Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /.

Ransomware 321

Ransomware Cybercrime Malware Encryption 321

Security Affairs

JUNE 14, 2020

MAZE ransomware operators have stolen the data of the company before encrypting its systems and threaten to leak it in case the victim will not pay the ransom. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 104

Ransomware Hacking Advertising Banking 104

Security Affairs

NOVEMBER 1, 2020

The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019. SecurityAffairs – hacking, Maze). Pierluigi Paganini.

Ransomware 141

Ransomware Cybercrime Advertising Software 141

Security Affairs

DECEMBER 2, 2019

The malicious code executes a small program, just before starting the encryption process, to disable security tools running on the infected systems that could detect its operations. These are encrypted under the suffix. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 115

Ransomware Encryption Advertising Cybercrime 115

Security Affairs

OCTOBER 23, 2018

. “There are quite a few changes in this newly witnessed variant, the most prominent ones being a new encryption method of the embedded C&C domain string, a new connection method to the C&C and improvement of the Crypto currency wallets stealer and loader.” Pierluigi Paganini. Securi ty Affairs – Azorult , malware).

Marketing 78

Marketing Cybercrime Cryptocurrency Advertising 78

Security Affairs

NOVEMBER 17, 2018

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail. “We hacked Protonmail and have a significant amount of their data from the past few months. ProtonMail denied having been hacked that added that this is just a hoax.

Scams 97

Scams Hacking Data collection Advertising 97

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption 63

Encryption Ransomware Malware Scams 63

Security Affairs

NOVEMBER 4, 2020

. “On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 111

Ransomware Retail Advertising Malware 111

Security Affairs

JULY 28, 2020

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The group has been linked to several major cyber attacks, including the 2014 Sony Pictures hack , several SWIFT banking attacks since 2016, and the 2017 WannaCry ransomware infection.

Ransomware 100

Ransomware Malware Advertising VPN 100

Security Affairs

SEPTEMBER 2, 2020

Researchers from Malwarebytes reported that Magecart groups are using the encrypted messaging service Telegram to exfiltrate stolen payment details from compromised websites. Attackers encrypt payment data to make identification more difficult before transferring it via Telegram’s API into a chat channel. ” concluded the post.

Encryption 101

Encryption Advertising Cybercrime Marketing 101

Krebs on Security

DECEMBER 8, 2022

First spotted in mid-August 2022 , Venus is known for hacking into victims’ publicly-exposed Remote Desktop services to encrypt Windows devices. Encrypting sensitive data wherever possible. Department of Health and Human Services (HHS) warned that Venus ransomware attacks were targeting a number of U.S.

Healthcare 265

Healthcare Backups Ransomware Insurance 265

Security Affairs

OCTOBER 20, 2018

The developers of the GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The authors of the infamous GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. Security Affairs – GandCrab ransomware, cybercrime ).

Ransomware 89

Ransomware Cybercrime Identity Theft Advertising 89

Security Affairs

APRIL 18, 2021

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

System Administration 117

System Administration Penetration Testing Malware Banking 117

Security Affairs

AUGUST 12, 2019

Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground. Last week media reported the hack of StockX , the fashion and sneaker trading platform. Now a dump containing 6,840,339 unique StockX user accounts surfaced in the cybercrime underground.

Accountability 81

Accountability Data breaches Passwords Cybercrime 81

Security Affairs

MAY 1, 2020

Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 132

Ransomware Banking Cyber Insurance Advertising 132

Security Affairs

JULY 26, 2020

The company is also aware that a threat actor is attempting to sell the Dave user records in the cybercrime underground, it hired security firm CrowdStrike to investigate the security breach. “The database was initially on an auction, by the alias ‘hasway’ at the hacking forum exploit, and later was removed on auction.

Banking 116

Banking Advertising Education Cybercrime 116

Security Affairs

OCTOBER 11, 2020

The actors behind FONIX RaaS advertised several products on various cybercrime forums. “Notably, FONIX varies somewhat from many other current RaaS offerings in that it employs four methods of encryption for each file and has an overly-complex post-infection engagement cycle.” SecurityAffairs – hacking, FONIX RaaS).

Ransomware 88

Ransomware Encryption Advertising DDOS 88

Security Affairs

MARCH 1, 2020

Raccoon Malware, a success case in the cybercrime ecosystem. Hacking campaign targets sites running popular Duplicator WordPress plugin. Kr00k Wi-Fi Encryption flaw affects more than a billion devices. Silence Hacking Crew threatens Australian banks of DDoS attacks. SecurityAffairs – hacking, newsletter).

Banking 90

Banking Malware Advertising Ransomware 90

Security Affairs

OCTOBER 24, 2020

The ransomware encrypted files and renamed their filenames by adding the “ easy2lock” extension, this extension was previously associated with recent WastedLocker ransomware infections. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, WastedLocker).

