Ransomware and Security Intelligence - Cyber Security Informer

New Trigona Ransomware Threat Actor Uses Mimic Ransomware and BCP Utility in Attacks

Penetration Testing

JANUARY 29, 2024

AhnLab Security Intelligence Center (ASEC) has recently uncovered a concerning development in ransomware attacks. A new threat actor, previously known as Trigona ransomware, has been identified as installing Mimic ransomware.

Ransomware

Ransomware Penetration Testing Security Intelligence Malware

TargetCompany Ransomware Group Escalates Attacks: New Tools and Persistent Targeting of MS-SQL Servers

Penetration Testing

MAY 1, 2024

The world of cybersecurity is witnessing an alarming trend as ransomware groups intensify their attacks on Microsoft SQL (MS-SQL) servers, exploiting weak management practices to deploy devastating malware.

Penetration Testing

Penetration Testing Ransomware Security Intelligence Malware

LockBit Ransomware: The Hidden Threat in Resume Word Files

Penetration Testing

JANUARY 18, 2024

The AhnLab Security Intelligence Center has uncovered that the LockBit ransomware is being spread through malicious Word files disguised as resumes.

Penetration Testing

Penetration Testing Ransomware Security Intelligence Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Ransomware Series: Video 2

Webroot

OCTOBER 13, 2021

The Rise of Ransomware. Ransomware attacks dominate news coverage of the cybersecurity industry. And it’s no wonder – with million-dollar payouts, infrastructure attacks and international manhunts, ransomware makes for exciting headlines. The New Standard of Ransomware. Evolving Threats. Fighting Back.

Ransomware

Ransomware Security Intelligence Cybersecurity

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks. The group was spotted deploying the Clop ransomware in opportunistic attacks in April 2023. Then they use OpenSSH and Impacket to move laterally and deploy the Clop ransomware payload.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5) Pierluigi Paganini.

Ransomware

Ransomware Malware Encryption Security Intelligence

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

The Hacker News

MAY 21, 2021

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.

Ransomware

Ransomware Malware Security Intelligence Encryption

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

Microsoft is warning organizations to deploy protections against a new strain of PonyFinal ransomware that has been in the wild over the past two months. PonyFinal is Java-based ransomware that is manually distributed by threat actors. PonyFinal is Java-based ransomware that is manually distributed by threat actors.

Ransomware

Ransomware Security Intelligence Encryption Advertising

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware

Ransomware Hacking Internet Internet

New STRRAT RAT Malware Convinces Believe They’ve Fallen Victim to Ransomware, Researchers Find

Hot for Security

MAY 21, 2021

Security researchers have discovered a new massive spam email campaign designed to push the latest version of STRRAT malware, according to data shared by Microsoft. Ransomware attacks are among the most dangerous for people and companies alike. Attackers used compromised email accounts to launch the email campaign.

Ransomware

Ransomware Malware Security Intelligence Encryption

New’ DearCry’ Ransomware Targets Unpatched Exchange Clients as Microsoft Takes Down ‘ProxyLogon’ PoC

Hot for Security

MARCH 12, 2021

Ransomware operators are actively targeting unpatched Exchange instances in wake of the recently disclosed ProxyLogon Exchange Server flaws, according to reports. Phillip Misner, a Security Program Manager with Microsoft, tweeted earlier today that a new ransomware family is leveraging the latest-disclosed Exchange vulnerabilities.

Ransomware

Ransomware Education Security Intelligence Accountability

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Security Affairs

OCTOBER 16, 2022

Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. ” continues the report.

Ransomware

Ransomware Encryption Backups Security Intelligence

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. Microsoft has identified a new ransomware strain "Prestige" in limited targeted attacks in Ukraine and Poland. The campaign shares victimology with recent operations conducted by Russia-linked threat actors.

