Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The experts pointed out that the Rorschach ransomware appears to be unique. The experts pointed out that the Rorschach ransomware appears to be unique. ” continues the analysis.

Encryption 85

Encryption Ransomware Malware Backups 85

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. ” states the report published by the NJCCIC. 177 and 185[.]215[.]113[.]66.

Phishing 104

Phishing Ransomware Security Awareness Authentication 104

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 118

Ransomware Encryption Backups Manufacturing 118

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server.

Ransomware 128

Ransomware Encryption Malware Accountability 128

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption 83

Encryption Ransomware VPN Malware 83

Security Affairs

MAY 5, 2024

FuckRansomware pic.twitter.com/uD09m7AukH — Jon DiMaggio (@Jon__DiMaggio) May 5, 2024 However, researchers at VX-underground have spoken with Lockbit ransomware group administrative staff regarding the return of the old domain and the gang claims law enforcement is lying. Lockbit ransomware group states law enforcement is lying.

Ransomware 121

Ransomware Cybercrime Cyber Attacks Encryption 121

Security Affairs

SEPTEMBER 13, 2023

3AM is a new strain of ransomware that was spotted in a single incident in which the threat actors failed to deploy the LockBit ransomware in the target infrastructure. The threat actors managed to deploy the ransomware to three computers on the target organization’s network, but it was blocked on two of those three machines.

Ransomware 109

Ransomware Encryption Cybercrime Backups 109

Security Affairs

FEBRUARY 12, 2024

Researchers discovered a vulnerability in the code of the Rhysida ransomware that allowed them to develop a decryption tool. Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware.

Ransomware 110

Ransomware Encryption VPN Manufacturing 110

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware 99

Ransomware Encryption Antivirus VPN 99

Security Affairs

JANUARY 5, 2024

A threat actor announced the sale of the source code and a cracked version of the Zeppelin ransomware builder for $500. Researchers from cybersecurity firm KELA reported that a threat actor announced on a cybercrime forum the sale of the source code and a cracked version of the Zeppelin ransomware builder for $500.

Ransomware 98

Ransomware Hacking Encryption Malware 98

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware 120

Ransomware Hacking Data breaches Digital transformation 120

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. It’s just some kind of sabotage.”

Ransomware 276

Ransomware Healthcare Cybercrime Government 276

Security Affairs

SEPTEMBER 17, 2022

Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. Pierluigi Paganini.

Ransomware 121

Ransomware Encryption Backups Cybercrime 121

Security Affairs

SEPTEMBER 1, 2023

Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption tool for the Key Group ransomware (aka keygroup777) that allows victims to recover their data without paying a ransom.

Ransomware 107

Ransomware Encryption Backups Malware 107

Security Affairs

SEPTEMBER 2, 2022

Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path. Figure 1: DarkAngels ransomware README.

Ransomware 141

Ransomware Encryption Malware Hacking 141

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware 120

Ransomware Encryption Malware Education 120

Security Affairs

JUNE 6, 2023

Researchers from security firm Uptycs reported that threat actors linked to the Cyclops ransomware are offering a Go-based information stealer. The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. ” reads the report. ” reads the report.

Ransomware 67

Ransomware Encryption Cybercrime Malware 67

Security Affairs

FEBRUARY 13, 2024

Authorities in Romania reported that at least 100 hospitals went offline after a ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed that a ransomware attack that targeted the Hipocrate Information System (HIS) has disrupted operations for at least 100 hospitals. BTC (about 157,000 EURO).

Ransomware 105

Ransomware Backups Encryption Healthcare 105

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. macaw extension to the file name of the encrypted files.

Ransomware 109

Ransomware Cybercrime Banking Encryption 109

Security Affairs

JANUARY 10, 2024

Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator. Cisco Talos researchers obtained a decryptor for the Babuk Tortilla ransomware variant. The experts were able to extract and share the private decryption key used by the ransomware operators.

