Heimadal Security

NOVEMBER 2, 2021

It was in January 2021 when HelloKitty was identified as a ransomware operational group by the FBI; nevertheless, it looks like new data points to them being active since as early as November 2020. The group is well known for breaking into and encrypting CD Projekt Red‘s networks in February and claiming to have stolen […].

Ransomware 93

Ransomware Encryption DDOS Cybersecurity 93

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. Pierluigi Paganini.

Ransomware 136

Ransomware Encryption Malware Cybercrime 136

Malwarebytes

MARCH 21, 2022

The FBI has issued an advisory about the AvosLocker ransomware. AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including financial services, critical manufacturing, and government facilities. Threat profile.

Ransomware 98

Ransomware Encryption Financial Services Authentication 98

Security Affairs

DECEMBER 1, 2021

Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. ” reads the post published by Mandiant.

Ransomware 136

Ransomware Education Hacking Encryption 136

Heimadal Security

AUGUST 20, 2021

Apparently, the LockBit ransomware gang’s new technique of “hiring” employees and other insiders in order to help them breach and encrypt corporate networks more easily has opened a whole new world of opportunities for hackers.

Ransomware 105

Ransomware Encryption Cybersecurity 105

Security Affairs

JUNE 10, 2022

The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. The ransomware encrypts files on the targeted systems using the “.cuba” The ransomware encrypts files on the targeted systems using the “.cuba”

Ransomware 135

Ransomware Malware Encryption Hacking 135

Security Affairs

MAY 15, 2023

A previously unknown ransomware group known as RA Group is targeting companies in U.S. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. The researchers assess with high confidence that the group is using the leaked Babuk ransomware source code.

Ransomware 98

Ransomware Encryption Cybercrime Insurance 98

Security Affairs

APRIL 19, 2022

Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for free. The Yanluowang ransomware was first spotted by researchers from Symantec Threat Hunter Team in October 2021, the malware was used in highly targeted attacks against large enterprises.

Ransomware 101

Ransomware Encryption DDOS Malware 101

CyberSecurity Insiders

OCTOBER 19, 2021

REvil ransomware group having history of launching sophisticated cyber attacks on Kaseya software; JBS Meat and Travelex this year are experiencing strange events these days. The gang’s payment portal and data leak blog have been hacked by some other group throwing the developers into jeopardy.

Hacking 104

Hacking Ransomware Cyber Attacks Encryption 104

CyberSecurity Insiders

JANUARY 10, 2022

Ragnar Locker Ransomware, notorious hacking group that spreads file encrypting malware to large-scale organizations, has hit a security firm this time and stole data to prove it’s worth. The post Ragnar Locker Ransomware strikes a cybersecurity firm appeared first on Cybersecurity Insiders.

Ransomware 135

Ransomware Cybersecurity IoT Cryptocurrency 135

Herjavec Group

SEPTEMBER 24, 2021

Ransomware is a breakout ransomware group that became operational shortly after the shutdown of the REvil Ransomware and DarkSide Ransomware operations in late Summer 2021. Furthermore, they have openly claimed that BlackMatter is the product of reproducing the “best parts” of previous ransomware operations [1].

Ransomware 109

Ransomware Manufacturing Energy and Utilities Encryption 109

Heimadal Security

AUGUST 5, 2021

A more advanced version of the LockBit ransomware operation is deliberately looking to “hire” corporate staff members, former employees, contractors, etc in order to receive help with breaching and encrypting their organization’s systems. LockBit Ransomware 2.0 ransomware-as-a-service to the public. LockBit Ransomware 2.0

Ransomware 98

Ransomware Encryption Cybersecurity 98

Malwarebytes

MARCH 30, 2021

A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. What is PYSA ransomware? The PYSA ransomware is a variant of the Mespinoza ransomware. Files are encrypted using AES implemented with RSA-encrypted keys.

Ransomware 119

Ransomware Encryption Education Government 119

Security Affairs

MAY 12, 2023

The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021.

Ransomware 98

Ransomware Encryption Hacking Cybersecurity 98

Malwarebytes

MAY 5, 2022

After the FBS arrested 14 of its members in January, and a subsequent lull in action, the REvil ransomware gang appears to be back. When REvil’s old Tor infrastructure came back to life in April, it was modified to redirect visitors to URLs owned by a new ransomware group. REvil ransomware: a brief look back.

Ransomware 89

Ransomware Encryption Accountability Software 89

Security Affairs

MAY 13, 2023

The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks. That’s quite unusual for a ransomware campaign since many prominent gangs brag about big targets and post them as victims on their data leak sites.

Ransomware 98

Ransomware Encryption Passwords Internet 98

Security Affairs

MAY 2, 2022

The REvil ransomware gang has resumed its operations, experts found a new encryptor and a new attack infrastructure. The Russian police arrested 14 alleged members of the ransomware gang and raided 25 addresses seizing computer equipment and cryptocurrency wallets. SecurityAffairs – hacking, REvil ransomware).

Ransomware 106

Ransomware Encryption Cryptocurrency Malware 106

CyberSecurity Insiders

FEBRUARY 25, 2022

This blog was jointly written with Santiago Cortes. AT&T Alien Labs™ is writing this report about recently created ransomware malware dubbed BlackCat which was used in a January 2022 campaign against two international oil companies headquartered in Germany, Oiltanking and Mabanaft. Executive summary. Background.

Ransomware 119

Ransomware Encryption Malware Backups 119

Webroot

APRIL 21, 2021

Although cybercriminal activity throughout 2020 was as innovative as ever, some of the most noteworthy threat activity we saw came from the old familiar players, namely ransomware, business email compromise (BEC) and phishing. Ransomware. One of the newer trends we saw in ransomware was that of data extortion.

