2020, Encryption and Government - Cyber Security Informer

Authorities released free decryptor for Phobos and 8base ransomware

Security Affairs

JULY 18, 2025

NoMoreRansom warns users to remove the malware first with a reliable antivirus before using the decryptor, or files may be re-encrypted repeatedly. In 2023, 8Base emerged from Phobos affiliates, using a modified encryptor and double extortion—encrypting and stealing data to force ransom payments.

Ransomware

Ransomware Encryption Malware Cybercrime

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom.

Cybercrime

Cybercrime Ransomware Healthcare Hacking

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Security Affairs

APRIL 30, 2025

PRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978 , Tropical Scorpius , UNC2596 ), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities.

Encryption

Encryption Ransomware Malware Phishing

Recent Cyber Attacks: Trends, Tactics, and Countermeasures

Hacker's King

DECEMBER 16, 2024

In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. These attacks often involve encrypting data and demanding a ransom for its decryption. Understanding the recent trends, tactics, and effective countermeasures is crucial for anyone concerned about cybersecurity.

Cyber Attacks

Cyber Attacks Phishing Penetration Testing Healthcare

Operation SyncHole: Lazarus APT goes back to the well

SecureList

APRIL 23, 2025

In the South Korean internet environment, the online banking and government websites require the installation of particular security software to support functions such as anti-keylogging and certificate-based digital signatures. The malware receives an RSA public key from the C2 and encrypts a randomly generated AES key using the public key.

Malware

Malware Software Encryption Internet

APT trends report Q3 2024

SecureList

NOVEMBER 28, 2024

However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform. The secure USB drive was developed by a government entity in Southeast Asia to securely store and transfer files between machines in sensitive environments.

Malware

Malware Government Software Spyware

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

VPN Infrastructures Allure for Threat Actors PNs have become a fundamental part of network security for organizations worldwide, enabling secure remote access to systems, encrypting sensitive data during transmission, and protecting internal networks from unauthorized access. Rated CVSS 9.8,

VPN

VPN Authentication Ransomware Risk

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SecureList

OCTOBER 15, 2024

Its primary targets have been military and government entities in Pakistan, Sri Lanka, China and Nepal. APP_DLL_URL URL used to download the encrypted payload. The library acts as a loader that retrieves an encrypted payload dropped by ModuleInstaller, decrypts it and loads it in memory.

Malware

Malware Architecture Encryption Phishing

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. The malware stole data and encrypted files to block remediation attempts.

Firewall

Firewall Hacking Malware Passwords

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Security Boulevard

APRIL 18, 2025

government is aligning two foundational privacy and cybersecurity frameworks. NIST first published the PFW in 2020, with the goal of helping organizations mitigate the privacy risks associated with the processing of personal data in their computer systems. Use modern encryption standards. This week, the U.S.

Risk

Risk Cybersecurity Data privacy Software

GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

SecureList

JULY 17, 2025

In a recent incident response (IR) case, we discovered highly customized malware targeting Exchange infrastructure within government environments. We suspect that the vulnerability exploited in the Exchange attack may be related to CVE-2020-0688. The module accepts the following socket communication commands.

Malware

Malware Encryption Government Architecture

Trump Revenge Tour Targets Cyber Leaders, Elections

Krebs on Security

APRIL 14, 2025

President Trump last week revoked security clearances for Chris Krebs , the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. telecommunications providers.

Government

Government Cybersecurity Risk Telecommunications

DOGE to Fired CISA Staff: Email Us Your Personal Data

Krebs on Security

MARCH 19, 2025

In security terms, that’s the equivalent of encrypting sensitive data while also attaching the secret key needed to view the information. government employees. government employees. If a foreign government had known even part of his name from a list of confirmed CIA officers, his cover would have been blown.”

Government

Government Passwords Cybersecurity Risk

Incident response analyst report 2020

SecureList

SEPTEMBER 13, 2021

The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. In 2020, the pandemic forced companies to restructure their information security practices, accommodating a work-from-home (WFH) approach. Geography of incident responses by region, 2020.

Social Engineering

Social Engineering Healthcare Ransomware Government

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

MARCH 17, 2020

Encryption is a cornerstone of digital commerce. Related: A ‘homomorphic-like’ encryption solution We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. PKI is the authentication and encryption framework on which the Internet is built.

Encryption

Encryption Authentication IoT Internet

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection. 10, 2020, Citrix disclosed additional details about the incident. But in a letter sent to affected individuals dated Feb. 13, 2018 and Mar.

