Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. ” reads a blog post published by Bleepingcomputer.

Encryption 109

Encryption Ransomware Cryptocurrency Passwords 109

Security Affairs

SEPTEMBER 26, 2020

Good news for the victims of the ThunderX ransomware, cybersecurity firm Tesorion has released a decryptor to recover their files for free. Cybersecurity firm Tesorion has released a free decryptor for the ThunderX ransomware that allows victims to recover their files. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Ransomware 145

Ransomware Encryption Advertising Hacking 145

Security Affairs

SEPTEMBER 2, 2024

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in the threat landscape and already targeted tens of companies. Cicada3301 is a new ransomware-as-a-service (RaaS) operation that appeared in the threat landscape. The Cicada3301 ransomware is written in Rust and targets both Windows and Linux/ESXi hosts.

Ransomware 136

Ransomware Encryption Malware Cybercrime 136

Security Affairs

DECEMBER 26, 2019

Experts spotted a new strain of the Ryuk Ransomware that was developed to avoid encrypting folders commonly seen in *NIX operating systems. Kremez noticed that the ransomware doesn’t encrypt folders that are associated with *NIX operating systems. 2019-12-21: #Ryuk #Ransomware as V2.EXE Pierluigi Paganini.

Encryption 93

Encryption Ransomware Malware Advertising 93

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. sysopfb shows how we broke it.

Ransomware 143

Ransomware Encryption Malware InfoSec 143

Security Affairs

MARCH 17, 2020

Operators behind a new piece of ransomware dubbed Nefilim have started threatening victims to release stolen data like other cybercrime gangs. A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware. share much of the same code.”

Ransomware 137

Ransomware Encryption Cybercrime Malware 137

Security Affairs

JUNE 6, 2020

eCh0raix Ransomware operators are back after months of apparent inactivity, now are targeting QNAP storage devices in a new campaign. Threat actors behind the eCh0raix Ransomware have launched a new campaign aimed at infecting QNAP storage devices. encrypt extension to filenames of encrypted files. Pierluigi Paganini.

Ransomware 142

Ransomware Encryption Advertising Manufacturing 142

Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. Pierluigi Paganini.

Ransomware 145

Ransomware Advertising Encryption Malware 145

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. ” continues the analysis.

Ransomware 145

Ransomware Encryption Malware Advertising 145

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. ” reads the message published by the ransomware operators.

Hacking 145

Hacking Ransomware Advertising Encryption 145

Security Affairs

DECEMBER 2, 2019

Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems. Pierluigi Paganini.

Ransomware 144

Ransomware Encryption Advertising Cybercrime 144

Security Affairs

SEPTEMBER 28, 2020

The operators behind new ransomware dubbed Mount Locker have adopted the same tactic of other gangs threatening the victims to leak stolen data. A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. MountLocker #Ransomware claimed Makalot Industrial Co.

Ransomware 142

Ransomware Encryption Advertising Engineering 142

Security Affairs

MARCH 16, 2020

Experts warn of a new malware strain, dubbed PXJ Ransomware, that does share the same underlying code with existing ransomware families. Security experts from IBM X-Force have spotted a new strain of ransomware, dubbed PXJ Ransomware, that does share the same code with other known ransomware families.

Ransomware 133

Ransomware Encryption Malware Advertising 133

Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption 98

Encryption Ransomware Advertising Malware 98

Krebs on Security

MAY 13, 2024

and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. Pin was active on Opensc around March 2012, and authored 13 posts that mostly concerned data encryption issues, or how to fix bugs in code. Last week, the United States joined the U.K.

Cybercrime 333

Cybercrime Ransomware Accountability Malware 333

Security Affairs

APRIL 9, 2020

million ransom to decrypt its files after being encrypted by the infamous Sodinokibi ransomware. “As part of this attack, the operators behind the Sodinokibi ransomware told BleepingComputer that they had encrypted the company’s entire network, deleted backup files, and copied more than 5GB of personal data.

Ransomware 144

Ransomware Encryption Advertising Backups 144

Security Affairs

AUGUST 2, 2020

BleepingComputer researchers confirmed that Garmin has received the decryption key to recover their files encrypted with the WastedLocker Ransomware. BleepingComputer first revealed that Garmin has received the decryption key to recover the files encrypted with the WastedLocker Ransomware in the recent attack.

Ransomware 145

Ransomware Encryption Advertising Software 145

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. locked to the filename of the encrypted files.

Government 143

Government Ransomware Encryption Penetration Testing 143

Security Affairs

JUNE 29, 2021

Researchers analyzed a recently discovered threat, the Lorenz ransomware, and developed a free decryptor for the victims of this new operation. The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims. Lorenz.sz40’.”

Ransomware 129

Ransomware Encryption Malware Hacking 129

Security Affairs

FEBRUARY 7, 2020

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Cybercriminals behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products.

Software 145

Software Ransomware Antivirus Encryption 145

Security Affairs

MARCH 3, 2020

The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. Pierluigi Paganini.