Ransomware 106

Ransomware Encryption Engineering Malware 106

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. Pierluigi Paganini.

Ransomware 131

Ransomware Encryption Malware Cybercrime 131

Security Affairs

JUNE 3, 2023

Experts noticed that the new Linux ransomware BlackSuit has significant similarities with the Royal ransomware family. Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in Dallas, Texas. Extension: blacksuit.

Ransomware 90

Ransomware Healthcare Encryption Manufacturing 90

Security Affairs

AUGUST 5, 2021

The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform. This is the last ransomware in order of time that is able to target VM platforms, some of the other ransomware operations that do the same are REvil , RansomExx/Defray , Mespinoza , HelloKitty , and Babuk.

Ransomware 136

Ransomware Encryption Healthcare Cybercrime 136

Security Affairs

JULY 2, 2021

Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. The Trickbot botnet was used by threat actors to spread the Ryuk and Conti ransomware families, experts noticed similarities between Diavol and Conti threats.

Ransomware 129

Ransomware Cybercrime Encryption Malware 129

Security Affairs

MAY 15, 2023

A previously unknown ransomware group known as RA Group is targeting companies in U.S. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. The researchers assess with high confidence that the group is using the leaked Babuk ransomware source code.

Ransomware 79

Ransomware Encryption Cybercrime Insurance 79

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress. inch diskettes. inch diskettes.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

DECEMBER 6, 2022

Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption window, turning it as a wiper.

Ransomware 118

Ransomware Encryption Malware Architecture 118

Security Affairs

JULY 20, 2022

Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. A notable example includes BlackCat and Hive.

Ransomware 129

Ransomware Encryption Malware Advertising 129

Security Affairs

SEPTEMBER 30, 2023

Federal Bureau of Investigation (FBI) warns of dual ransomware attacks aimed at the same victims. Federal Bureau of Investigation (FBI) is warning of dual ransomware attacks, a new worrisome trend in the threat landscape that sees threat actors targeting the same victims two times. ” continues the alert. .

Ransomware 110

Ransomware Architecture Encryption Malware 110

Security Affairs

NOVEMBER 1, 2021

The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). SecurityAffairs – hacking, cybercrime).

DDOS 118

DDOS Ransomware Cybercrime Encryption 118

Security Affairs

JULY 28, 2021

BlackMatter ransomware gang, a new threat actor appears in the threat landscape and claims to combine TTPs of Darkside and REvil. BlackMatter is a new ransomware gang that started its activity this week, the cybercriminals group claims to be the successor of Darkside and REvil groups. SecurityAffairs – hacking, ransomware).

Ransomware 122

Ransomware Architecture Healthcare Encryption 122

Security Affairs

NOVEMBER 2, 2023

Rapid7 identified exploitation attempts of the CVE-2023-46604 flaw to deploy HelloKitty ransomware in two different customer environments. “In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations. ” reads the report published by Rapid7.

Ransomware 113

Ransomware Cybercrime Software Encryption 113

Security Affairs

JULY 15, 2022

Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. The ransomware targets a limited types of files, including log files (.log),

Ransomware 123

Ransomware Encryption Malware Hacking 123

Security Affairs

JULY 1, 2023

Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. Files are encrypted by Chacha 2008 ( D.

Ransomware 97

Ransomware Encryption Malware Hacking 97

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. SecurityAffairs – hacking, ransomware).

Ransomware 139

Ransomware Encryption Engineering Malware 139

Security Affairs

NOVEMBER 24, 2022

RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming language. The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language.

Ransomware 97

Ransomware Encryption Malware Manufacturing 97

Security Affairs

OCTOBER 19, 2022

Researchers at Palo Alto Network’s Unit 42 linked the Ransom Cartel ransomware operation to the REvil ransomware operations. Researchers at Palo Alto Network’s Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil cybercrime gang. No samples seen yet. ” . .

Ransomware 104

Ransomware Encryption Engineering Cybercrime 104