Security Affairs

FEBRUARY 7, 2022

. “On the final wizard page, you can opt-in whether you want to backup encrypted files. These backups may help if anything goes wrong during the decryption process. TargetCompany has been active since June 2021 , once encrypted a file it adds.mallox,exploit,architek, or.brg extension to the filenames of encrypted files.

Ransomware 98

Ransomware Backups Encryption Passwords 98

Security Affairs

FEBRUARY 12, 2022

and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021. Almost any sector was hit by sophisticated, high-impact ransomware attacks, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors.

Ransomware 90

Ransomware Backups Encryption Accountability 90

Security Affairs

JANUARY 16, 2022

The threat actors behind the attacks were exploiting an improper authorization vulnerability, tracked as CVE-2021-28799 , that could allow them to log in to a NAS device. “A A ransomware campaign targeting QNAP NAS began the week of April 19th, 2021. reads the security advisory published by the vendor.

Ransomware 112

Ransomware Encryption Backups Firmware 112

Security Affairs

FEBRUARY 5, 2022

The LockBit ransomware gang has been active since September 2019, in June 2021 the group announced the LockBit 2.0 enumerates system information to include hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices. Like other ransomware gangs, Lockbit 2.0

Ransomware 87

Ransomware Backups Encryption Accountability 87

Security Affairs

AUGUST 9, 2021

The Australian Cyber Security Centre (ACSC) warns of a surge of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 ransomware attacks against Australian organizations in multiple industry sectors starting July 2021.

Ransomware 111

Ransomware Retail Manufacturing Encryption 111

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Regularly back up data, password protect backup copies offline. hard drive, storage device, the cloud).

Ransomware 97

Ransomware DDOS Passwords Backups 97

Security Affairs

NOVEMBER 12, 2023

The Lorenz ransomware gang has been active since April 2021 and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransom to the victims. The group claimed to have stolen 5TB of patients’ and employee’s information, backups, PII documents, and more.

Ransomware 124

Ransomware Healthcare Encryption Cyber Attacks 124

Security Affairs

APRIL 23, 2021

(QNAP), a leading computing, networking and storage solution innovator, today issued a statement in response to recent user reports and media coverage that two types of ransomware (Qlocker and eCh0raix) are targeting QNAP NAS and encrypting users’ data for ransom. qlocker @QNAP_nas — Jack Cable (@jackhcable) April 22, 2021.

Ransomware 118

Ransomware Backups Media Malware 118

Security Affairs

FEBRUARY 26, 2022

Unit 42 attributes the malware to an APT campaign codenamed TiltedTemple (aka DEV-0322 ), threat actors also exploited the Zoho ManageEngine ADSelfService Plus vulnerability ( CVE-2021-40539 ) and ServiceDesk Plus vulnerability ( CVE-2021-44077 ). based defense contractor’s internet-facing Windows server on July 27, 2021.

Backups 90

Backups VPN Healthcare Malware 90

Security Affairs

FEBRUARY 8, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has released a script to allow them to recover encrypted VMware ESXi servers. CERT-FR reported that threat actors behind these ransomware attackers are actively exploiting the vulnerability CVE-2021-21974. Then the U.S. ” reads the description provided by the Agency.

Ransomware 87

Ransomware Encryption Backups Cybersecurity 87

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. The good news is in the latter attack the victims restored its backups.

Ransomware 96

Ransomware Passwords Backups Firmware 96

Security Affairs

NOVEMBER 8, 2021

Update November 8, 2021. The Hive gang has been active since June 2021, it implements a Ransomware-as-a-Service model and employs a wide variety of tactics, techniques, and procedures (TTPs). The Hive ransomware adds the.hive extension to the filename of encrypted files.

Computers and Electronics 112

Computers and Electronics Ransomware Retail Spyware 112

Security Affairs

AUGUST 27, 2021

Hive ransomware has been active since June 2021, it implements a Ransomware-as-a-Service model and employs a wide variety of tactics, techniques, and procedures (TTPs). In order to facilitate file encryption, the ransomware look for processes associated with backups, anti-virus/anti-spyware, and file copying and terminates them.