Ransomware 138

Ransomware Advertising Encryption Malware 138

Security Affairs

AUGUST 17, 2020

IT giant Konica Minolta was hit with a ransomware attack at the end of July, its services have been impacted for almost a week. A ransomware attack has impacted the services at the business technology giant Konica Minolta for almost a week, the attack took place at the end of July. Pierluigi Paganini.

Technology 145

Technology Ransomware Advertising Encryption 145

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption 96

Encryption Ransomware Malware Scams 96

Security Affairs

MAY 27, 2020

A new piece of ransomware dubbed FuckUnicorn it targeting Italy by tricking victims into downloading a fake COVID-19 contact tracing app. The new ransomware was first spotted by the malware researcher JamesWT_MHT that shared samples with the malware community. ransomware #italy #covid19 #fuckunicorn Website [link] s//www.fofl.]it/IMMUNI.exe

Ransomware 144

Ransomware Encryption Advertising Malware 144

Security Affairs

AUGUST 4, 2020

Maze ransomware operators published internal data from LG and Xerox after the company did not pay the ransom. Ransomware crews are very active during these months, Maze ransomware operators have published tens of GB of internal data allegedly stolen from IT giants LG and Xerox following failed extortion attempts. GB from Xerox.

Ransomware 144

Ransomware Encryption Firmware Advertising 144

Security Affairs

SEPTEMBER 4, 2020

A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. We have now confirmed a data breach occurred.

Data breaches 143

Data breaches Ransomware Advertising Encryption 143

Security Affairs

JUNE 10, 2020

Source informed about the security incident believe Honda’s systems have been infected with SNAKE Ransomware. The researcher states that this is because the ransomware tries to resolve the “mds.honda.com” domain, and failing to do so, will terminate the ransomware without encrypting any files.”

Ransomware 142

Ransomware Advertising Encryption Cyber Attacks 142

Security Affairs

MAY 27, 2020

Microsoft is warning organizations to deploy protections against a new strain of PonyFinal ransomware that has been in the wild over the past two months. PonyFinal is Java-based ransomware that is manually distributed by threat actors. PonyFinal is Java-based ransomware that is manually distributed by threat actors.

Ransomware 136

Ransomware Security Intelligence Encryption Advertising 136

Security Affairs

OCTOBER 30, 2020

The DoppelPaymer ransomware operators have released data that was stolen from Hall County, Georgia earlier this month. The DoppelPaymer ransomware operators have published online data that was stolen from Hall County , Georgia earlier this month. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 141

Ransomware Advertising Encryption Media 141

Security Affairs

JULY 28, 2020

Security experts from Kaspersky Lab reported that North Korea-linked hackers are attempting to spread a new ransomware strain known as VHD. North Korean-linked Lazarus APT Group continues to be very active, the state-sponsored hackers are actively employing new ransomware, tracked as VHD, in attacks aimed at enterprises.

Ransomware 139

Ransomware Malware Advertising Hacking 139

Security Affairs

OCTOBER 13, 2020

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw announced it was the victim of an “aggressive malware” attack, but the media immediately reported a ransomware infection later confirmed by the firm. Pierluigi Paganini.

Ransomware 144

Ransomware Advertising Malware Encryption 144

Security Affairs

AUGUST 2, 2020

The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. The flash alert also includes indicators of compromise for the Netwalker ransomware along with mitigations. ” reads the alert.

Ransomware 145

Ransomware VPN Government Advertising 145

Security Affairs

OCTOBER 15, 2020

The Egregor ransomware gang has hit the game developer Crytek and leaked files allegedly stolen from the systems of the gaming firm Ubisoft. A previously unknown ransomware gang dubbed Egregor has hit the game developer Crytek and leaked files allegedly stolen from the internal network of another leading gaming firm, Ubisoft.

Ransomware 144

Ransomware Advertising Phishing Encryption 144

Security Affairs

SEPTEMBER 20, 2020

manufacturer of high-performance fiber lasers for diverse applications and industries was hit by a ransomware attack that disrupted its operations. The source told BleepingComputer that the ransomware attack had disrupted the operations worldwide of the company. IPG Photonics, a leading U.S. billion revenue in 2019. Pierluigi Paganini.

Ransomware 143

Ransomware Manufacturing Advertising Encryption 143

Security Affairs

MARCH 23, 2020

MalwareHunterTeam experts have identified a new Coronavirus phishing campaign that aims at delivering the Netwalker Ransomware. The number of coronavirus -themed cyberattacks continues to increase, MalwareHunterTeam researchers uncovered a new campaign that is delivering the Netwalker Ransomware, aka Mailto. Pierluigi Paganini.

Ransomware 144

Ransomware Phishing Advertising Encryption 144

Security Affairs

JUNE 15, 2020

Black Kingdom ransomware operators are targeting organizations using unpatched Pulse Secure VPN software to deploy their malware. Black Kingdom ransomware was first spotted in late February by security researcher GrujaRS. the malicious code encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

VPN 140

VPN Ransomware Advertising Encryption 140

Security Affairs

MAY 1, 2020

Maze Ransomware operators claim to have gained access to the network of Banco BCR of Costa Rica and stolen 11 million credit card credentials. Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials.

Ransomware 145

Ransomware Banking Cyber Insurance Advertising 145