Threat Reports 104

Threat Reports Phishing Ransomware Backups 104

The Last Watchdog

MAY 5, 2022

Ransomware? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

Ransomware 247

Ransomware Risk Internet Internet 247

Cisco Security

AUGUST 11, 2021

The REvil ransomware family has been in the news due to its involvement in high-profile incidents, such as the JBS cyberattack and the Kaseya supply chain attack. The threat actors behind REvil attacks operate under a ransomware-as-a-service model. Figure 2-A desktop that has been encrypted by REvil/Sodinokibi.

Ransomware 131

Ransomware DNS Encryption Backups 131

Malwarebytes

MAY 6, 2022

The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. Onyx is a new ransomware gang based on the old Chaos builder. Ransomware attacks in April 2022. Attacks by ransomware type.

Ransomware 94

Ransomware Encryption Accountability Technology 94

Security Affairs

APRIL 27, 2023

RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems. The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider. The group threatens to ban every affiliate who does leak samples.

Encryption 98

Encryption Ransomware Malware Education 98

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. The other handle that appeared tied to Wazawaka was “Orange,” the founder of the RAMP ransomware forum. This post is an attempt to remedy that.

VPN 207

VPN Ransomware Cybercrime Accountability 207

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. It continues: “Prior to deploying the ransomware, Snatch threat actors were observed spending up to three months on a victim’s system.

Ransomware 223

Ransomware Accountability Cybercrime Backups 223

SecureWorld News

MARCH 21, 2023

Ransomware has gone through several game-changing milestones over the course of its decade-long evolution. In 2013, extortionists added encryption to their genre and started locking down victims' files instead of screens or web browsers. Encryption-less" extortion has since created ripples in the ransomware circles.

Ransomware 85

Ransomware Encryption Adware Data breaches 85

Security Affairs

JUNE 16, 2022

The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide.

Ransomware 117

Ransomware Cybercrime Malware Advertising 117

Security Boulevard

NOVEMBER 2, 2022

How to Prevent Ransomware Attacks. Ransomware attacks almost doubled during 2021 over 2020, according to Sophos State of Ransomware 2022 report, affecting 66% of businesses, up from 37%. They have also become increasingly proficient at encrypting data. The average cost of a ransomware attack is $4.54

Ransomware 98

Ransomware Backups Encryption Data breaches 98

The Last Watchdog

SEPTEMBER 7, 2022

The internet has drawn comparisons to the Wild West, making ransomware the digital incarnation of a hold-up. The technology industry has met the dramatic rise in ransomware and other cyber attacks with an impressive set of tools to help companies mitigate the risks. Ransomware usually starts with a phishing email. Prevalence.

Ransomware 124

Ransomware Education Financial Services Phishing 124

Security Boulevard

JUNE 6, 2023

The Babuk ransomware group emerged into the world of illicit activities relatively recently in 2021. Since then, they have conducted a series of high-profile ransomware attacks across various industries. The post Babuk Ransomware Group: What You Need to Know appeared first on Security Boulevard.

Ransomware 52

Ransomware Healthcare Cyber threats Encryption 52

Security Affairs

MAY 17, 2023

The US government is offering a $10M reward for Russian national Mikhail Pavlovich Matveev (30) charged for his role in ransomware attacks The US Justice Department charged Russian national Mikhail Pavlovich Matveev (30), aka Wazawaka, m1x, Boriselcin, and Uhodiransomwar, for his alleged role in multiple ransomware attacks.

Ransomware 96

Ransomware Healthcare Cybercrime Encryption 96

Security Affairs

SEPTEMBER 16, 2021

Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation that allows past victims to recover their files for free. The group asked $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware attack. The Tor leak site, the payment website “decoder[.]re”,

Ransomware 104

Ransomware Encryption Media Hacking 104

SecureWorld News

FEBRUARY 2, 2022

DeadBolt ransomware was recently used to target customers of QNAP, a Taiwanese company that produces network attached storage (NAS) devices. The attacks target a Zero-Day vulnerability that was patched in December 2021 which allows the threat actor to run arbitrary code on vulnerable devices exposed to the internet.

Ransomware 83

Ransomware Firmware Encryption Internet 83

Security Affairs

MARCH 20, 2021

Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom. Taiwanese computer giant Acer was victim of the REvil ransomware attack, the gang is demanding the payment of a $50,000,000 ransom, the largest one to date. billion in revenue.

Ransomware 143

Ransomware Hacking Computers and Electronics Malware 143

Malwarebytes

MAY 28, 2021

On the 14th of May, the Health Service Executive (HSE) , Ireland’s publicly funded healthcare system, fell victim to a Conti ransomware attack, forcing the organization to shut down more than 80,000 affected endpoints and plunging them back to the age of pen and paper. Threat profile: Conti ransomware.

Healthcare 123

Healthcare Ransomware Encryption Passwords 123

Security Boulevard

JUNE 8, 2022

Ransomware Trends Show Lockbit Most Active, New Tactics, Healthcare Hit Hard. LockBit replaced Conti as the most active ransomware gang and continued to evolve its operations in the first quarter, according to a report (PDF) from KELA Cybercrime Intelligence. Another notable Ransomware trend: new methods of intimidation.

Healthcare 52

Healthcare Ransomware Encryption Cybercrime 52

CyberSecurity Insiders

MARCH 21, 2021

The Taiwan-based company was hit by REvil ransomware, said Vital Kremez, the Intelligence CEO of the PC Giant. In what is known to our Cybersecurity Insiders, Acer’s domain servers were targeted by the group spreading REvil file encrypting malware to hackers and the malware is said to have hit the company on or before March 14th, 2021.

Ransomware 80

Ransomware Banking Encryption Threat Detection 80