2015, Cybercrime, Encryption and Hacking

Russian Cybercrime Boss Burkov Pleads Guilty

Krebs on Security

JANUARY 27, 2020

Aleksei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Also, members needed to have a special encryption certificate installed in their Web browser before the forum’s login page would even load. Andrei Shirokov / Tass via Getty Images. ” that stole roughly $100 million from victims.

Cybercrime

Cybercrime Banking Identity Theft Government

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

REvil ransomware gang hacked gaming firm Gaming Partners International

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. SecurityAffairs – hacking, Gaming Partners International (GPI)).

Hacking

Hacking Ransomware Advertising Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

Asian media firm E27 has been hacked by a hacking group identifying themselves as “Korean Hackers” and “Team Johnwick”that asked for a “donation” to provide information on the vulnerabilities they have exploited in the attack. .” SecurityAffairs – hacking, E27). Pierluigi Paganini.

Media

Media Hacking Passwords Data breaches

The State of Cybersecurity in March 2015

SiteLock

AUGUST 27, 2021

Protect your website from hackers and cybercrime. It’s called FREAK (which stands for Factoring Attack on RSA-EXPORT Key), and works by weakening encrypted connections on SSL and TLS, which in turn allows an attacker to intercept and decipher the “secure” data. Apparently an unauthorized third party got access into Uber’s database.

Cybersecurity

Cybersecurity Data breaches Manufacturing Software

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. SecurityAffairs – hacking, GravityRAT). Pierluigi Paganini.

Encryption

Encryption Malware Media Authentication

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. ” concluded ZDNet. Pierluigi Paganini.

Ransomware

Ransomware Hacking Advertising Malware

Marriott: Data on 500 Million Guests Stolen in 4-Year Breach

Krebs on Security

NOVEMBER 30, 2018

Marriott said the intruders encrypted information from the hacked database (likely to avoid detection by any data-loss prevention tools when removing the stolen information from the company’s network), and that its efforts to decrypt that data set was not yet complete.

Data breaches

Data breaches Encryption Cybercrime Malware

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The Raccoon stealer is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. SecurityAffairs – hacking, malware).

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Sodinokibi ransomware uses MS API to encrypt open and locked files

Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption

Encryption Ransomware Advertising Malware

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. Most of the attacks targeted non-standard ports and experts observed a spike in the number of encrypted malware. million encrypted malware attacks, +27% over the previous year. .”

IoT

IoT Encryption Malware Advertising

Maze ransomware gang hacked M&A firm Threadstone Advisors LLP

Security Affairs

JUNE 14, 2020

MAZE ransomware operators have stolen the data of the company before encrypting its systems and threaten to leak it in case the victim will not pay the ransom. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The list of clients of the firm includes Victoria Beckham, Charles S. Cohen, Pittsburgh Brewing Co.,

Ransomware

Ransomware Hacking Advertising Banking

Why Were the Russians So Set Against This Hacker Being Extradited?

Krebs on Security

NOVEMBER 18, 2019

When Israeli authorities turned down requests to send him back to Russia — supposedly to face separate hacking charges there — the Russians then imprisoned an Israeli woman for seven years on trumped-up drug charges in a bid to trade prisoners. Alexei Burkov, seated second from right, attends a hearing in Jerusalem in 2015.

Cybercrime

Cybercrime Government Hacking Banking

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Security Affairs

OCTOBER 3, 2023

Like all ransomware, this is a type of malware that, once introduced into an organization, encrypts the data and then requires the victim to pay a ransom in order to decrypt it. Encrypted file structure ransomware BlackCat / ALPHV: [ORIGINAL_FILENAME].[ORIGINAL_extension].specific/different Black The LockBit 3.0 ORIGINAL_extension].specific/different

Ransomware

Ransomware Encryption Technology Backups

SamSam Ransomware operators earned more than US$5.9 Million since late 2015

Security Affairs

JULY 31, 2018

The researchers that have tracked Bitcoin addresses managed by the crime gang discovered that crooks behind the SamSam ransomware had extorted nearly $6 million from the victims since December 2015 when it appeared in the threat landscape. Million since late 2015. Million since late 2015 appeared first on Security Affairs.

Ransomware

Ransomware Advertising Marketing Encryption

Maze ransomware is going out of the business

Security Affairs

NOVEMBER 1, 2020

The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019. SecurityAffairs – hacking, Maze). Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Advertising Software

The new Azorult 3.3 is available in the cybercrime underground market

Security Affairs

OCTOBER 23, 2018

. “There are quite a few changes in this newly witnessed variant, the most prominent ones being a new encryption method of the embedded C&C domain string, a new connection method to the C&C and improvement of the Crypto currency wallets stealer and loader.” Pierluigi Paganini. Securi ty Affairs – Azorult , malware).

Marketing

Marketing Cybercrime Cryptocurrency Advertising

Russia’s SolarWinds Attack

Schneier on Security

DECEMBER 28, 2020

Sometime before March, hackers working for the Russian SVR — previously known as the KGB — hacked into SolarWinds and slipped a backdoor into an Orion software update. (We Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone. Probably.).