Ransomware

Ransomware Telecommunications DNS Hacking

Ransomware may be targeting Microsoft’s Hafnium Exchange Server vulnerabilities

SC Magazine

MARCH 12, 2021

The company confirmed a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft confirmed “a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,” via its Security Intelligence Twitter account.

Ransomware

Ransomware Security Intelligence Media Accountability

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Security Affairs

AUGUST 7, 2023

Senior official reports a quadruple increase in ransomware attacks against Finland since it started the process to join NATO. The number of ransomware attacks targeting Finland has increased fourfold since the country began the process of joining NATO in 2023. So I don’t believe there’s a single silver bullet.”

Ransomware

Ransomware Government Cyber threats Security Intelligence

Ransomware, BEC and Phishing Still Top Concerns, per 2021 Threat Report

Webroot

APRIL 21, 2021

Although cybercriminal activity throughout 2020 was as innovative as ever, some of the most noteworthy threat activity we saw came from the old familiar players, namely ransomware, business email compromise (BEC) and phishing. Ransomware. One of the newer trends we saw in ransomware was that of data extortion.

Threat Reports

Threat Reports Phishing Ransomware Backups

Customized threat intelligence can track down ransomware gangs

SC Magazine

JULY 2, 2021

Today’s columnist, Troy Wachter of Cyberint, says defeating ransomware groups like the one that hit Colonial Pipeline will take teamwork across departments and threat intelligence tools that show how and where specific threats have originated and how they are evolving. OrbitalJoe CreativeCommons CC BY-NC-ND 2.0.

Ransomware

Ransomware Engineering Encryption Insurance

Malware authors join forces and target organisations with Domino Backdoor

Malwarebytes

APRIL 18, 2023

There’s a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called “Domino”, is the brainchild of FIN7 and ex-Conti ransomware members. This current campaign is, sadly, no different.

Malware

Malware Banking Ransomware Passwords

Ransom hits main street

Webroot

NOVEMBER 5, 2021

But despite the headlines, most ransomware targets families as well as small and medium sized businesses. Targeted by ransomware. Ransomware uses modern technology and cutting-edge tools to do something that feels decidedly old fashioned – steal from you. Ransomware tactics. Their goal is disruption.

Ransomware

Ransomware Backups Banking Technology

A week in security (August 9 – August 15)

Malwarebytes

AUGUST 16, 2021

Last week on Malwarebytes Labs: Home routers are being hijacked using a vulnerability disclosed just 2 before Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business Check your passwords! Stay safe, everyone!

Social Engineering

Social Engineering Scams VPN Phishing

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

Malwarebytes

JUNE 14, 2022

We urge customers to upgrade to the latest version or apply recommended mitigations: [link] — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2022. AvosLocker Ransomware and Linux botnets are getting in on the action. A mixed bag of attacks. Has Windows & Linux versions.

Ransomware

Ransomware Scams Security Intelligence Encryption

What a difference a year makes, or does it?

Webroot

OCTOBER 1, 2021

There was the infrastructure ransomware attack on the Colonial Pipeline in May 2021, which caused the company to cease operations for days. Also the attack on JBS USA , which fell victim to ransomware and threatened U.S. Over the course of the last year, “SMBs continued to be the prime target of ransomware authors.

Ransomware

Ransomware Backups Threat Reports Small Business

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

The TA505 group was involved in campaigns aimed at distributing the Dridex banking Trojan, along with Locky , BitPaymer , Philadelphia , GlobeImposter , and Jaff ransomware families. Security experts from cyber-security firm Prevailion reported that TA505 has compromised more than 1,000 organizations. states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Six Effective Ransomware Risk Reduction Strategies

NopSec

SEPTEMBER 12, 2016

Businesses, governments, and consumers alike need to be aware of ransomware – a type of malware that can inflict serious damage on your finances and productivity in a very short span of time. In earlier days, ransomware programs would simply lock a computer’s screen and prevent programs and files from being opened.

