Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption 99

Encryption Ransomware Advertising Malware 99

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. ” reads a blog post published by Bleepingcomputer.

Encryption 85

Encryption Ransomware Cryptocurrency Passwords 85

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. ” continues the analysis.

Ransomware 144

Ransomware Encryption Advertising Malware 144

Security Affairs

SEPTEMBER 28, 2020

The operators behind new ransomware dubbed Mount Locker have adopted the same tactic of other gangs threatening the victims to leak stolen data. A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. MountLocker #Ransomware claimed Makalot Industrial Co.

Ransomware 132

Ransomware Encryption Advertising Engineering 132

Security Affairs

AUGUST 2, 2020

BleepingComputer researchers confirmed that Garmin has received the decryption key to recover their files encrypted with the WastedLocker Ransomware. BleepingComputer first revealed that Garmin has received the decryption key to recover the files encrypted with the WastedLocker Ransomware in the recent attack.

Ransomware 145

Ransomware Encryption Advertising Software 145

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. ” reads the message published by the ransomware operators.

Hacking 128

Hacking Ransomware Advertising Encryption 128

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption 64

Encryption Ransomware Malware Scams 64

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. sysopfb shows how we broke it.

Ransomware 105

Ransomware Encryption Malware InfoSec 105

Security Affairs

MARCH 17, 2020

Operators behind a new piece of ransomware dubbed Nefilim have started threatening victims to release stolen data like other cybercrime gangs. A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware. share much of the same code.”

Ransomware 104

Ransomware Encryption Cybercrime Advertising 104

Security Affairs

AUGUST 17, 2020

IT giant Konica Minolta was hit with a ransomware attack at the end of July, its services have been impacted for almost a week. A ransomware attack has impacted the services at the business technology giant Konica Minolta for almost a week, the attack took place at the end of July. Pierluigi Paganini.

Technology 137

Technology Ransomware Advertising Encryption 137

Security Affairs

JUNE 6, 2020

eCh0raix Ransomware operators are back after months of apparent inactivity, now are targeting QNAP storage devices in a new campaign. Threat actors behind the eCh0raix Ransomware have launched a new campaign aimed at infecting QNAP storage devices. encrypt extension to filenames of encrypted files. Pierluigi Paganini.

Ransomware 110

Ransomware Encryption Advertising Manufacturing 110

Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. Pierluigi Paganini.

Ransomware 120

Ransomware Advertising Encryption Malware 120

Security Affairs

MARCH 16, 2020

Experts warn of a new malware strain, dubbed PXJ Ransomware, that does share the same underlying code with existing ransomware families. Security experts from IBM X-Force have spotted a new strain of ransomware, dubbed PXJ Ransomware, that does share the same code with other known ransomware families.

Ransomware 102

Ransomware Encryption Malware Advertising 102

Security Affairs

OCTOBER 15, 2020

The Egregor ransomware gang has hit the game developer Crytek and leaked files allegedly stolen from the systems of the gaming firm Ubisoft. A previously unknown ransomware gang dubbed Egregor has hit the game developer Crytek and leaked files allegedly stolen from the internal network of another leading gaming firm, Ubisoft.

Ransomware 134

Ransomware Advertising Phishing Media 134

Security Affairs

AUGUST 21, 2020

The University of Utah admitted to have paid a $457,059 ransom in order to avoid having ransomware operators leak student information online. The university did not reveal the ransomware family involved in the attack. ” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers.

Ransomware 144

Ransomware Cyber Insurance Insurance Advertising 144

Security Affairs

NOVEMBER 1, 2020

The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019. The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. Pierluigi Paganini.

Ransomware 142

Ransomware Cybercrime Advertising Software 142

Security Affairs

SEPTEMBER 17, 2020

University Hospital New Jersey (UHNJ) has suffered a ransomware attack, SunCrypt ransomware operators also leaked the data they have stolen. Systems at the University Hospital New Jersey (UHNJ) were encrypted with the SunCrypt ransomware, threat actors also stolen documents from the institution and leaked it online.

Ransomware 138

Ransomware Advertising Data breaches Encryption 138

Security Affairs

AUGUST 2, 2020

The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. The flash alert also includes indicators of compromise for the Netwalker ransomware along with mitigations. ” reads the alert.

Ransomware 133

Ransomware VPN Advertising Government 133

Security Affairs

APRIL 9, 2020

million ransom to decrypt its files after being encrypted by the infamous Sodinokibi ransomware. “As part of this attack, the operators behind the Sodinokibi ransomware told BleepingComputer that they had encrypted the company’s entire network, deleted backup files, and copied more than 5GB of personal data.

Ransomware 116

Ransomware Encryption Advertising Backups 116

Security Affairs

DECEMBER 2, 2019

Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems. Pierluigi Paganini.

Ransomware 115

Ransomware Encryption Advertising Cybercrime 115

Security Affairs

FEBRUARY 7, 2020

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Cybercriminals behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products.

