2021, Backups, Cybercrime and Information Security

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime

Cybercrime Malware Backups Manufacturing

The worst cyber attacks of 2021

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? The systems at the company were infected with the Phoenix Locker, a variant of ransomware tracked as Hades that was part of the arsenal of the cybercrime group known as Evil Corp.

Cyber Attacks

Cyber Attacks Ransomware Insurance Hacking

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. FatFace CEO Liz Evans released a statement which said “ On 17th January 2021 FatFace identified some suspicious activity within its IT systems.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Personal health information of 42M Americans leaked between 2016 and 2021

Security Affairs

DECEMBER 31, 2022

Researchers from Jama Network analyzed trends in ransomware attacks on US hospitals, clinics, and health care delivery organizations between 2016 and 2021. From 2016 to 2021, the annual number of ransomware attacks passed from 43 to 91. . From 2016 to 2021, the annual number of ransomware attacks passed from 43 to 91. .

Healthcare

Healthcare Ransomware Backups Hacking

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware

Ransomware Firmware Antivirus Accountability

Security Affairs newsletter Round 392

Security Affairs

NOVEMBER 6, 2022

Cisco addressed several high-severity flaws in its products LockBit ransomware gang claims the hack of Continental automotive group 250+ U.S. Cisco addressed several high-severity flaws in its products LockBit ransomware gang claims the hack of Continental automotive group 250+ U.S.

Hacking

Hacking Ransomware Cybercrime Backups

The kingpin behind Joker’s Stash retires with a billionaire exit

Security Affairs

FEBRUARY 14, 2021

Cybercriminal behind the most prominent carding marketplace on the dark web Joker’s Stash retires, he will shut down its servers and destroy the backups. ” One month ago, Joker’s Stash announced that its operations will shut down on February 15, 2021. ” reads the article published by Forbes. Image source FlashPoint.

Cybercrime

Cybercrime Backups Hacking DNS

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

Security Affairs

NOVEMBER 5, 2021

The attacks spotted by Cisco Talos were carried out by a Babuk ransomware affiliate tracked as Tortilla that has been active since at least July 2021. 229 @58_158_177_102 @sugimu_sec pic.twitter.com/LcuNw88fOo — TG Soft (@VirITeXplorer) October 14, 2021. The ransomware maybe born from the leaked #Babuk code.

Ransomware

Ransomware Backups Encryption DNS

CISA, FBI, NSA warn of the increased globalized threat of ransomware

Security Affairs

FEBRUARY 12, 2022

and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021. Almost any sector was hit by sophisticated, high-impact ransomware attacks, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors.

Ransomware

Ransomware Backups Encryption Accountability

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

It encrypts files with the following file extensions @cherepanov74 1/3 pic.twitter.com/miyIlH1IdI — ESET research (@ESETresearch) December 21, 2021. The principle is simple, according to the authors of the malware, recent files may be more important for some victims and typically they are not included in recent backups.

Ransomware

Ransomware Encryption Backups Malware

Security Affairs newsletter Round 303

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Spyware

Spyware Backups Manufacturing Data breaches

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed it targeting organizations in the technology and manufacturing industries. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Government

Government Malware Telecommunications Cybercrime

Accenture discloses data breach after LockBit ransomware attack

Security Affairs

OCTOBER 15, 2021

IT and consulting giant Accenture confirmed a data breach after the ransomware attack conducted by LockBit operators in August 2021. Global IT consultancy giant Accenture discloses a data breach after the LockBit ransomware attack that hit the company in August 2021.

Data breaches

Data breaches Ransomware Backups Hacking

Accenture has been hit by a LockBit 2.0 ransomware attack

Security Affairs

AUGUST 11, 2021

— Cyble (@AuCyble) August 11, 2021. It is not clear how the threat actors breached the company and when the security breach took place. Accenture attempted to downplay the incident and revealed that impacted systems had been recovered using its backups. ransomware attack appeared first on Security Affairs.

Ransomware

Ransomware Backups Hacking Data breaches

JBS attack has likely a Russian origin

Security Affairs

JUNE 1, 2021

The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.” The White House said Tuesday that the cyberattack was likely originating from a cybercrime organization based in Russia. reads the press release published by the company.

Backups

Backups Cyber Attacks Ransomware Government

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Regularly back up data, password protect backup copies offline. hard drive, storage device, the cloud).

Ransomware

Ransomware DDOS Passwords Backups

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Security Affairs

AUGUST 13, 2021

The PrintNightmare flaws (tracked as ( CVE-2021-1675 , CVE-2021-34527 , and CVE-2021-36958 ) reside in the Windows Print Spooler service, print drivers, and the Windows Point and Print feature. The targeting of backups to prevent recovery following ransomware deployment.

Ransomware

Ransomware Backups Education Malware

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Security Affairs

JULY 29, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. Around November 2021, DEV-0243 started to deploy the LockBit 2.0

Malware

Malware Backups Manufacturing Accountability

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

In October 2022, the malware was used in post-compromise activity attributed to another actor, DEV-0950 (which overlaps with FIN11 / TA505 cybercrime gang). The malware uses TOR exit nodes as a backup C2 infrastructure. The DEV-0950 attacks led to the deployment of the Cobalt Strike beacon.

