2019, Encryption, Hacking and Malware - Cyber Security Informer

Patch Tuesday, December 2019 Edition

Krebs on Security

DECEMBER 10, 2019

The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks. It is very likely this is being exploited in the wild.”

Backups

Backups Software Malware Marketing

New Reductor Nation-State Malware Compromises TLS

Schneier on Security

OCTOBER 10, 2019

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. Based on these similarities, we're quite sure the new malware was developed by the COMPfun authors. The COMpfun malware was initially documented by G-DATA in 2014. We identified targets in Russia and Belarus. [.].

Malware

Malware Engineering Encryption Hacking

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware

Malware Encryption Telecommunications Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 The situation is better in the first half of 2019, when SonicWall recorded 4.8 billion attacks.

IoT

IoT Encryption Malware Advertising

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.

Encryption

Encryption Ransomware Malware Hacking

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware

Ransomware Hacking Encryption Malware

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps. ” states a post published by the experts.

Malware

Malware Mobile Spyware Encryption

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Below are the job descriptions used to recruit the hackers.

Accountability

Accountability Malware Phishing Social Engineering

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

MARCH 20, 2021

Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 financial spreadsheets, bank documents and communications) as proof of the hack. SecurityAffairs – hacking, ransoware). billion in revenue. Source LeMagIT.

Ransomware

Ransomware Hacking Computers and Electronics Malware

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware

Ransomware Encryption Backups Manufacturing

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

FEBRUARY 2, 2021

Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks. Pierluigi Paganini.

Encryption

Encryption Ransomware System Administration Hacking

xHelper Malware for Android

Schneier on Security

NOVEMBER 8, 2019

From Symantec : We first began seeing Xhelper apps in March 2019. Back then, the malware's code was relatively simple, and its main function was visiting advertisement pages for monetization purposes. We strongly believe that the malware's source code is still a work in progress. It's a weird piece of malware.

Malware

Malware Advertising Encryption Hacking

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes.

Malware

Malware Encryption Antivirus Passwords

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Ragnar Locker ransomware gang advertises Campari hack on Facebook

Security Affairs

NOVEMBER 11, 2020

In November 2019, ransomware operators have started adopting a new double-extortion strategy first used by the Maze gang that sees threat actors also stealing unencrypted files before encrypting infected systems. 3 that its computer systems had been sidelined by a malware attack.” 9, on Facebook. . 9, on Facebook.

Advertising

Advertising Hacking Ransomware Accountability

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.

Malware

Malware Firmware Advertising Manufacturing

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. SecurityAffairs – hacking, PoS malware).

Malware

Malware Architecture Passwords Software

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

The MegaCortex ransomware first appeared on the threat landscape in May 2019 when it was spotted by security experts at Sophos. The experts noticed that in MegaCortex attacks other malware like Emotet and Qbot (aka Qakbot) were present in the same network. For encryption with MegaCortex V1 (the encrypted files have the “.aes128ctr”

Ransomware

Ransomware Antivirus Encryption Backups

Ryuk Ransomware evolution avoid encrypting Linux folders

Security Affairs

DECEMBER 26, 2019

Experts spotted a new strain of the Ryuk Ransomware that was developed to avoid encrypting folders commonly seen in *NIX operating systems. The popular malware researcher Vitali Kremez that analyzed the sample involved in the attack discovered a new feature implemented in this new variant of malware. Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Advertising

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. SecurityAffairs – Dharma ransomware, malware). Pierluigi Paganini.

Ransomware

Ransomware Hacking Advertising Malware

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. In a first stage it allocates the memory space where to copy the encrypted data and whose content is executed by the packer.

Ransomware

Ransomware Malware Cybercrime Banking

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users of a large e-commerce platform in Latin America with malware tracked as Chaes.

Phishing

Phishing Malware Cryptocurrency Information Security

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. Custom Ragnar Locker ransom note (Source: Sophos).

Encryption

Encryption Ransomware Energy and Utilities Advertising

Catch Hospitality Group discloses PoS malware infection at its restaurants

Security Affairs

NOVEMBER 23, 2019

The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain. Pierluigi Paganini.

Malware

Malware Data breaches Advertising Encryption

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

Security Affairs

DECEMBER 27, 2021

At this time, it is not clear how threat actors compromised the QNAP devices, some users claim that attackers exploited a flaw in the Photo Station software to hack them. The attackers first create a user in the administrator group, then use it to encrypt the content of the NAS. SecurityAffairs – hacking, ech0raix). and 1.0.6).”

Ransomware

Ransomware Encryption Manufacturing Hacking

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

Nemty Ransomware, a new malware appears in the threat landscape

Security Affairs

AUGUST 26, 2019

A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes their shadow copies to make in impossible any recovery procedure. SecurityAffairs – Nemty ransomware, hacking).

Ransomware

Ransomware Malware Antivirus Encryption

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /.

Ransomware

Ransomware Cybercrime Malware Encryption

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Security Affairs

OCTOBER 3, 2023

Like all ransomware, this is a type of malware that, once introduced into an organization, encrypts the data and then requires the victim to pay a ransom in order to decrypt it. Encrypted file structure ransomware BlackCat / ALPHV: [ORIGINAL_FILENAME].[ORIGINAL_extension].specific/different Black The LockBit 3.0

Ransomware

Ransomware Encryption Technology Backups

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” continues the analysis.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. ” reads a blog post published by Stone.

