Security Affairs

JULY 19, 2020

The four malware families are named Guildma, Javali, Melcoz, and Grandoreiro, experts believe are the result of a Brazilian banking group/operation that is evolving its capabilities targeting banking users abroad. Experts noticed that the malware uses the BITSAdmin tool to download the additional modules. ” continues Kaspersky.

Banking 103

Banking Malware Phishing Advertising 103

Security Affairs

DECEMBER 30, 2019

The United Nations on Friday have approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. The United Nations on Friday has approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. It will only serve to stifle global efforts to combat cybercrime.”

Cybercrime 60

Cybercrime Surveillance Spyware Government 60

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ” continues the report. .

Encryption 63

Encryption Ransomware Malware Scams 63

Security Affairs

OCTOBER 23, 2018

. “There are quite a few changes in this newly witnessed variant, the most prominent ones being a new encryption method of the embedded C&C domain string, a new connection method to the C&C and improvement of the Crypto currency wallets stealer and loader.” Securi ty Affairs – Azorult , malware).

Marketing 77

Marketing Cybercrime Cryptocurrency Advertising 77

Security Affairs

DECEMBER 2, 2019

Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems. Pierluigi Paganini.

Ransomware 114

Ransomware Encryption Advertising Cybercrime 114

Security Affairs

NOVEMBER 4, 2020

. “On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 110

Ransomware Retail Advertising Malware 110

Security Affairs

JULY 28, 2020

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The group has been linked to several major cyber attacks, including the 2014 Sony Pictures hack , several SWIFT banking attacks since 2016, and the 2017 WannaCry ransomware infection.

Ransomware 99

Ransomware Malware Advertising VPN 99

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Krebs on Security

DECEMBER 8, 2022

First spotted in mid-August 2022 , Venus is known for hacking into victims’ publicly-exposed Remote Desktop services to encrypt Windows devices. “This group is known for frequently changing malware and driving global trends in criminal malware distribution,” MITRE assessed. healthcare organizations.

Healthcare 265

Healthcare Backups Ransomware Insurance 265

Security Affairs

OCTOBER 2, 2018

Malware researchers at Cybaze ZLab analyzed the latest version of the infamous GandCrab ransomware, version 5.0. GandCrab operates like a classic ransomware, it encrypts all user files and drops some ransom notes on the infected machine. to allow the code to encrypt the files opened by these applications. Pierluigi Paganini.

Ransomware 90

Ransomware Encryption Advertising Malware 90

Security Affairs

OCTOBER 31, 2020

The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. The cybercrime gang published some screenshots showing directories and files from the systems of the breached company. “Absolutely all servers and working computers of the company are hacked and encrypted.

Hacking 126

Hacking Ransomware Advertising Encryption 126

Security Affairs

APRIL 5, 2019

ZLab Yoroi-Cybaze dissected another attack wave of Ursnif Trojan, aka Gozi ISFB, an offspring of the original Gozi which source code was leaked in 2014. ZLab Yoroi-Cybaze dissected another attack wave of Ursnif Trojan, aka Gozi ISFB, an offspring of the original Gozi which source code was leaked in 2014. Introduction.

Banking 84

Banking Malware Cryptocurrency Advertising 84

Security Affairs

APRIL 18, 2021

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. ” reads the press release published by DoJ.

System Administration 115

System Administration Penetration Testing Malware Banking 115

Security Affairs

NOVEMBER 5, 2020

In such attacks, malware places a spoofed malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file. The technique was already employed by other Chinese APT groups since 2013, later it was also adopted by other cybercrime gangs in attacks in the wild. Pierluigi Paganini.

Encryption 108

Encryption Malware Advertising Antivirus 108

Security Affairs

MARCH 29, 2020

The CrySis ransomware was first spotted in by experts at ESET, the malware has infected systems, mostly in Russia, Japan, South and North Korea, and Brazil. ” reads the post published by “This, in turn, would result in the broader proliferation among multiple cybercrime groups, and an eventual surge in attacks.”

Ransomware 109

Ransomware Hacking Advertising Malware 109

Security Affairs

NOVEMBER 1, 2020

The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019. Pierluigi Paganini. SecurityAffairs – hacking, Maze).

Ransomware 141

Ransomware Cybercrime Advertising Software 141

Security Affairs

JUNE 29, 2020

million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1. While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible,” reads a statement published by the UCSF.

Ransomware 127

Ransomware Encryption Advertising Malware 127

Security Affairs

DECEMBER 19, 2019

The victims of the Maze Ransomware now face another threat because operators behind the malware could become publish their data online. The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online. SecurityAffairs – Maze ransomware, cybercrime).

Ransomware 70

Ransomware Cybercrime Advertising Malware 70

Security Affairs

MARCH 1, 2020

ISS reveals malware attack impacted parts of the IT environment. ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia. FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019. Lampion malware v2 February 2020. Raccoon Malware, a success case in the cybercrime ecosystem.