Ransomware 86

Ransomware Telecommunications Banking Advertising 86

Security Affairs

MAY 27, 2020

Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. The PonyFinal ransomware usually adds the “ enc” extension to the names of the encrypted files, it drops a ransom note (named README_files.txt) on the infected systems.

Ransomware 104

Ransomware Security Intelligence Encryption Advertising 104

Security Affairs

AUGUST 12, 2020

Now the City of Lafayette admitted they were a victim of a ransomware attack that encrypted its systems and confirmed that opted to pay a $45,000 ransom to receive a decryption tool to recover its files. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, City of Lafayette).

Backups 137

Backups Advertising Ransomware Hacking 137

Security Affairs

MARCH 15, 2020

This attack is based on” ransomware “(ransomware), malicious software that blocks access to a computer or files by encrypting them, while demanding that the victim be paid a ransom,” the city said. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Marseille ).

Cyber Attacks 110

Cyber Attacks Ransomware Advertising Backups 110

Security Affairs

JUNE 29, 2020

million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1. While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible,” reads a statement published by the UCSF.

Ransomware 128

Ransomware Encryption Advertising Malware 128

Security Affairs

JULY 23, 2020

The Windows version of MATA is composed of a loader used to load an encrypted next-stage payload and the orchestrator module (“lsass.exe”). The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. SecurityAffairs – hacking, Mata malware platform).

Malware 100

Malware Ransomware Advertising Encryption 100

Security Affairs

AUGUST 21, 2020

” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, University of Utah).

Ransomware 144

Ransomware Cyber Insurance Insurance Advertising 144

Security Affairs

APRIL 27, 2020

The cybercrime gang also apologized for the damages they have caused their victims. Shade was considered one of the most dangerous threats in the cyber crime scenario, it has been active at least since 2014 when a massive infection was observed in Russian. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 118

Ransomware Advertising Antivirus Education 118

Security Affairs

AUGUST 3, 2020

He had no previous criminal records at the time of the arrest, but it is known to be a member of a cybercrime forum to become an affiliate for the GandCrab ransomware operation. ransom amount, individual bots and encryption masks). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 117

Ransomware Advertising Malware Hacking 117

Security Affairs

NOVEMBER 5, 2020

The technique was already employed by other Chinese APT groups since 2013, later it was also adopted by other cybercrime gangs in attacks in the wild. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption 110

Encryption Malware Advertising Antivirus 110

Security Affairs

MARCH 10, 2020

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. SecurityAffairs – hacking, Human-operated ransomare).

Ransomware 114

Ransomware Cybercrime Social Engineering Banking 114

Security Affairs

AUGUST 4, 2020

Maze ransomware operators have also breached the systems of the Xerox Corporation and stolen files before encrypting them. The company did not disclose the cyberattack, but early June the Maze ransomware operators published some screenshots that showed that a Xerox domain has been encrypted. SecurityAffairs – hacking, ransomware).

Ransomware 111

Ransomware Encryption Advertising Firmware 111

Security Affairs

APRIL 14, 2020

Once executed, the ransomware binary contacts the C2 server to download an image that serves as the main ransomware infection notification displayed the victim’s device, then it gathers the host details and transmits it to the C2 to create a custom key to encrypt the files on the system’s desktop with a “ locked20” extension.

Healthcare 114

Healthcare Ransomware Phishing Government 114

Security Affairs

APRIL 19, 2020

. “It is possible that an attack was conducted but failed to encrypt any devices.” ” Data Breach Notification service UnderTheBreach noticed that on April 11, an operator in the cybercrime underground offered for sale the access to a big enterprise, they speculate the big organizations could be Cognizant.

Ransomware 103

Ransomware Advertising Data breaches Cybercrime 103

Security Affairs

OCTOBER 2, 2018

GandCrab operates like a classic ransomware, it encrypts all user files and drops some ransom notes on the infected machine. to allow the code to encrypt the files opened by these applications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Securi ty Affairs – ransomare, cybercrime).

Ransomware 89

Ransomware Encryption Advertising Malware 89

Security Affairs

NOVEMBER 3, 2018

Crooks are offering for sale Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account. According to the BBC, crooks are offering for sale on underground criminal forums the private messages of 81,000 hacked Facebook accounts. Security Affairs – Facebook accounts, cybercrime).

Accountability 97

Accountability Advertising Cybercrime Hacking 97

Security Affairs

OCTOBER 3, 2020

In September, systems at the University Hospital New Jersey (UHNJ) were encrypted with the SunCrypt ransomware , threat actors also stolen documents from the institution and leaked a small portion of them online. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 141

Ransomware Advertising Encryption Phishing 141

Security Affairs

DECEMBER 24, 2019

Feds remind that both ransomware implements a secure encryption algorithm that means it impossible to decrypt the files without paying the ransom. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 60

Ransomware Backups Encryption Cyber Attacks 60

Security Affairs

MARCH 3, 2020

Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 103

Ransomware Advertising Encryption Malware 103