2019, Cybercrime, Encryption and Ransomware

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Krebs on Security

FEBRUARY 20, 2024

authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. First surfacing in September 2019, the gang is estimated to have made hundreds of millions of U.S. Department of Justice (DOJ).

Ransomware

Ransomware Cybercrime Encryption Insurance

Arrest, Seizures Tied to Netwalker Ransomware

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. ” Image: Chainalysis. . ” Image: Chainalysis.

Ransomware

Ransomware Cybercrime Antivirus Encryption

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The cybercrime group behind the attack leaked the data stolen from the victim on January 5, 2022.

Encryption

Encryption Ransomware Cybercrime Engineering

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware

Ransomware Encryption Backups Manufacturing

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.

Ransomware

Ransomware Cybercrime Malware Encryption

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

The Ukrainian national, Yaroslav Vasinskyi (24), aka Rabotnik, has been sentenced to more than 13 years in prison and must pay $16 million in restitution for conducting numerous ransomware attacks and extorting victims. Vasinskyi is a REvil ransomware affiliate since at least March 1st, 2019. in March 2022. million in U.S.

Ransomware

Ransomware Cryptocurrency Cybercrime Encryption

BlackMatter and Haron, two new ransomware gangs in the threat landscape

Security Affairs

JULY 29, 2021

The cyber threat landscape change continuously, recently two new ransomware-as-service (RaaS) operations named BlackMatter and Haron made the headlines. Recently, two new ransomware gangs, named BlackMatter and Haron, announced the beginning of the operations. “Haron ransomware was first discovered in July 2021. .

Ransomware

Ransomware Cybercrime Encryption Architecture

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. macaw extension to the file name of the encrypted files.

Ransomware

Ransomware Cybercrime Banking Encryption

Maze ransomware is going out of the business

Security Affairs

NOVEMBER 1, 2020

The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019. The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019.

Ransomware

Ransomware Cybercrime Advertising Software

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Antivirus Encryption Backups

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

Security Affairs

DECEMBER 27, 2021

A new wave of ech0raix ransomware attacks is targeting QNAP network-attached storage (NAS) devices. The threat actors behind the ech0raix ransomware are targeting NAP network-attached storage (NAS) devices. The attackers first create a user in the administrator group, then use it to encrypt the content of the NAS. and 1.0.6).”

Ransomware

Ransomware Encryption Manufacturing Hacking

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. It continues: “Prior to deploying the ransomware, Snatch threat actors were observed spending up to three months on a victim’s system.

Ransomware

Ransomware Accountability Cybercrime Backups

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch inch diskettes. inch diskettes. FBI spoofs 2012 – 2013.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. Experts from Sophos analyzed the code of Entropy ransomware employed in two distinct attacks. In 2019, the U.S.

Ransomware

Ransomware Malware Cybercrime Banking

NCSC and ICO issues strong warning to law firms against Ransomware payments

CyberSecurity Insiders

JULY 8, 2022

For the past two years, law firms have been advising all approaching clients to pay the demanded ransom to hackers to free up their data from encryption. They are also offering a guesstimate to the clients that paying a ransom in the event of ransomware attacks will turn cheaper than what they will incur in recovering data by other means.

Ransomware

Ransomware Education Cybercrime Encryption

Avaddon ransomware campaign prompts warnings from FBI, ACSC

Malwarebytes

MAY 11, 2021

Both the Australian Cyber Security Centre (ACSC) and the US Federal Bureau of Investigation (FBI) have issued warnings about an ongoing cybercrime campaign that is using Avaddon ransomware. In a separate advisory (pdf) , the ACSC says it is also aware of an ongoing ransomware campaign using the Avaddon Ransomware malware.

Ransomware

Ransomware VPN Encryption Cybercrime

Australian ACSC warns of Conti ransomware attacks against local orgs

Security Affairs

DECEMBER 10, 2021

The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks again multiple Australian organizations. The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks against multiple Australian organizations from various sectors since November. ” reads the ransomware profile.

Ransomware

Ransomware Cybercrime Encryption Malware

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

A new variant of the eCh0raix ransomware is able to target Network-Attached Storage (NAS) devices from both QNAP and Synology vendors. A newly variant of the eCh0raix ransomware is able to infect Network-Attached Storage (NAS) devices from Taiwanese vendors QNAP and Synology. ” reads the report published by Palo Alto Researchers.