Banking 89

Banking Malware Advertising Ransomware 89

Security Affairs

MARCH 21, 2020

Threat actors are using phishing emails claiming to be sent from the chief of the World Health Organization (WHO), the malware delivered by crooks is a new variant of HawkEye keylogger. . “X-Force recent analysis identified a new HawkEye malware variant distributed in mails spoofing the World Health Organization.

Phishing 105

Phishing Advertising Malware Cybercrime 105

Security Affairs

MARCH 10, 2020

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. ” reads the post published by Microsoft.

Ransomware 115

Ransomware Cybercrime Social Engineering Banking 115

Security Affairs

MAY 27, 2020

Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. The PonyFinal ransomware usually adds the “ enc” extension to the names of the encrypted files, it drops a ransom note (named README_files.txt) on the infected systems.

Ransomware 104

Ransomware Security Intelligence Encryption Advertising 104

Security Affairs

DECEMBER 4, 2018

Security experts reported a new strain of malware spreading in China, the malicious code rapidly infected over 100,000 PCs in just four days. Velvet experts released d a free ransomware decryption tool that could be used to decrypt documents encrypted by the malware. Securi ty Affairs – cybercrime, China).

Ransomware 90

Ransomware Encryption Advertising Software 90

Security Affairs

JANUARY 15, 2020

The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. ru ) to the file name of each encrypted file, for example test.txt becomes [5ss5c@mail.ru ] test. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 68

Ransomware Cybercrime Architecture Advertising 68

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data. An example of a encrypted file’s name is zmAAwbbilFw69b7ag4G4bQ%3D%3D.rontok.” Pierluigi Paganini.

Ransomware 91

Ransomware Encryption Advertising Malware 91

Security Affairs

JULY 27, 2019

The website includes 89 decryptors that could allow decrypting for free files encrypted by 109 pieces of malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – ransomware, cybercrime).

Advertising 72

Advertising Ransomware Cybercrime Encryption 72

Security Affairs

MAY 16, 2019

A joint effort by international law enforcement agencies from 6 different countries has dismantled the crime gang behind the GozNym banking malware. “An unprecedented, international law enforcement operation has dismantled a complex, globally operating and organised cybercrime network.”

Banking 69

Banking Cybercrime Malware Advertising 69

Security Affairs

MAY 22, 2019

Security experts at Emsisoft released a new decrypted in a few days, it could be used for free by victims of the GetCrypt ransomware to decrypt their files encrypted by the malware. The GetCrypt ransomware is served through the RIG exploit kit , it leveragesSalsa20 and RSA-4096 to encrypt the victims’ files.

Ransomware 75

Ransomware Encryption Advertising Cybercrime 75

Security Affairs

AUGUST 3, 2020

He had no previous criminal records at the time of the arrest, but it is known to be a member of a cybercrime forum to become an affiliate for the GandCrab ransomware operation. He allegedly subscribed the GandCrab ransomware-as-a-service to create his own version of the malware and spread it running a spam campaign.

Ransomware 117

Ransomware Advertising Malware Hacking 117

Security Affairs

APRIL 9, 2020

million ransom to decrypt its files after being encrypted by the infamous Sodinokibi ransomware. The UK-based currency exchange Travelex currency exchange has been forced offline following a malware attack launched on New Year’s Eve. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 115

Ransomware Encryption Advertising Backups 115

Security Affairs

MARCH 3, 2020

Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure. they also announced a working tool for version 1.5.

Ransomware 102

Ransomware Advertising Encryption Malware 102

Security Affairs

JULY 15, 2019

Cybercrime gang tracked as TA505 has been active since 2014 and focusing on Retail and Banking industries. The group that is known for the distribution of the Dridex Trojan and the Locky ransomware , has released other pieces of malware including the tRat backdoor and the AndroMut downloader. . .”

Ransomware 73

Ransomware Encryption Advertising Malware 73

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. “On one of the compromised information systems, experts found encrypted files with the extension “ newversion.”

Government 105

Government Ransomware Encryption Penetration Testing 105

Security Affairs

DECEMBER 24, 2019

Feds remind that both ransomware implements a secure encryption algorithm that means it impossible to decrypt the files without paying the ransom. According to the alert, attackers leverage exploits, phishing attacks, credential stuffing to deliver the malware. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 60

Ransomware Backups Encryption Cyber Attacks 60

Security Affairs

OCTOBER 20, 2018

The developers of the GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The authors of the infamous GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. Security Affairs – GandCrab ransomware, cybercrime ).

Ransomware 90

Ransomware Cybercrime Identity Theft Advertising 90

Security Affairs

FEBRUARY 9, 2020

It is unclear if the attackers have exfiltrated data from the systems before encrypting them. The attacker focused on encrypting data files in the Windows domain. According to security experts at Fox-IT, the ransomware attack is compatible with other attacks carried out by the TA505 cybercrime gang. Pierluigi Paganini.

Ransomware 107

Ransomware Cyber Attacks Architecture Backups 107

Security Affairs

OCTOBER 24, 2020

The ransomware encrypted files and renamed their filenames by adding the “ easy2lock” extension, this extension was previously associated with recent WastedLocker ransomware infections. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 85

Ransomware Telecommunications Banking Advertising 85