Risk

Risk Ransomware Social Engineering Penetration Testing

2022: The threat landscape is paved with faster and more complex attacks with no signs of stopping

Webroot

JANUARY 7, 2022

“In 2022, the widespread growth of mobile access will increase the prevalence of mobile malware, given all of the behavior tracking capabilities,” says Grayson Milbourne, security intelligence director, Carbonite + Webroot, OpenText companies. Ransomware. Earlier in 2021, we detailed the hidden costs of ransomware in our eBook.

Cybercrime

Cybercrime Phishing Ransomware Cryptocurrency

Webroot managed detection and response (MDR) purpose-built for MSPs

Webroot

JUNE 2, 2022

According to the latest 2022 BrightCloud® Threat Report , small to medium-sized businesses (SMBs) are particularly vulnerable to becoming a victim of a ransomware attack. Without human security experts and solutions at their disposable, these businesses remain susceptible to attacks.

Threat Detection

Threat Detection Cyber Insurance Small Business Insurance

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

This week, VMware and Microsoft warned of an ongoing, widespread Chromeloader malware campaign that is dropping malicious browser extensions, node-WebKit malware, and ransomware. pic.twitter.com/v6sexKgDSg — Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022.

Malware

Malware Adware Ransomware Security Intelligence

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. PowerShell, Ransomware Threats Grow. A surprising 91.5

Encryption

Encryption Malware Ransomware Firewall

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. The TA505 group was involved in campaigns aimed at distributing the Dridex banking Trojan, along with Locky , BitPaymer , Philadelphia , GlobeImposter , and Jaff ransomware families. based electrical company, a U.S.

Malware

Malware Security Intelligence Banking Phishing

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021. The analysis focuses on six Iranian hacking groups that are increasingly utilizing ransomware to either fundraise or disrupt the computer networks of the targets.

VPN

VPN Social Engineering Accountability Media

SolarWinds Serv-U bug exploited for Log4j attacks

Security Affairs

JANUARY 19, 2022

We reported our discovery to SolarWinds, and security updates have been released. More info: [link] — Microsoft Security Intelligence (@MsftSecIntel) January 19, 2022. In the past, other threat actors exploited Serv-U vulnerabilities to carry out malicious activities.

Authentication

Authentication Hacking Ransomware Security Intelligence

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Security Affairs

JANUARY 26, 2022

VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. This month, the Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Internet

Internet Internet Ransomware Hacking

A week in security (June 28 – June 4)

Malwarebytes

JULY 5, 2021

Other cybersecurity news. Stay safe, everyone!

Cyber Insurance

Cyber Insurance Social Engineering Scams Insurance

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Emotet malware is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot). Additional malware is downloaded and installed when running these macros.

Malware

Malware Passwords Advertising Cybercrime

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot). Researchers from Microsoft Security Intelligence are also warning of the ongoing Halloween-themed Emotet campaign. since August. Enable Edition template mostly used.

Banking

Banking Malware Security Intelligence Advertising

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

Microsoft researchers also spotted a ransomware gangs that is exploiting ProxyLogon flaws to spread a piece of malware tracked as DearCry. We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. and also as DearCry. and also as DearCry.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot). pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020.

Government

Government Banking Advertising Malware

Trickbot is the most prolific malware operation using COVID-19 themed lures

Security Affairs

APRIL 18, 2020

pic.twitter.com/V2JcZg2kjt — Microsoft Security Intelligence (@MsftSecIntel) April 17, 2020. Then the attackers attempt to monetize their efforts by deploying other payloads, like the Ryuk Ransomware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware Advertising Security Intelligence Phishing

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

MAY 1, 2019

Lucy’s’s software allows companies to easily set-up customizable mock attacks to test employees’ readiness to avoid phishing, ransomware and other attacks with a social engineering component. This is stunning: phishing attacks soared in 2018, rising 250% between January and December, according to Microsoft’s Security Intelligence Report.