Software 123

Software Ransomware Antivirus Encryption 123

Security Affairs

MAY 1, 2020

Maze Ransomware operators claim to have gained access to the network of Banco BCR of Costa Rica and stolen 11 million credit card credentials. Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials.

Ransomware 135

Ransomware Banking Cyber Insurance Advertising 135

Security Affairs

JUNE 29, 2020

million to cybercriminals to recover data after a ransomware attack. million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. million, to decrypt it. ” reported the website edscoop.com.

Ransomware 127

Ransomware Encryption Advertising Malware 127

Security Affairs

MAY 27, 2020

Microsoft is warning organizations to deploy protections against a new strain of PonyFinal ransomware that has been in the wild over the past two months. PonyFinal is Java-based ransomware that is manually distributed by threat actors. PonyFinal is Java-based ransomware that is manually distributed by threat actors.

Ransomware 104

Ransomware Security Intelligence Encryption Advertising 104

Security Affairs

MAY 27, 2020

A new piece of ransomware dubbed FuckUnicorn it targeting Italy by tricking victims into downloading a fake COVID-19 contact tracing app. The new ransomware was first spotted by the malware researcher JamesWT_MHT that shared samples with the malware community. ransomware #italy #covid19 #fuckunicorn Website [link] s//www.fofl.]it/IMMUNI.exe

Ransomware 118

Ransomware Encryption Advertising Malware 118

Security Affairs

OCTOBER 13, 2020

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw announced it was the victim of an “aggressive malware” attack, but the media immediately reported a ransomware infection later confirmed by the firm. Pierluigi Paganini.

Ransomware 113

Ransomware Advertising Malware Encryption 113

Security Affairs

MARCH 3, 2020

The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. Pierluigi Paganini.

Ransomware 102

Ransomware Advertising Encryption Malware 102

Security Affairs

SEPTEMBER 20, 2020

manufacturer of high-performance fiber lasers for diverse applications and industries was hit by a ransomware attack that disrupted its operations. The source told BleepingComputer that the ransomware attack had disrupted the operations worldwide of the company. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 114

Ransomware Manufacturing Advertising Encryption 114

Security Affairs

SEPTEMBER 4, 2020

A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. We have now confirmed a data breach occurred.

Data breaches 108

Data breaches Ransomware Advertising Encryption 108

Security Affairs

SEPTEMBER 28, 2020

Universal Health Services (UHS) healthcare providers has reportedly shut down systems at healthcare facilities after a Ryuk ransomware attack. The Ryuk ransomware operators were very active early this year , in March they targeted hospitals even as these organizations are involved in the fight against the Coronavirus pandemic.

Ransomware 116

Ransomware Healthcare Advertising Antivirus 116

Security Affairs

AUGUST 4, 2020

Maze ransomware operators published internal data from LG and Xerox after the company did not pay the ransom. Ransomware crews are very active during these months, Maze ransomware operators have published tens of GB of internal data allegedly stolen from IT giants LG and Xerox following failed extortion attempts. GB from Xerox.

Ransomware 111

Ransomware Encryption Advertising Firmware 111

Security Affairs

SEPTEMBER 20, 2020

National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware attacks against education institutions. PowerShell) to easily deploy tooling or ransomware. Pierluigi Paganini.

Education 145

Education Ransomware Antivirus Backups 145

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. locked to the filename of the encrypted files.

Government 106

Government Ransomware Encryption Penetration Testing 106

Security Affairs

JUNE 10, 2020

Source informed about the security incident believe Honda’s systems have been infected with SNAKE Ransomware. The researcher states that this is because the ransomware tries to resolve the “mds.honda.com” domain, and failing to do so, will terminate the ransomware without encrypting any files.”

Ransomware 107

Ransomware Advertising Encryption Cyber Attacks 107

Security Affairs

JUNE 14, 2020

Maze ransomware operators hit Threadstone Advisors LLP, a US corporate advisory firm specialising in mergers ‘n’ acquisitions. Threadstone Advisors LLP, a corporate advisory firm specialising in mergers ‘n’ acquisitions, is the last victim of the Maze ransomware operators. Cohen, Pittsburgh Brewing Co.,

Ransomware 104

Ransomware Hacking Advertising Banking 104

Security Affairs

OCTOBER 1, 2020

K-Electric, Pakistan’s largest private power company, did not pay the ransom and the Netwalker ransomware operators have leaked the stolen data. In early September, K-Electric (KE), the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services.

Ransomware 136

Ransomware Advertising Engineering VPN 136

Security Affairs

AUGUST 15, 2020

Sodinokibi (REvil) ransomware operators announced on Friday to have hacked Brown-Forman, one of the largest U.S. Sodinokibi (REvil) ransomware operators announced last week to have breached the network of the Brown-Forman, one of the largest U.S. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 114

Ransomware Advertising Encryption Hacking 114