2014, Antivirus, Cybercrime and Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Shade Ransomware gang shut down operations and releases 750K decryption keys

Security Affairs

APRIL 27, 2020

The cybercrime gang also apologized for the damages they have caused their victims. Shade was considered one of the most dangerous threats in the cyber crime scenario, it has been active at least since 2014 when a massive infection was observed in Russian. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Advertising Antivirus Education

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. “On one of the compromised information systems, experts found encrypted files with the extension “ newversion.”

Government

Government Ransomware Encryption Penetration Testing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

The technique was already employed by other Chinese APT groups since 2013, later it was also adopted by other cybercrime gangs in attacks in the wild. ’ In a first attack scenario, hackers leverage a Microsoft antivirus component to load mpsvc.dll that acts as a loader for Groza_1.dat. Pierluigi Paganini.

Encryption

Encryption Malware Advertising Antivirus

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. ” continues Microsoft. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Social Engineering Banking

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

He had no previous criminal records at the time of the arrest, but it is known to be a member of a cybercrime forum to become an affiliate for the GandCrab ransomware operation. ransom amount, individual bots and encryption masks). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Advertising Malware Hacking

Security Affairs newsletter Round 201 – News of the week

Security Affairs

FEBRUARY 17, 2019

Adiantum will bring encryption on Android devices without cryptographic acceleration. Astaroth Trojan relies on legitimate os and antivirus processes to steal data. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Antivirus Malware Backups

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Another technique used by cybercriminals to bypass antivirus systems is a targeted attack, in which malicious email are delivered outside regular working hours. More than 80% of all malicious files were disguised as .zip

Ransomware

Ransomware Antivirus Malware Banking

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

In August 2018, three members of the notorious cybercrime gang have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Identity Theft

Identity Theft Hacking Advertising DNS

WinDealer dealing on the side

SecureList

JUNE 2, 2022

Layout of the encrypted data. Packets exchanged with the C2 server contain a header (described in the next table) followed by AES-encrypted data. Initial connection: the generated AES key and its CRC32, encrypted using RSA-2048 with a hardcoded public key. x33x44”). Description. Sample value (in hex). Unknown static value.

Malware

Malware Encryption Social Engineering Telecommunications

The Ursnif Gangs keep Threatening Italy

Security Affairs

MARCH 26, 2019

The VBS code is obfuscated to evade antivirus detection and, in order to confuse the analyst, all the values are manipulated in different steps: using many mathematical operations, very long random variable names and other content encoded in Base64 format. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Antivirus Advertising Encryption

TA505 is expanding its operations

Security Affairs

MAY 29, 2019

su”, using an SSL encrypted communication, and stores them in “C:UsersPublic” path: “ rtegre.exe ” and “ wprgxyeqd79.exe Analyzing it in depth, we discover it actually is the RMS (Remote Manipulator System) client by TektonIT , encrypted using the MPress PE compressor utility, a legitimate tool, to avoid antivirus detection.

Retail

Retail Banking Advertising Encryption

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere. This bold about-face dumbfounded many longtime Norton users because antivirus firms had spent years broadly classifying all cryptomining programs as malware.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

That file was delivered via malscam campaigns around the world and its source-code is obfuscated in order to evade antivirus detection and complicate its analysis. Data includes date/hour of infection , remote IP from victim’s computer , OS version and antivirus name. Figure 16: EMOTET collects antivirus product name via WMI query.

Banking

Banking Malware Antivirus Cyber threats

Do cyber regulations actually make K–12 schools safer? Navigating compliance while securing school and student data

Malwarebytes

APRIL 5, 2023

According to the Data Quality Campaign , 45 states and Washington, DC, enacted new student privacy laws between 2014 and 2020. Most states require strong data privacy controls, which typically include encrypting any sensitive personal information of staff and students. Secure data storage is also a requirement of FERPA.

Education

Education Ransomware Cybersecurity Risk

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

While the MBR infection has been known since at least 2014, details on the UEFI bootkit were publicly revealed for the first time in our private report on FinSpy. The attack is estimated to have resulted in the encryption of files belonging to around 60 Kaseya customers using the on-premises version of the platform. In version 16.80.0

Malware

Malware Banking Energy and Utilities Accountability

APT trends report Q1 2021

SecureList

APRIL 27, 2021

It was first publicly documented in 2014, in the aftermath of the Gamma Group hacking incident. The contents are disguised as GIF image files, but contain encrypted commands from the C2 server and command execution results. The samples were compiled in 2014 and, accordingly, were likely deployed in 2014 and possibly as late as 2015.

Malware

Malware Spyware Government Social Engineering

Cyber Security Informer

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Shade Ransomware gang shut down operations and releases 750K decryption keys

Webinars

Trending Sources

CERT France – Pysa ransomware is targeting local governments

Webinars

New KilllSomeOne APT group leverages DLL side-loading

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs newsletter Round 201 – News of the week

Ransomware Revival: Troldesh becomes a leader by the number of attacks

FIN7 Hackers group is back with a new loader and a new RAT

WinDealer dealing on the side

The Ursnif Gangs keep Threatening Italy

TA505 is expanding its operations

Happy 13th Birthday, KrebsOnSecurity!

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Do cyber regulations actually make K–12 schools safer? Navigating compliance while securing school and student data

IT threat evolution Q3 2021

APT trends report Q1 2021

Stay Connected