Ransomware

Ransomware Malware Data collection Encryption

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

. — Shane Huntley (@ShaneHuntley) December 7, 2021. Google researchers believe that the operators of Glupteba botnet will likely attempt to regain control of the malicious infrastructure by using the C2 backup mechanism that leverages the Bitcoin blockchain. ” reads the post published by Google.

Backups

Backups Advertising Accountability Malware

Ransomware attack disrupted store operations in the Netherlands and Germany

Security Affairs

NOVEMBER 8, 2021

Update November 8, 2021. The Hive gang has been active since June 2021, it implements a Ransomware-as-a-Service model and employs a wide variety of tactics, techniques, and procedures (TTPs). The Hive ransomware adds the.hive extension to the filename of encrypted files.

Computers and Electronics

Computers and Electronics Ransomware Retail Spyware

Security Affairs newsletter Round 398 by Pierluigi Paganini

Security Affairs

DECEMBER 18, 2022

years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M Samba addressed multiple high-severity vulnerabilities Former Twitter employee sentenced to 3.5

Data breaches

Data breaches Hacking DDOS VPN

Microsoft: Raspberry Robin worm already infected hundreds of networks

Security Affairs

JULY 3, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Manufacturing

Manufacturing Malware Backups Technology

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed it targeting organizations in the technology and manufacturing industries. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Government

Government Malware Telecommunications Cybercrime

Security Affairs newsletter Round 404 by Pierluigi Paganini

Security Affairs

JANUARY 29, 2023

Copycat Criminals mimicking Lockbit gang in northern Europe Sandworm APT targets Ukraine with new SwiftSlicer wiper ISC fixed high-severity flaws in DNS software suite BIND Patch management is crucial to protect Exchange servers, Microsoft warns Hacker accused of having stolen personal data of all Austrians and more CVE-2023-23560 flaw exposes 100 (..)

DNS

DNS Data breaches Hacking Backups

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” ” reads the advisory.

Ransomware

Ransomware Accountability Firmware Antivirus

Emsisoft created a free decryptor for past victims of the BlackMatter ransomware

Security Affairs

OCTOBER 24, 2021

The decrypter only allows decrypting files encrypted with BlackMatter versions used gang between mid-July and late-September 2021 , the most recent version of the ransomware addressed the issue. More details can be found here: [link] — Fabian Wosar (@fwosar) October 24, 2021. Pierluigi Paganini.

Ransomware

Ransomware Encryption Backups Healthcare

REvil ransomware operation shuts down once again

Security Affairs

OCTOBER 18, 2021

???????????????????? (@ddd1ms) October 17, 2021. "Good luck everyone, I'm off" – 0_neday Intel courtesy of @ddd1ms pic.twitter.com/cKvev4uDu5 — vx-underground (@vxunderground) October 17, 2021. The third party has backups with onion service keys,” wrote ‘0_neday’ on the hacking forum.

Ransomware

Ransomware Hacking Backups Media

Ransomware attack on food giant Dole Food Company blocked North America production

Security Affairs

FEBRUARY 26, 2023

Dole reported 2021 revenues of $6.5 “Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole’s internal teams to remediate the issue and secure systems.” ” reads a notice published by the company.

Ransomware

Ransomware Backups Cyber Attacks Hacking

Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%

Security Affairs

MARCH 4, 2021

Group-IB published a report titled “Ransomware Uncovered 2020-2021 ”. Group-IB , a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware Uncovered 2020-2021 ”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. Mortal Combo: most common TTPs.

Ransomware

Ransomware Cybercrime Malware Marketing

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Security Affairs

SEPTEMBER 1, 2021

. “Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021.” Securing and monitoring Remote Desktop Protocol endpoints.

Ransomware

Ransomware Risk Encryption Passwords

Raspberry Robin spreads via removable USB devices

Security Affairs

MAY 7, 2022

“Raspberry Robin is Red Canary’s name for a cluster of activity we first observed in September 2021 involving a worm that is often installed via USB drive.” The malware uses TOR exit nodes as a backup C2 infrastructure. ” reads the advisory published by Red Canary.

Malware

Malware Backups Manufacturing Hacking

The ultimate guide to Cyber risk management

CyberSecurity Insiders

FEBRUARY 2, 2022

Ambitious information security experts serve as a critical part of cyber risk management. The corporation is responsible for structuring IT and information security activities to protect its data resources, such as hardware, software, and procedures. Information. Traditional Components. SecSDLC Components.

Cyber Risk

Cyber Risk Risk Architecture Identity Theft

US CISA releases a script to recover servers infected with ESXiArgs ransomware

Security Affairs

FEBRUARY 8, 2023

CERT-FR reported that threat actors behind these ransomware attackers are actively exploiting the vulnerability CVE-2021-21974. As usual, every time we attempt to recover files encrypted by ransomware it is a good practice to create a backup of the server. Experts noticed that only a few thousand systems were encrypted worldwide.