Ransomware

Ransomware Encryption Firmware Passwords

BlackMatter ransomware gang is shutting down due to pressure from law enforcement

Security Affairs

NOVEMBER 3, 2021

The BlackMatter ransomware gang announced it is going to shut down its operation due to pressure from law enforcement. The BlackMatter ransomware group has announced it is shutting down its operation due to the pressure from local authorities. We wish you all success, we were glad to work.

Ransomware

Ransomware Cybercrime Healthcare Encryption

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

Last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man that is accused of distributing the infamous GandCrab ransomware. Last week, the Minister of Internal Affairs of Belarus announced the arrest of a man on charges of distributing the infamous GandCrab ransomware.

Ransomware

Ransomware Advertising Malware Hacking

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Scams

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. locked to the filename of the encrypted files.

Government

Government Ransomware Encryption Penetration Testing

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years.

Cybercrime

Cybercrime Banking Malware Ransomware

Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack

Security Affairs

JANUARY 6, 2023

The Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack in December that is still impacting medical activity. The Saint Gheorghe Recovery Hospital in Botoşani, in northeastern Romania, was hit by a ransomware attack in December that is still impacting medical operations. Pierluigi Paganini.

Ransomware

Ransomware Antivirus Media Encryption

Clop stopped? Ransomware gang loses Tesla and other treasures in police raid

Malwarebytes

JUNE 16, 2021

According to a press release issued by Ukrainian authorities, law enforcement officials also shut down infrastructure that was used to spread the cybercrime gang’s ransomware, which was first spotted in February of 2019 as a new variant of the Cryptomix family. Instead, the arrests involved money launderers, Intel 471 said.

Ransomware

Ransomware Cybercrime Cryptocurrency Encryption

Shade Ransomware gang shut down operations and releases 750K decryption keys

Security Affairs

APRIL 27, 2020

The operators behind the Shade Ransomware (Troldesh) shut down their operations and released over 750,000 decryption keys. Good news for the victims of the infamous Shade Ransomware , the operators behind the threat have shut down their operations and released over 750,000 decryption keys. txt through README10.txt, Pierluigi Paganini.

Ransomware

Ransomware Advertising Antivirus Education

World's Largest Bank ICBC Hit by Ransomware

SecureWorld News

NOVEMBER 10, 2023

The Industrial and Commercial Bank of China (ICBC), recognized as the world's largest commercial bank, has fallen victim to a ransomware attack. arm, ICBC Financial Services, experienced a ransomware attack resulting in the disruption of certain systems. and even introducing a bug bounty program to ransomware development.

Banking

Banking Ransomware Marketing Financial Services

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. The situation is better in the first half of 2019, when SonicWall recorded 4.8 The situation is better in the first half of 2019, when SonicWall recorded 4.8 billion attacks.

IoT

IoT Encryption Malware Advertising

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

Cyber security researcher Luca Mella analyzed the Makop ransomware employed in a recent intrusion. Executive summary Insights from a recent intrusion authored by Makop ransomware operators show persistence capability through dedicated.NET tools. Advanced_Port_Scanner_2.5.3869.exe

Ransomware

Ransomware Software System Administration Encryption

Toymaker giant Mattel disclosed a ransomware attack

Security Affairs

NOVEMBER 4, 2020

Toymaker giant Mattel disclosed a ransomware attack, the incident took place in July and impacted some of its business operations. Toy industry giant Mattel announced that it has suffered a ransomware attack that took place on July 28th, 2020, and impacted some of its business operations. billion in revenue for 2019.

Ransomware

Ransomware Retail Advertising Malware

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. The flash alert also includes indicators of compromise for the Netwalker ransomware along with mitigations. ” reads the alert.

Ransomware

Ransomware VPN Advertising Government

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. ” concluded ZDNet.

Ransomware

Ransomware Hacking Advertising Malware

REvil ransomware attack against MSPs and its clients around the world

SecureList

JULY 5, 2021

An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims have reportedly been compromised through a popular MSP software which led to encryption of their customers. To keep your company protected against ransomware 2.0

Ransomware

Ransomware Encryption VPN Software

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Security Affairs

JANUARY 28, 2022

Delta Electronics, a Taiwanese contractor for multiple tech giants such as Apple, Dell, HP and Tesla, was hit by Conti ransomware. Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week. SecurityAffairs – hacking, Conti ransomware). Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Ransomware Manufacturing Malware

Two DoppelPaymer Ransomware Members Arrested

SecureWorld News

MARCH 7, 2023

Police in Germany and Ukraine have arrested two suspected members of the DoppelPaymer ransomware gang, a group of cybercriminals that has been behind several high-profile attacks on critical infrastructure, health-care facilities, and governments. German authorities are aware of 37 victims of this ransomware group, all of them companies.