VPN

VPN Passwords Telecommunications Software

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

The Last Watchdog

APRIL 1, 2020

Related: What we’ve learned from the massive breach of Capitol At RSA 2020 , I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier. A robust data archiving strategy puts data into tiers, Lahiri says.

Government

Government Cybersecurity CSO Banking

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

Malwarebytes

JUNE 1, 2021

The group conducts cyber espionage operations to target government entities mainly in South Korea. On December 2020, KISA (Korean Internet & Security Agency) provided a detailed analysis about the phishing infrastructure and TTPs used by Kimsuky to target South Korea. Victimology. One of the lures used by Kimsuky named “???

Government

Government Phishing Encryption Media

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments. Shouting “Glory for Ukraine,” the Contileaks account has since published additional Conti employee conversations from June 22, 2020 to Nov. 22, 2020, the U.S.

Ransomware

Ransomware Healthcare Cybercrime Government

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. A new report (PDF) from the Labor Department’s Office of Inspector General (OIG) found that from March through October of 2020, some $3.5

Scams

Scams DDOS Insurance Authentication

Russia-linked Turla APT hacked European government organization

Security Affairs

OCTOBER 29, 2020

Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization.

Government

Government Hacking Advertising Encryption

Encrypted messaging service eavesdropped on by police, users arrested

Malwarebytes

FEBRUARY 7, 2023

After eavesdropping on yet another encrypted messaging service for five months, law enforcement agencies decided to shut down the service that was popular among members of organized crime groups. Exclu Exclu was an app marketed as an end-to-end-encrypted messaging service and users paid €500 (roughly $540) for three months' use.

Encryption

Encryption VPN Marketing Government

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. The APT group was discovered in June 2022 by Kaspersky which linked it to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. Is it linked to ToddyCat APT?

Government

Government Encryption Phishing Malware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Hacking

Hacking Ransomware Banking Accountability

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Government

Government Malware Phishing Education

How to Stop Local Governments From Being Attractive Cyber Attack Targets

CyberSecurity Insiders

AUGUST 17, 2022

For some time, many local government officials did not recognize the risk of behaviors in which they were engaged. Then, 2020 happened and much of that changed. The Texas attack showed that what once was thought to be a big city problem is leaving every local government vulnerable, and attacks are on the rise.

Government

Government Cyber Attacks Backups Risk

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

AUGUST 19, 2021

billion in 2020. ransomware-as-a-service gang actually includes a solicitation for insiders in the desktop wallpaper left behind on systems encrypted with the malware. – Government entities. Image: FBI. For example, the Lockbit 2.0 “Would you like to earn millions of dollars? – Canada. – Australia.

Ransomware

Ransomware Social Engineering Cybercrime Scams

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. Among those was the encrypted messaging app Signal , which said the breach could have let attackers re-register the phone number on another device for about 1,900 users. On July 28 and again on Aug.

Social Engineering

Social Engineering Cybercrime Mobile Phishing

Anton’s Security Blog Quarterly Q1 2022

Anton on Security

MARCH 3, 2022

Skills, Not Tiers”” “Beware: Clown-grade SOCs Still Abound” “Revisiting the Visibility Triad for 2020” “Why is Threat Detection Hard?” “A 2020 Anton’s Security Blog Quarterly Q1 2022 was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

Cloud Migration

Cloud Migration Threat Detection Encryption Engineering

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

and foreign government organizations. and foreign government organizations. “As of June 2020, the FBI has received notifications of Netwalker ransomware attacks on U.S. and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors.”

Ransomware

Ransomware VPN Government Advertising

Iranian hacking group caught spreading ransomware

CyberSecurity Insiders

MAY 12, 2022

The Advanced Persistent Group (APT) group linked to another Tehran-based threat activists group dubbed Cobalt Illusion APT35 is seen distributing file-encrypting malware that straightly wipes out files if the victim cannot pay the ransom on time. Note- Ransomware is a kind of malware that encrypts a database until a ransom is paid.

Hacking

Hacking Ransomware Encryption Government

Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M

Krebs on Security

OCTOBER 7, 2020

According to the Organized Crime and Corruption Reporting Project , “illicit trafficking of tobacco is a multibillion-dollar business today, fueling organized crime and corruption [and] robbing governments of needed tax money. government to secure Davies’ extradition, but he appears to have slipped away once again.