Social Engineering

Social Engineering Engineering Phishing Banking

How to Stop Phishing Attacks in Their Tracks

SiteLock

AUGUST 27, 2021

Microsoft’s “ Security Intelligence Report, Volume 24 ” shows a 250% increase in the number of phishing emails and attacks since 2018. The primary intention of a phishing email is to carry out a ransomware attack or compromise your network, leaving businesses susceptible to further damage and costs.

Phishing

Phishing Passwords Education Password Management

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

This gap between need and skilled people is even more acute due to the rise of the ransomware threat , and the world is going to have to respond with more people who can at least do the basics, even if that’s through short certification programs. ESG and ISSA. I think we need a national program to address this.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

link] — Microsoft Security Intelligence (@MsftSecIntel) October 12, 2020. The Trickbot infrastructure was used by crooks to compromise systems and carry out human-operated campaigns, notably its use for the deployment of the Ryuk ransomware. ” reads the post published by Microsoft.

Banking

Banking Malware Advertising Financial Services

9 Considerations For Hong Kong Banks To Address The STDB Guidelines

Thales Cloud Protection & Licensing

OCTOBER 4, 2021

These guidelines will help banks recover and restore critical data to facilitate the resumption of critical functions, services, and systems in a timely manner in the event of destructive cyber-attacks, such as ransomware attacks.

Banking

Banking Digital transformation Encryption Backups

Introducing AT&T Managed Extended Detection and Response (XDR)

CyberSecurity Insiders

OCTOBER 19, 2021

AT&T Managed XDR brings broad visibility into your environment through its ability to integrate across many security tools with AlienApps. These connections into your environment pull events and security intelligence into one centralized hub for further correlation and add context so you can respond to threats faster.

Threat Detection

Threat Detection Technology Antivirus Cybercrime

New Trigona Ransomware Threat Actor Uses Mimic Ransomware and BCP Utility in Attacks

TargetCompany Ransomware Group Escalates Attacks: New Tools and Persistent Targeting of MS-SQL Servers

Webinars

Trending Sources

LockBit Ransomware: The Hidden Threat in Resume Word Files

Webinars

Ransomware Series: Video 2

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

STRRAT RAT spreads masquerading as ransomware

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft warns about ongoing PonyFinal ransomware attacks

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

New STRRAT RAT Malware Convinces Believe They’ve Fallen Victim to Ransomware, Researchers Find

New’ DearCry’ Ransomware Targets Unpatched Exchange Clients as Microsoft Takes Down ‘ProxyLogon’ PoC

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Ransomware may be targeting Microsoft’s Hafnium Exchange Server vulnerabilities

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Ransomware, BEC and Phishing Still Top Concerns, per 2021 Threat Report

Customized threat intelligence can track down ransomware gangs

Malware authors join forces and target organisations with Domino Backdoor

Ransom hits main street

A week in security (August 9 – August 15)

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

What a difference a year makes, or does it?

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Six Effective Ransomware Risk Reduction Strategies

2022: The threat landscape is paved with faster and more complex attacks with no signs of stopping

Webroot managed detection and response (MDR) purpose-built for MSPs

IT giants warn of ongoing Chromeloader malware campaigns

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Iran-linked APT groups continue to evolve

SolarWinds Serv-U bug exploited for Log4j attacks

VMware urges customers to patch VMware Horizon servers against Log4j attacks

A week in security (June 28 – June 4)

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Emotet operators are running Halloween-themed campaigns

Researchers warn of a surge in cyber attacks against Microsoft Exchange

CISA alert warns of Emotet attacks on US govt entities

Trickbot is the most prolific malware operation using COVID-19 themed lures

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

How to Stop Phishing Attacks in Their Tracks

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Microsoft partnered with other security firms to takedown TrickBot botnet

9 Considerations For Hong Kong Banks To Address The STDB Guidelines

Introducing AT&T Managed Extended Detection and Response (XDR)

Stay Connected