2017, Cybercrime, Information Security and Ransomware

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI. Pierluigi Paganini.

Cybercrime

Cybercrime Education Accountability Phishing

SynAck ransomware gang releases master decryption keys for old victims

Security Affairs

AUGUST 13, 2021

The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow victims to decrypt their files for free. Pierluigi Paganini.

Ransomware

Ransomware Authentication Malware Hacking

Magniber Ransomware operators use PrintNightmare exploits to infect Windows servers

Security Affairs

AUGUST 12, 2021

Threat actors behind the Magniber Ransomware are using PrintNightmare exploits in attacks aimed at Windows servers. Threat actors behind the Magniber Ransomware are exploiting the PrintNightmare flaws ( CVE-2021-1675 , CVE-2021-34527 , and CVE-2021-36958 ) to infect Windows servers. SecurityAffairs – hacking, cybercrime).

Ransomware

Ransomware Cybercrime Encryption Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

FBI and the DHS’s CISA agencies published a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia. The government agencies receive information about imminent attacks, threat actors are using the TrickBot botnet to deliver the infamous ransomware to the infected systems.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

Truebot has been active since 2017 and some researchers linked it to the Russian Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). ” concludes the report published by Huntress.

Cybercrime

Cybercrime Software Education Ransomware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress. inch diskettes. inch diskettes.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Most ransomware attacks take place outside the working hours

Security Affairs

MARCH 17, 2020

Most of the ransomware attacks targeting the enterprises occur outside working hours, during the nighttime or during the weekend. Security experts from FireEye published an interesting report on the Ransomware deployment trends, it revealed that most of the attacks (76%) against the enterprise sector occur outside working hours.

Ransomware

Ransomware Advertising Malware Cybercrime

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Security Affairs

NOVEMBER 28, 2022

Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. MSIL/Filecoder.RansomBoggs.A

Ransomware

Ransomware Encryption Telecommunications Malware

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach. CDHE discovered the ransomware attack on June 19, 2023, it immediately launched an investigation into the security breach with the help of third-party specialists.

Education

Education Data breaches Ransomware Hacking

TrueBot infections were observed in Clop ransomware attacks

Security Affairs

DECEMBER 11, 2022

Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). “Post-compromise activity included data theft and the execution of Clop ransomware.” ” reads the analysis published by Talos. Pierluigi Paganini.

Ransomware

Ransomware Malware Internet Internet

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. ” concluded ZDNet.

Ransomware

Ransomware Hacking Advertising Malware

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Security Affairs

MAY 6, 2024

Alexander Vinnik , a Russian national, pleaded guilty to conspiracy to commit money laundering for his involvement in operating the cryptocurrency exchange BTC-e from 2011 to 2017. In July 2017 law enforcement shut down the virtual currency exchange.

Cryptocurrency

Cryptocurrency Computers and Electronics Identity Theft Hacking

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Security Affairs

AUGUST 13, 2021

Another ransomware gang, the Vice Society ransomware operators, is using Windows print spooler PrintNightmare exploits in its attacks. The Vice Society ransomware operators are actively exploiting Windows print spooler PrintNightmare vulnerability in their attacks against Windows servers. The flaw received a CVSS score of 7.3,

Ransomware

Ransomware Backups Education Malware

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The ransomware attack that hit the systems of Nissan Oceania in December 2023 impacted roughly 100,000 individuals. Nissan immediately notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre. In December 2017, Nissan Finance Canada was hacked , personal information of 1.13

Data breaches

Data breaches Identity Theft Financial Services Cybercrime

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

Three days later, Cybernews researchers revisited the database to see whether it had been closed, and found it had been hit with ransomware. The oldest entry goes as far back as 2017, and it is unclear how long this instance had been open prior to the Cybernews discovery. The 3.9GB-strong database held information from 2017 onwards.

Ransomware

Ransomware Passwords Encryption Identity Theft

The Satan Ransomware adds new exploits to its arsenal

Security Affairs

MAY 21, 2019

A variant of the Satan ransomware recently observed includes exploits to its arsenal and targets machines leveraging additional flaws. Experts at FortiGuard Labs have discovered a new variant of the Satan ransomware that includes new exploits to its portfolio and leverages additional vulnerabilities to infect as many machines as possible.

Ransomware

Ransomware Advertising Malware Encryption

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

The researchers speculate the originating accounts of the instant messaging applications were compromised through the leaked credentials available on cybercrime forums. ” concludes the report.