Ransomware 97

Ransomware Encryption Spyware Backups 97

Security Affairs

DECEMBER 25, 2021

"We desperately need a lot of money" thx @malwrhunterteam for a catch on earlier tweet pic.twitter.com/wEBNdvDlBk — Zack Allen (@teachemtechy) November 26, 2021. Upon execution, the Rook ransomware attempts to terminate processes related to security software or other application that could interfere with the encryption process.

Ransomware 116

Ransomware Malware Encryption Backups 116

Security Affairs

NOVEMBER 30, 2021

For a limited period of time, the researchers were able to determine the dimension of the botnet through sinkholing , the experts noticed that the EwDoor use a backup mechanism for its C2 and registered a backup command-and-control (C2) domain (iunno[.]se) ” reads the analysis published by Qihoo 360.

DDOS 132

DDOS Backups Engineering Encryption 132

Security Affairs

FEBRUARY 14, 2022

Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” ” reads the advisory.

Ransomware 88

Ransomware Accountability Firmware Antivirus 88

SC Magazine

MAY 25, 2021

Most cryptographers believe that the sheer power of quantum computing will be capable of tearing through many of the existing public key encryption algorithms, like RSA or Diffie-Hellman, that underpin most computer hardware and software today. It could also threaten some symmetric key algorithms, though not to nearly the same extent.

Technology 139

Technology Encryption Government Backups 139

Security Affairs

OCTOBER 24, 2021

The researchers found a vulnerability in the encryption process implemented in the BlackMatter ransomware that allowed them to recover encrypted files for free. More details can be found here: [link] — Fabian Wosar (@fwosar) October 24, 2021. BlackMatter then remotely encrypts the hosts and shared drives as they are found.

Ransomware 96

Ransomware Encryption Backups Healthcare 96

Security Affairs

JANUARY 29, 2023

Copycat Criminals mimicking Lockbit gang in northern Europe Sandworm APT targets Ukraine with new SwiftSlicer wiper ISC fixed high-severity flaws in DNS software suite BIND Patch management is crucial to protect Exchange servers, Microsoft warns Hacker accused of having stolen personal data of all Austrians and more CVE-2023-23560 flaw exposes 100 (..)

DNS 85

DNS Data breaches Hacking Backups 85

Security Affairs

SEPTEMBER 1, 2021

. “Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021.” Securing and monitoring Remote Desktop Protocol endpoints.

Ransomware 104

Ransomware Risk Encryption Passwords 104

Security Affairs

MAY 14, 2021

link] pic.twitter.com/9r5hA2CLNn — Colonial Pipeline (@Colpipe) May 13, 2021. The New York Rime reported that Colonial Pipeline paid the hackers almost $5 million worth of cryptocurrency to receive a decryption key that allowed it to restore the encrypted files. Please vote Security Affairs as Best Personal Blog [link].

Backups 86

Backups Ransomware Media Encryption 86

Security Affairs

FEBRUARY 10, 2021

The company confirmed the security breach with a series of messages on its social media channels ( Facebook and Twitter ). Important Update pic.twitter.com/PCEuhAJosR — CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021. Although some devices in our network have been encrypted, our backups remain intact.

Ransomware 89

Ransomware Encryption Backups Cyber Attacks 89

Security Affairs

FEBRUARY 10, 2023

Threat actors use various exploits of common vulnerabilities, including CVE 2021-44228 , CVE-2021-20038 , and CVE-2022-24990. threat actors use virtual private networks (VPNs) and virtual private servers (VPSs) or third-country IP addresses to hide the origin of the attacks. Gain Access [ TA0001 ].

Ransomware 80

Ransomware Healthcare Cryptocurrency Government 80

Security Affairs

MAY 25, 2021

. “I am writing to inform you that Bose Corporation, located at The Mountain Road, Framingham, MA 01701, experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across Bose’s environment. systems on March 7, 2021.” Bose first detected the malware/ransomware on Bose’s U.S.

Ransomware 117

Ransomware Malware Cyber Attacks Backups 117

Security Affairs

OCTOBER 27, 2022

DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. The experts noticed that threat actors tracked as DEV-0950 used Clop ransomware to encrypt the network of organizations previously infected with the worm.