Ransomware

Ransomware Encryption Backups Cybersecurity

The FBI issued a flash alert for Hive ransomware operations

Security Affairs

AUGUST 27, 2021

Hive ransomware has been active since June 2021, it implements a Ransomware-as-a-Service model and employs a wide variety of tactics, techniques, and procedures (TTPs). In order to facilitate file encryption, the ransomware look for processes associated with backups, anti-virus/anti-spyware, and file copying and terminates them.

Ransomware

Ransomware Encryption Spyware Backups

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Security Affairs

JULY 9, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Malware

Malware Manufacturing Backups Technology

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

Krebs on Security One of the best cybersecurity blogs offering unique insights. Their main focus is on cybercrime investigations. Threat Post Threat Post is a portal, with news about everything related to recurring cybersecurity themes: attacks, cloud security, malware and ransomware, vulnerabilities, and so on.

Cybersecurity

Cybersecurity IoT Antivirus Education

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

— Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022. The botnet has been active since at least the end of 2020, but its activity was documented in April 2021 by multiple security researchers. The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers.

Security Intelligence

Security Intelligence Malware Architecture Backups

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

There is, of course, a documented porosity between the ransomware ecosystem and other cybercrime domains such as carding or point-of-sale (PoS) hacking. But it is worth pointing out that not all members of this ecosystem originate from the cybercrime underworld. REvil operators have demanded the highest ransoms in 2021.

Ransomware

Ransomware Encryption Malware Cybercrime

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

According to Coveware, a company that offers incident response services to organizations impacted by ransomware attacks, Conti is the second most common ransomware family that victim organizations have reported in the first quarter of 2021. Focus on cyber security awareness and training. Adversary profile: Wizard Spider.

Healthcare

Healthcare Ransomware Encryption Passwords

Bitdefender releases Universal LockerGoga ransomware decryptor

Security Affairs

SEPTEMBER 17, 2022

The decryptor has the “backup files” feature, enabled by default that could be used in case there will be any problem with the decryption process. The ransomware gang was dismantled in October 2021 with the arrest of its operators and the seizure of the systems containing the master private keys used in the encryption process.

Ransomware

Ransomware Encryption Backups Cybercrime

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Security Affairs

JANUARY 25, 2021

The researcher Rajshekhar Rajaharia analyzed the leaked data, it is a MongoDB database of 6GB that contains three backup files with BuyUcoin data. Again didn't informed to affected users by company. Story – [link] #InfoSec pic.twitter.com/1xFOtLcd8F — Rajshekhar Rajaharia (@rajaharia) January 21, 2021.

Cryptocurrency

Cryptocurrency Hacking InfoSec Data breaches

10 Top Ways: Building an Effective Cybersecurity Awareness Campaign

SecureWorld News

OCTOBER 27, 2021

If these things are true, how do we share information with others in a way that is proven to work and create a culture of security? Security awareness and how you talk about cybersecurity. Liebes points out that annual cybercrime losses, including unreported crimes, could total $380 billion. The reasons for that may vary.

Cybersecurity

Cybersecurity Cybercrime Security Awareness Education

A man has been charged with a cyber attack on the Discovery Bay water treatment facility

Security Affairs

JULY 7, 2023

Then, in January of 2021, after Gallo had resigned from Company A, he allegedly accessed the facility’s computer system remotely and transmitted a command to uninstall software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including water pressure, filtration, and chemical levels.”

Cyber Attacks

Cyber Attacks Ransomware Software Backups

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

The worst cyber attacks of 2021

Webinars

Trending Sources

Cyber Security Roundup for April 2021

Webinars

Personal health information of 42M Americans leaked between 2016 and 2021

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs newsletter Round 392

The kingpin behind Joker’s Stash retires with a billionaire exit

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

CISA, FBI, NSA warn of the increased globalized threat of ransomware

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs newsletter Round 303

Raspberry Robin malware used in attacks against Telecom and Governments

Accenture discloses data breach after LockBit ransomware attack

Accenture has been hit by a LockBit 2.0 ransomware attack

JBS attack has likely a Russian origin

Avoslocker ransomware gang targets US critical infrastructure

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Google disrupts the Glupteba botnet

Ransomware attack disrupted store operations in the Netherlands and Germany

Security Affairs newsletter Round 398 by Pierluigi Paganini

Microsoft: Raspberry Robin worm already infected hundreds of networks

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs newsletter Round 404 by Pierluigi Paganini

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Emsisoft created a free decryptor for past victims of the BlackMatter ransomware

REvil ransomware operation shuts down once again

Ransomware attack on food giant Dole Food Company blocked North America production

Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Raspberry Robin spreads via removable USB devices

The ultimate guide to Cyber risk management

US CISA releases a script to recover servers infected with ESXiArgs ransomware

The FBI issued a flash alert for Hive ransomware operations

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

15 Best Cybersecurity Blogs To Read

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Ransomware world in 2021: who, how and why

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Bitdefender releases Universal LockerGoga ransomware decryptor

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

10 Top Ways: Building an Effective Cybersecurity Awareness Campaign

A man has been charged with a cyber attack on the Discovery Bay water treatment facility

Stay Connected