercrime groups focused on large scale operations. Initial access broker. Exotic Lily. Stay safe, everyone!

Ransomware 92

Ransomware Malware Social Engineering Media 92

Security Affairs

JUNE 7, 2022

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. SecurityAffairs – hacking, Black Basta ransomware).

Ransomware 141

Ransomware Backups Malware Firewall 141

Graham Cluley

MARCH 15, 2023

In its latest Patch Tuesday bundle of security fixes, Microsoft has patched a security flaw that was being used by the Magniber cybercrime gang to help them infect computers with ransomware. Read more in my article on the Hot for Security blog.

Ransomware 73

Ransomware Cybercrime Malware 73

CyberSecurity Insiders

JUNE 28, 2023

A new ransomware named ‘8Base’ is on the prowl and seems to be only targeting companies that do not show seriousness in protecting information of their customers and employees. The said ransomware gang that is into the tactic of double extortion appeared first in March 2022 and remained silent thereafter.

Ransomware 79

Ransomware Manufacturing Threat Detection Cybercrime 79

Security Affairs

MAY 17, 2022

Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling the Thanos ransomware. Thanos ransomware (a.k.a.

Ransomware 89

Ransomware Cybercrime VPN Malware 89

SecureList

DECEMBER 13, 2023

Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns.

Ransomware 103

Ransomware Passwords Malware Encryption 103

Security Affairs

JUNE 16, 2022

The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide.

Ransomware 101

Ransomware Cybercrime Malware Advertising 101

Security Affairs

MAY 15, 2022

Researchers at cybersecurity firm Cyble analyzed a Tor website named named ‘Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. The channel was used to share information about malware listings and updates. SecurityAffairs – hacking, malware).

Ransomware 78

Ransomware DDOS Cybercrime Malware 78

Security Affairs

JUNE 16, 2022

ALPHV/BlackCat ransomware group began publishing victims’ data on the clear web to increase the pressure on them and force them to pay the ransom. ALPHV/BlackCat ransomware group has adopted a new strategy to force victims into paying the ransom, the gang began publishing victims’ data on the clear web to increase the pressure.

Ransomware 84

Ransomware Cybercrime Malware Advertising 84

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The malware environment checking and Anti-VM functions. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.”

Cybercrime 89

Cybercrime Malware Education Phishing 89

Security Affairs

MAY 28, 2022

The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. SecurityAffairs – hacking, ransomware).

Ransomware 125

Ransomware Malware Hacking Accountability 125

Security Affairs

MAY 31, 2022

Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. The experts warn of ransomware attacks against government organizations. They observed a total of 48 government organizations from 21 countries that were hit by 13 ransomware attacks in 2022.

Government 139

Government Ransomware Cybercrime Banking 139

Thales Cloud Protection & Licensing

DECEMBER 13, 2023

Ransomware Sanctions: Do They Have Any Impact? madhav Thu, 12/14/2023 - 05:37 Ransomware is one of the most high-profile and high-value cybercrimes that organizations need to watch out for. What Can Organizations Do?

Ransomware 77

Ransomware Encryption Backups Accountability 77

Security Affairs

JULY 20, 2022

Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. A notable example includes BlackCat and Hive.

Ransomware 130

Ransomware Encryption Malware Advertising 130

Security Affairs

NOVEMBER 1, 2022

Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. KELA identified around 600 victims by analyzing ransomware actors’ blogs and negotiation portals, data leak sites and public reports. SecurityAffairs – hacking, cybercrime).

Ransomware 94

Ransomware Cybercrime Hacking Information Security 94

Security Affairs

JUNE 4, 2024

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications.

Telecommunications 107

Telecommunications Hacking Data breaches Cybercrime 107