Malware

Malware Cryptocurrency Accountability Cybercrime

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Security Affairs

OCTOBER 3, 2023

Like all ransomware, this is a type of malware that, once introduced into an organization, encrypts the data and then requires the victim to pay a ransom in order to decrypt it. ” The analyzed attack spread the ransomware Lockbit 3.0 ” The analyzed attack spread the ransomware Lockbit 3.0 ORIGINAL_extension].specific/different

Ransomware

Ransomware Encryption Technology Backups

North Korea-linked hackers stole $626 million in virtual assets in 2022

Security Affairs

DECEMBER 22, 2022

. “South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cybercrimes since U.N. economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” Citing the U.S.

Cryptocurrency

Cryptocurrency Cybercrime Media Government

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

APRIL 10, 2023

Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation. Threat actors masqueraded the attacks as a standard ransomware operation. ” DEV-1084 presented itself as cybercrime group likely as an attempt to hide its real motivation of a nation-state actor. .

Ransomware

Ransomware Cybercrime VPN Education

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

The Russian citizen Alexander Vinnik goes on trial in Paris for having defrauded nearly 200 victims across the world of 135 million euros using ransomware. The Russian man Alexander Vinnik goes on trial in Paris for having defrauded nearly 200 victims across the world of 135M euros using ransomware. Pierluigi Paganini.

Advertising

Advertising Cybercrime Hacking Cryptocurrency

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

Security Affairs

JULY 15, 2019

Some of the crooks behind the Dridex Trojan have split from the gang and released a forked version of the BitPaymer ransomware dubbed DoppelPaymer. Cybercrime gang tracked as TA505 has been active since 2014 and focusing on Retail and Banking industries. ” Now experts found a new variant of the ransomware tracked as DoppelPaymer.

Ransomware

Ransomware Encryption Advertising Malware

TA505 Cybercrime targets system integrator companies

Security Affairs

NOVEMBER 12, 2019

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. The domain validtree.com is registered through namecheap.com on 2017-12-07T15:55:27Z but recently renewed on 2019-10-16T05:35:18Z. I am a computer security scientist with an intensive hacking background.

Cybercrime

Cybercrime Computers and Electronics Penetration Testing Malware

Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang

Security Affairs

NOVEMBER 30, 2020

Delaware County, Pennsylvania opted to pay a $500,000 ransom after it was the victim of a DoppelPaymer ransomware attack last weekend. During the last weekend Delaware County, Pennsylvania, was the victim of a DoppelPaymer ransomware attack that brought down part of its network. ” reported BleepingComputer.

Computers and Electronics

Computers and Electronics Ransomware Insurance Cybercrime

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

. “A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. The spread of this ransomware was considered to be the worst cyber attack in terms of contamination rate and scope, putting public offices and companies (especially healthcare facilities) out of operation.

Malware

Malware Computers and Electronics Encryption Ransomware

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Krebs on Security

APRIL 15, 2020

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. I am literally seeing phishing messages in every language known to man.”

Cybersecurity

Cybersecurity Cyber threats Government Phishing

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. million customers impacted. million customers impacted.

Data breaches

Data breaches Hacking Cryptocurrency Scams

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company ( TSMC ) and $70 million ransom. ” reads the announcement published by Lockbit operators on their leak site.

Manufacturing

Manufacturing Ransomware Hacking Security Awareness

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Security Affairs

DECEMBER 8, 2020

The man went on trial in Paris for having defrauded nearly 200 victims across the world of 135M euros using ransomware. The French court acquitted Vinnik of charges of extortion and association with a cybercrime organization. Vinnik is also accused to be responsible for the failure of the Japanese bitcoin exchange Mt.

Cryptocurrency

Cryptocurrency Hacking Ransomware Cybercrime

Experts warn of a surge of TrueBot activity in May 2023

Security Affairs

JUNE 5, 2023

Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). When an organization is infected with this malware, it can quickly escalate to become a bigger infection, similar to how ransomware spreads throughout a network.”

Malware

Malware Ransomware Hacking Software

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. The report’s findings reveal that email remains the main method of delivering ransomware, banking Trojans, and backdoors. The revival of ransomware. Pierluigi Paganini.

Ransomware

Ransomware Antivirus Malware Banking

Four years after its takedown, AlphaBay marketplace revamped

Security Affairs

AUGUST 14, 2021

AlphaBay was active between 2014 and June 2017, law enforcement seized the marketplace and arrested the administrator Alexandre Cazes (aka “Alpha02/Admin”), who died by suicide in prison in Thailand. The revamped marketplace also bans posts about illicit drugs, COVID-19 vaccines, and ransomware.

Marketing

Marketing Ransomware Hacking Banking

Marcus Hutchins sentenced to supervised release, no jail for the expert

Security Affairs

JULY 27, 2019

Marcus Hutchins made the headlines after discovering the “ kill switch ” that halted the outbreak of the WannaCry ransomware. In August 2017, he was arrested in Las Vegas after attending the Def Con hacking conference and was detained by the FBI in the state of Nevada. SecurityAffairs – Marcus Hutchins, cybercrime).