Ransomware

Ransomware Education Malware Encryption

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Security Affairs

OCTOBER 3, 2023

Like all ransomware, this is a type of malware that, once introduced into an organization, encrypts the data and then requires the victim to pay a ransom in order to decrypt it. ” The analyzed attack spread the ransomware Lockbit 3.0 ” The analyzed attack spread the ransomware Lockbit 3.0 Black The LockBit 3.0

Ransomware

Ransomware Encryption Technology Backups

Nemty ransomware operators launch their data leak site

Security Affairs

MARCH 3, 2020

The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. Pierluigi Paganini.

Ransomware

Ransomware Advertising Encryption Malware

Bl00dy ransomware gang started using leaked LockBit 3.0 builder in attacks

Security Affairs

SEPTEMBER 29, 2022

The recently born Bl00Dy Ransomware gang has started using the recently leaked LockBit ransomware builder in attacks in the wild. The Bl00Dy Ransomware gang is the first group that started using the recently leaked LockBit ransomware builder in attacks in the wild. Ransomware. builder to create its own ransomware.

Ransomware

Ransomware Hacking Encryption Passwords

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020.

Ransomware

Ransomware VPN Cybercrime Advertising

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The ransomware can be deployed as a

Ransomware

Ransomware Encryption Firmware Backups

US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks

Security Affairs

SEPTEMBER 22, 2021

CISA, FBI, and the NSA warned today of an escalation of the attacks of the Conti ransomware gang targeting US organizations. CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) are warning of an increased number of Conti ransomware attacks against US organizations. and international organizations.

Ransomware

Ransomware Cybercrime Authentication Healthcare

Accenture Attack Highlights Evolving Ransomware Threats

eSecurity Planet

AUGUST 12, 2021

Accenture officials are saying they staved off a ransomware attack this week by a cybercriminal ring using the LockBit malware even as the hacker group claimed to have captured data from the massive global IT and business consulting firm and has threatened to release it. Further reading: How Zero Trust Security Can Protect Against Ransomware.

Ransomware

Ransomware Backups Cybercrime Artificial Intelligence

Ukraine Detains Associates of Clop Ransomware

SecureWorld News

JUNE 17, 2021

The Ukrainian Cyberpolice Department recently detained six hackers for the use of the ransomware program known as "Clop.". The group used Clop to encrypt data on the servers of multiple American companies and universities, as well as some Korean companies. Clop used in other ransomware attacks.

Ransomware

Ransomware Cryptocurrency Encryption Retail

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. locked to the filename of the encrypted files.

Education

Education Ransomware Encryption Antivirus

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Arrest, Seizures Tied to Netwalker Ransomware

Trending Sources

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

8Base ransomware operators use a new variant of the Phobos ransomware

Ukrainian Police Nab Six Tied to CLOP Ransomware

Ukrainian REvil gang member sentenced to 13 years in prison

BlackMatter and Haron, two new ransomware gangs in the threat landscape

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Maze ransomware is going out of the business

Bitdefender released a free decryptor for the MegaCortex ransomware

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

A Closer Look at the Snatch Data Ransom Group

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

NCSC and ICO issues strong warning to law firms against Ransomware payments

Avaddon ransomware campaign prompts warnings from FBI, ACSC

Australian ACSC warns of Conti ransomware attacks against local orgs

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

BlackMatter ransomware gang is shutting down due to pressure from law enforcement

Belarussian authorities arrested GandCrab ransomware distributor

DeathRansom ransomware evolves encrypting files, but experts identified its author

CERT France – Pysa ransomware is targeting local governments

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack

Clop stopped? Ransomware gang loses Tesla and other treasures in police raid

Shade Ransomware gang shut down operations and releases 750K decryption keys

World's Largest Bank ICBC Hit by Ransomware

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Dissecting the malicious arsenal of the Makop ransomware gang

Toymaker giant Mattel disclosed a ransomware attack

FBI issued a flash alert about Netwalker ransomware attacks

Source code of Dharma ransomware now surfacing on public hacking forums

REvil ransomware attack against MSPs and its clients around the world

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Two DoppelPaymer Ransomware Members Arrested

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Nemty ransomware operators launch their data leak site

Bl00dy ransomware gang started using leaked LockBit 3.0 builder in attacks

NetWalker ransomware operators have made $25 million since March 2020

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks

Accenture Attack Highlights Evolving Ransomware Threats

Ukraine Detains Associates of Clop Ransomware

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Stay Connected