Hacking

Hacking Government Internet Internet

Clop Ransomware attempts to disable Windows Defender and Malwarebytes

Security Affairs

DECEMBER 2, 2019

The malicious code executes a small program, just before starting the encryption process, to disable security tools running on the infected systems that could detect its operations. These are encrypted under the suffix. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Cybercrime

Protonmail hacked …. a very strange scam attempt

Security Affairs

NOVEMBER 17, 2018

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail. “We hacked Protonmail and have a significant amount of their data from the past few months. ProtonMail denied having been hacked that added that this is just a hoax.

Scams

Scams Hacking Data collection Advertising

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Krebs on Security

JANUARY 14, 2022

million), 500,000 euros, and 20 “premium cars” purchased with funds obtained from cybercrime. Just months later, a multi-country law enforcement operation allowed investigators to hack into the REvil gang’s operations and force the group offline. Experts say there is good reason for Ukraine to be afraid.

Ransomware

Ransomware Government Media Cybercrime

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Scams

New Charges, Sentencing in Satori IoT Botnet Conspiracy

Krebs on Security

JUNE 25, 2020

Some of the IoT botnets enslaved hundreds of thousands of hacked devices. In 2015, then 15-year-old Sterritt was involved in the high-profile hack against U.K. In 2015, then 15-year-old Sterritt was involved in the high-profile hack against U.K. telecommunications provider TalkTalk. ”

IoT

IoT DDOS Cybercrime Internet

North Korea-Linked Lazarus APT is behind the VHD ransomware

Security Affairs

JULY 28, 2020

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The group has been linked to several major cyber attacks, including the 2014 Sony Pictures hack , several SWIFT banking attacks since 2016, and the 2017 WannaCry ransomware infection. Pierluigi Paganini.

Ransomware

Ransomware Malware Advertising VPN

Toymaker giant Mattel disclosed a ransomware attack

Security Affairs

NOVEMBER 4, 2020

. “On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, malware). ” reads the 10-Q form.

Ransomware

Ransomware Retail Advertising Malware

Syrian victims of the GandCrab ransomware can decrypt their files for free

Security Affairs

OCTOBER 20, 2018

The developers of the GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The authors of the infamous GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. Security Affairs – GandCrab ransomware, cybercrime ).

Ransomware

Ransomware Cybercrime Identity Theft Advertising

Hackers use e-skimmer that exfiltrates payment data via Telegram

Security Affairs

SEPTEMBER 2, 2020

Researchers from Malwarebytes reported that Magecart groups are using the encrypted messaging service Telegram to exfiltrate stolen payment details from compromised websites. Attackers encrypt payment data to make identification more difficult before transferring it via Telegram’s API into a chat channel. ” concluded the post.

Encryption

Encryption Advertising Cybercrime Marketing

Watch out, your StockX account details may be available in crime forums

Security Affairs

AUGUST 12, 2019

Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground. Last week media reported the hack of StockX , the fashion and sneaker trading platform. Now a dump containing 6,840,339 unique StockX user accounts surfaced in the cybercrime underground.

Accountability

Accountability Data breaches Passwords Cybercrime

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Hladyr also controlled the organization’s encrypted channels of communication.” SecurityAffairs – hacking, FIN7).

System Administration

System Administration Penetration Testing Malware Banking

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Security Affairs

MAY 1, 2020

Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Banco BCR, hacking). Pierluigi Paganini.

Ransomware

Ransomware Banking Cyber Insurance Advertising

Records for 7.5 million users of the digital banking app Dave leaked online

Security Affairs

JULY 26, 2020

The company is also aware that a threat actor is attempting to sell the Dave user records in the cybercrime underground, it hired security firm CrowdStrike to investigate the security breach. “The database was initially on an auction, by the alias ‘hasway’ at the hacking forum exploit, and later was removed on auction.

Banking

Banking Advertising Education Cybercrime

Moobot botnet is back and targets vulnerable D-Link routers

Security Affairs

SEPTEMBER 7, 2022

“As a variant, MooBot inherits Mirai’s most significant feature – a data section with embedded default login credentials and botnet configuration – but instead of using Mirai’s encryption key, 0xDEADBEEF, MooBot encrypts its data with 0x22.” SecurityAffairs – hacking, D-Link). ” concludes the report.

DDOS

DDOS Encryption Passwords Hacking

Underestimating the FONIX – Ransomware as a Service could be an error

Security Affairs

OCTOBER 11, 2020

The actors behind FONIX RaaS advertised several products on various cybercrime forums. “Notably, FONIX varies somewhat from many other current RaaS offerings in that it employs four methods of encryption for each file and has an overly-complex post-infection engagement cycle.” SecurityAffairs – hacking, FONIX RaaS).

Ransomware

Ransomware Encryption Advertising DDOS

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. The PonyFinal ransomware usually adds the “ enc” extension to the names of the encrypted files, it drops a ransom note (named README_files.txt) on the infected systems.