Banking

Banking Malware Advertising Cybercrime

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

The notorious Lazarus Group is using a new multi-platform malware framework, dubbed MATA, in attacks aimed at organizations worldwide, to deploy Kaspersky researchers observed that MATA was used by the threat actors to distribute ransomware (i.e. VHD ransomware) and steal customer databases. ” concludes the report.

Malware

Malware Ransomware Advertising Encryption

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

The spike in the number of encrypted malware is the result of several factors, such as Ransomware as a Service (RaaS) and open-source malware kits. Ransomware continues to be a profitable business for the cybercrime ecosystem and the recent wave of attacks against US municipalities demonstrates it. .” continues the report.

IoT

IoT Encryption Malware Advertising

Cybercriminal greeners from Iran attack companies worldwide for financial gain

Security Affairs

AUGUST 24, 2020

The attackers used Dharma ransomware and a mix of publicly available tools to target companies in Russia, Japan, China, and India. Group-IB researchers have recently observed increased activities around Dharma ransomware distribution. In some attacks, they attempted to elevate privileges using exploit for CVE-2017-0213.

Threat Detection

Threat Detection Ransomware Advertising Cybercrime

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Google TAG also reported the malware-based attacks conducted by the group behind Cuba ransomware to distribute RomCom RAT in the networks of the Ukrainian government and military.

Phishing

Phishing Education Accountability Telecommunications

CISA and FBI warn of Truebot infecting US and Canada based organizations

Security Affairs

JULY 6, 2023

Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). VMware’s Carbon Black Managed Detection and Response (MDR) team observed a surge of TrueBot activity in May 2023.

Malware

Malware Cyber threats Phishing Hacking

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

Malware

Malware Firmware Architecture Firewall

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

OCTOBER 26, 2019

Impact of Privacy & Security Issues in Business Communication. I remember that in early 2017, the business world was hit by ransomware, which felt to them like a speedy bullet shot at their blind spot. The ransomware attack was labeled as WannaCry, which in reality made the victims wanted to cry.

Encryption

Encryption Cyber threats Ransomware Cybercrime

U.S. offers up to $5 Million rewards for info on North Korea-linked operations

Security Affairs

APRIL 16, 2020

and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.” Under the pressure of robust U.S. ” reads the advisory. government refers to as HIDDEN COBRA. ” concludes the advisory.

Cyber threats

Cyber threats Banking Government Advertising

Group-IB: More than 70% of Russian banks are not ready for cyberattacks

Security Affairs

FEBRUARY 19, 2019

Group-IB , an international company that specializes in preventing cyberattacks , has conducted high-tech cybercrimes research based on an analysis of responses to information security incidents carried out by Group-IB Incident Response team in 2018. More information can be found here. . Pierluigi Paganini.

Banking

Banking Marketing Cybercrime Information Security

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

It’s worth noting that despite the fact that Fxmsp stopped all public activity in late 2019, Group-IB discovered that a European energy company, that he was selling access to, fell victim to a ransomware attack in 2020. Fxmsp took his first steps in the cybercrime scene in September 2016 when he registered on an underground forum, fuckav[.]ru.

Antivirus

Antivirus Advertising Hacking Banking

FBI: Compromised US academic credentials available on various cybercrime forums

SynAck ransomware gang releases master decryption keys for old victims

Webinars

Trending Sources

Magniber Ransomware operators use PrintNightmare exploits to infect Windows servers

Webinars

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Most ransomware attacks take place outside the working hours

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

TrueBot infections were observed in Clop ransomware attacks

Source code of Dharma ransomware now surfacing on public hacking forums

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Nissan Oceania data breach impacted roughly 100,000 people

Harvard Business Publishing licensee hit by ransomware

The Satan Ransomware adds new exploits to its arsenal

DarkGate malware campaign abuses Skype and Teams

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

North Korea-linked hackers stole $626 million in virtual assets in 2022

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

TA505 Cybercrime targets system integrator companies

Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Wannacry, the hybrid malware that brought the world to its knees

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Security Affairs newsletter Round 318

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Experts warn of a surge of TrueBot activity in May 2023

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Four years after its takedown, AlphaBay marketplace revamped

Marcus Hutchins sentenced to supervised release, no jail for the expert

New MATA Multi-platform malware framework linked to NK Lazarus APT

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Cybercriminal greeners from Iran attack companies worldwide for financial gain

Google TAG warns of Russia-linked APT groups targeting Ukraine

CISA and FBI warn of Truebot infecting US and Canada based organizations

US and UK link new Cyclops Blink malware to Russian state hackers?

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

U.S. offers up to $5 Million rewards for info on North Korea-linked operations

Group-IB: More than 70% of Russian banks are not ready for cyberattacks

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Stay Connected