Banking

Banking Scams Government Advertising

US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware

Security Affairs

JANUARY 30, 2020

The popular US government contractor Electronic Warfare Associates (EWA) has suffered a ransomware attack , the news was reported by ZDNet. L ast week, the US government contractor Electronic Warfare Associates (EWA) has suffered a ransomware attack that also infected its web servers. EWA Technologies Inc.,

Ransomware

Ransomware Government Advertising Encryption

Bank of Seychelles hit by a ransomware attack

Security Affairs

SEPTEMBER 12, 2020

DBS is a joint venture by the Seychelles government and some shareholders including Bank, Caisse Francaise de Cooperation, European Investment Bank, DEG, Standard Chartered Bank, and Barclays Bank. . DBS bought back Barclays’ share and Government purchased the shares of DEG, hence, increasing its shareholding to 60.50%.

Banking

Banking Ransomware Government Advertising

Tyler Technologies finally paid the ransom to receive the decryption key

Security Affairs

OCTOBER 11, 2020

Tyler Technologies has finally decided to paid a ransom to obtain a decryption key and recover files encrypted in a recent ransomware attack. In June 2020, the same ransomware was employed in an attack on the Texas Department of Transportation , in September it infected the systems at the IPG Photonics high-performance laser developer.

Technology

Technology Ransomware Encryption Advertising

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it. It was this first time that the operators adopted this tactic.

Ransomware

Ransomware Encryption Antivirus Architecture

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

SFile ransomware (aka Escal), has been active since 2020 , it was observed targeting only Windows systems. Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. “The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption.

Ransomware

Ransomware Encryption Backups Malware

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

FEBRUARY 16, 2021

In another news related to cyber attack, France Cyber Security authorities have detected that the United States SolarWinds cyber attack could have been launched on its infrastructure in 2017 that remained undetected till 2020 or until security firm FireEye revealed it to the world.

Cyber Attacks

Cyber Attacks Insurance Backups Encryption

Coronavirus-themed campaign delivers a new variant of Netwalker Ransomware

Security Affairs

MARCH 23, 2020

Netwalker was recently employed is several attacks against businesses and government agencies, including Toll Group and the Champaign Urbana Public Health District (CHUPD) (Illinois) attacks. Upon the execution of the script, the executable is saved to %Temp%qeSw.exe and launched to start the encryption of the files.

Ransomware

Ransomware Phishing Advertising Encryption

Ransomware Attack on Northern Rail UK

CyberSecurity Insiders

JULY 19, 2021

News is out that the file encrypting malware has targeted over 600 touch screen units that were installed at a cost of £17 million across 420 trail stations in the North of England. Arriva Rail North was the earlier owner of Northern till Feb 2020 and from March of the same year the train service operations were taken over by the government.

Ransomware

Ransomware Government Encryption Malware

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Healthcare

Healthcare Ransomware Phishing Government

Authorities released free decryptor for Phobos and 8base ransomware

Russian Phobos ransomware operator faces cybercrime charges

Trending Sources

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Recent Cyber Attacks: Trends, Tactics, and Countermeasures

Operation SyncHole: Lazarus APT goes back to the well

APT trends report Q3 2024

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Beyond the Surface: the evolution and expansion of the SideWinder APT group

Chinese national charged for hacking thousands of Sophos firewalls

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

Trump Revenge Tour Targets Cyber Leaders, Elections

DOGE to Fired CISA Staff: Email Us Your Personal Data

Incident response analyst report 2020

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

Hackers Were Inside Citrix for Five Months

NetWalker ransomware operators have made $25 million since March 2020

APT hacked a US municipal government via an unpatched Fortinet VPN

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

Conti Ransomware Group Diaries, Part I: Evasion

How $100M in Jobless Claims Went to Inmates

Russia-linked Turla APT hacked European government organization

Encrypted messaging service eavesdropped on by police, users arrested

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

How to Stop Local Governments From Being Attractive Cyber Attack Targets

Wanted: Disgruntled Employees to Deploy Ransomware

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Anton’s Security Blog Quarterly Q1 2022

FBI issued a flash alert about Netwalker ransomware attacks

Iranian hacking group caught spreading ransomware

Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M

US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware

Bank of Seychelles hit by a ransomware attack

Tyler Technologies finally paid the ransom to receive the decryption key

Akira ransomware received $42M in ransom payments from over 250 victims

Experts warn of attacks using a new Linux variant of SFile ransomware

Cyber Attack news headlines trending on Google

Coronavirus-themed campaign delivers a new variant of Netwalker Ransomware

Ransomware Attack on Northern Rail UK

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Stay Connected