Ransomware 95

Ransomware Malware Data collection Encryption 95

Security Affairs

SEPTEMBER 3, 2021

The three vulnerabilities used in ProxyShell attacks are: CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779 ) CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779 ) CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435 ).

Ransomware 92

Ransomware Backups Hacking Encryption 92

Security Affairs

OCTOBER 22, 2021

— Omri Segev Moyal (@GelosSnake) October 22, 2021. The New York Times reported that Colonial Pipeline paid the hackers almost $5 million worth of cryptocurrency to receive a decryption key that allowed it to restore the encrypted files. Because the tool was too slow, the company used its backups to restore the systems.

Ransomware 100

Ransomware Backups Cryptocurrency Hacking 100

CyberSecurity Insiders

DECEMBER 14, 2021

Security Advisor scans the customer’s Cohesity environment, including an array of security configurations, and considers a host of factors such as access control, audit logs, and encryption framework that are critical to protecting the security posture of the data cluster. © 2021 Cohesity, Inc.

Cyber Risk 52

Cyber Risk Ransomware Risk Backups 52

Malwarebytes

MAY 28, 2021

According to Coveware, a company that offers incident response services to organizations impacted by ransomware attacks, Conti is the second most common ransomware family that victim organizations have reported in the first quarter of 2021. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare 108

Healthcare Ransomware Encryption Passwords 108

Security Affairs

JUNE 25, 2021

It works: one of the victims has already paid over $200,000 in Bitcoin, setting a dangerous precedent of companies giving into the demands of cyber criminals to prevent a possible data leak and damage to their reputation and loss of operations due to crippled IT services after important file encryption. You can check it.

Antivirus 69

Antivirus Ransomware Backups Encryption 69

SC Magazine

MARCH 15, 2021

Information security leaders at these two districts shared their war stories last week at the K-12 Cybersecurity Leadership Symposium, hosted by the K12 Security Information Exchange (K12 SIX) – the first-ever ISAC specifically created with local school districts in mind. ” Rockford Public Schools, Illinois.

Malware 78

Malware Backups Education Ransomware 78

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. Regularly back up data, air gap, and password protect backup copies offline. Implement network segmentation.

Passwords 65

Passwords Government Firmware Accountability 65

Security Affairs

DECEMBER 5, 2021

The group resurfaced in April 2021, the malvertising campaigns targeted users in Canada, the U.S., The attackers also implemented a backup mechanism for C2, that allows to obtain a new C2 address from a Twitter search for hashtags like “#aquamamba2019” or “#ololo2019.” The json string is encrypted.

Passwords 83

Passwords Software Backups Malware 83

Security Affairs

MARCH 4, 2021

Group-IB published a report titled “Ransomware Uncovered 2020-2021 ”. Group-IB , a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware Uncovered 2020-2021 ”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. About Group-IB.

Ransomware 119

Ransomware Cybercrime Malware Marketing 119

SC Magazine

JUNE 25, 2021

The attacker first gained access to the network in November 2020, but it went undetected until April 22, 2021. Upon discovery, Prominence reset all user credentials and secured the impacted environment, launching an investigation and data restoration processes from its backup systems. To date, no instances have been found.

Ransomware 103

Ransomware Insurance Hacking Media 103

SecureList

MAY 12, 2021

To ensure that their ability to restore encrypted files would never be questioned, they cultivated an online presence, wrote press releases and generally made sure their name would be known to all potential victims. For a more detailed overview we chose two of the most noteworthy Big Game Hunting ransomware in 2021. Technical details.

Ransomware 123

Ransomware Encryption Malware Cybercrime 123

eSecurity Planet

MAY 28, 2021

We look at three RSAC 2021 sessions and some of the most daunting vulnerabilities presented by the SANS Institute, Cybersecurity and Infrastructure Security Agency (CISA), and Varonis Systems. Also Read: And the Winner of the 2021 RSA Innovation Contest is… SANS: Five dangerous new attack techniques and vulnerabilities.

Software 99

Software Firmware DNS VPN 99