Surveillance

Surveillance Advertising Marketing Encryption

Zeppelin ransomware gang is back after a temporary pause

Security Affairs

MAY 24, 2021

Zeppelin ransomware first appeared on the threat landscape in November 2019 when experts from BlackBerry Cylance found a new variant of the Vega RaaS, dubbed Zeppelin. Last month experts spotted a new variant of the ransomware on a hacker forum allowing buyers to opt how to use the malware. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Encryption Malware Healthcare

Currency Exchange Company Travelex Hit By Ransomware Attack

Adam Levin

JANUARY 9, 2020

To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. This strain of ransomware was used in many of 2019’s most newsworthy ransomware campaigns, including concurrent attacks on 22 Texas municipalities.

Ransomware

Ransomware Encryption Insurance VPN

Chip maker Advantech hit by Conti ransomware gang

Security Affairs

NOVEMBER 28, 2020

The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files. billion in 2019. SecurityAffairs – hacking, Advantech).

Ransomware

Ransomware Encryption IoT Malware

STOP ransomware encrypts files and steals victim’s data

Security Affairs

MARCH 11, 2019

The STOP Ransomware was first spotted in January when he was being distributed by fake software cracks in January, The popular malware researcher Michael Gillespie observed that some recent variants of the ransomare were generating traffic to infrastructure previously associated with the Azorul infection. exe and executed it. .

Encryption

Encryption Ransomware Cryptocurrency Passwords

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ” continues the report. .

Encryption

Encryption Ransomware Malware Scams

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. The backdoor unpacking process is composed of several stages, the second-stage malicious code is stored inside the malware PE file. Pierluigi Paganini.

Telecommunications

Telecommunications Manufacturing Malware Education

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Security Affairs

JULY 28, 2019

According to a report published by cyber security firm Sixgill data for over 23 million payment card were on offer in underground forums in the first half of 2019. . The following graph shows that three trading posts accounted for 64 percent of the cards on offer during the first half of 2019. . AMEX accounted for 12 percent. .

eCommerce

eCommerce Marketing Advertising Retail

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Experts at cyber security firm Cypher conducted a study on Portuguese domains during 2019 and concluded that Emotet and Ryuk were the most active threats. Emotet , the most widespread malware worldwide and Ryuk , a ransomware type, are growing threats and real concerns for businesses and internet users in 2020. Pierluigi Paganini.

Malware

Malware Retail Advertising Antivirus

Developer hacked back Muhstik ransomware crew and released keys

Security Affairs

OCTOBER 8, 2019

One of the victims of the Muhstik ransomware gang who initially paid the ransomware, decided to hack back the crooks and released their decryption keys. The expert hacked the server used by the Muhstik ransomware gang and released the decryption keys for all the victims of the group. SecurityAffairs – Muhstik ransomware, hacking).

Hacking

Hacking Ransomware Advertising Passwords

The Malwarebytes 2021 State of Malware report: Lock and Code S02E04

Malwarebytes

MARCH 15, 2021

In addition, we tune in to a special presentation from Adam Kujawa about the 2021 State of Malware report , which analyzed the top cybercrime goals of 2020 amidst the global pandemic. After all, malware detections for both consumers and businesses decreased in 2020 compared to 2019. Other cybersecurity news.

Malware

Malware VPN Cybercrime Encryption

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

The Operation CuckooBees had been operating under the radar since at least 2019, threat actors conducted multiple attacks to steal intellectual property and other sensitive data from victims. Symantec observed the attackers deploying a custom malware called Spyder Loader on the target networks. SecurityAffairs – hacking, APT41).

Malware

Malware Encryption Manufacturing Hacking

Patch Tuesday, December 2019 Edition

New Reductor Nation-State Malware Compromises TLS

Webinars

Trending Sources

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Webinars

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

The source code of the Paradise Ransomware was leaked on XSS hacking forum

New enhanced Joker Malware samples appear in the threat landscape

YouTube creators’ accounts hijacked with cookie-stealing malware

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

8Base ransomware operators use a new variant of the Phobos ransomware

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

xHelper Malware for Android

Ezuri memory loader used in Linux and Windows malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Ragnar Locker ransomware gang advertises Campari hack on Facebook

QSnatch malware infected over 62,000 QNAP NAS Devices

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Bitdefender released a free decryptor for the MegaCortex ransomware

Ryuk Ransomware evolution avoid encrypting Linux folders

Source code of Dharma ransomware now surfacing on public hacking forums

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Ragnar Ransomware encrypts files from virtual machines to evade detection

Catch Hospitality Group discloses PoS malware infection at its restaurants

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

QNAP urges users to update Malware Remover after QSnatch joint alert

Two PoS Malware used to steal data from more than 167,000 credit cards

Nemty Ransomware, a new malware appears in the threat landscape

Ukrainian Police Nab Six Tied to CLOP Ransomware

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Raccoon Malware, a success case in the cybercrime ecosystem

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Zeppelin ransomware gang is back after a temporary pause

Currency Exchange Company Travelex Hit By Ransomware Attack

Chip maker Advantech hit by Conti ransomware gang

STOP ransomware encrypts files and steals victim’s data

DeathRansom ransomware evolves encrypting files, but experts identified its author

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Report: Threat of Emotet and Ryuk

Developer hacked back Muhstik ransomware crew and released keys

The Malwarebytes 2021 State of Malware report: Lock and Code S02E04

China-linked APT41 group targets Hong Kong with Spyder Loader

Stay Connected