Ransomware

Ransomware Security Intelligence Encryption Advertising

Security Affairs newsletter Round 253

Security Affairs

MARCH 1, 2020

Raccoon Malware, a success case in the cybercrime ecosystem. Hacking campaign targets sites running popular Duplicator WordPress plugin. Kr00k Wi-Fi Encryption flaw affects more than a billion devices. Silence Hacking Crew threatens Australian banks of DDoS attacks. SecurityAffairs – hacking, newsletter).

Banking

Banking Malware Advertising Ransomware

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Security Affairs

OCTOBER 24, 2020

The ransomware encrypted files and renamed their filenames by adding the “ easy2lock” extension, this extension was previously associated with recent WastedLocker ransomware infections. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, WastedLocker).

Ransomware

Ransomware Telecommunications Banking Advertising

Massive cyber attack hit the town hall of Marseille ahead local election

Security Affairs

MARCH 15, 2020

This attack is based on” ransomware “(ransomware), malicious software that blocks access to a computer or files by encrypting them, while demanding that the victim be paid a ransom,” the city said. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Marseille ).

Cyber Attacks

Cyber Attacks Ransomware Advertising Backups

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

The Windows version of MATA is composed of a loader used to load an encrypted next-stage payload and the orchestrator module (“lsass.exe”). The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. SecurityAffairs – hacking, Mata malware platform).

Malware

Malware Ransomware Advertising Encryption

City of Lafayette (Colorado) paid $45,000 ransom after ransowmare attack

Security Affairs

AUGUST 12, 2020

Now the City of Lafayette admitted they were a victim of a ransomware attack that encrypted its systems and confirmed that opted to pay a $45,000 ransom to receive a decryption tool to recover its files. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, City of Lafayette).

Backups

Backups Advertising Ransomware Hacking

UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attack

Security Affairs

JUNE 29, 2020

million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1. While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible,” reads a statement published by the UCSF.

Ransomware

Ransomware Encryption Advertising Malware

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

AUGUST 21, 2020

” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, University of Utah). .” reads a press release published by the University. ” continues the statement.

Ransomware

Ransomware Cyber Insurance Insurance Advertising

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

He had no previous criminal records at the time of the arrest, but it is known to be a member of a cybercrime forum to become an affiliate for the GandCrab ransomware operation. ransom amount, individual bots and encryption masks). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Advertising Malware Hacking

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

The technique was already employed by other Chinese APT groups since 2013, later it was also adopted by other cybercrime gangs in attacks in the wild. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. SecurityAffairs – hacking, KilllSomeOne). Pierluigi Paganini.

Encryption

Encryption Malware Advertising Antivirus

Russian Cybercrime Boss Burkov Pleads Guilty

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Webinars

Trending Sources

REvil ransomware gang hacked gaming firm Gaming Partners International

Webinars

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Asian media firm E27 hacked, attackers asked for a “donation”

The State of Cybersecurity in March 2015

GravityRAT returns disguised as an end-to-end encrypted chat app

Source code of Dharma ransomware now surfacing on public hacking forums

Marriott: Data on 500 Million Guests Stolen in 4-Year Breach

Raccoon Malware, a success case in the cybercrime ecosystem

Sodinokibi ransomware uses MS API to encrypt open and locked files

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Maze ransomware gang hacked M&A firm Threadstone Advisors LLP

Why Were the Russians So Set Against This Hacker Being Extradited?

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

SamSam Ransomware operators earned more than US$5.9 Million since late 2015

Maze ransomware is going out of the business

The new Azorult 3.3 is available in the cybercrime underground market

Russia’s SolarWinds Attack

Clop Ransomware attempts to disable Windows Defender and Malwarebytes

Protonmail hacked …. a very strange scam attempt

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

DeathRansom ransomware evolves encrypting files, but experts identified its author

New Charges, Sentencing in Satori IoT Botnet Conspiracy

North Korea-Linked Lazarus APT is behind the VHD ransomware

Toymaker giant Mattel disclosed a ransomware attack

Syrian victims of the GandCrab ransomware can decrypt their files for free

Hackers use e-skimmer that exfiltrates payment data via Telegram

Watch out, your StockX account details may be available in crime forums

A member of the FIN7 group was sentenced to 10 years in prison

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Records for 7.5 million users of the digital banking app Dave leaked online

Moobot botnet is back and targets vulnerable D-Link routers

Underestimating the FONIX – Ransomware as a Service could be an error

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs newsletter Round 253

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Massive cyber attack hit the town hall of Marseille ahead local election

New MATA Multi-platform malware framework linked to NK Lazarus APT

City of Lafayette (Colorado) paid $45,000 ransom after ransowmare attack

UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attack

University of Utah pays a $457,000 ransom to ransomware gang

Belarussian authorities arrested GandCrab ransomware distributor

New KilllSomeOne APT group leverages DLL side-loading

Stay Connected