Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption 98

Encryption Malware Banking Ransomware 98

Security Affairs

MAY 2, 2024

In November 2021, the US Department of Justice charged Vasinskyi, REvil ransomware affiliate, for orchestrating the ransomware attacks on Kaseya MSP platform that took place on July 4, 2021. victims, and we are disrupting the broader cybercrime ecosystem.” ” reads the press release published by DoJ.

Ransomware 94

Ransomware Cryptocurrency Cybercrime Encryption 94

Security Affairs

FEBRUARY 23, 2021

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11.

Cybercrime 85

Cybercrime Software Ransomware Cyber Attacks 85

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing 108

Phishing Advertising Cryptocurrency Encryption 108

Security Affairs

DECEMBER 18, 2023

Some info stealers may use encryption techniques to hide their communication with command-and-control servers, making it more challenging for security systems to detect malicious activities. Illegal activities : Accessing someone else’s bank account information without authorization is illegal and considered a form of cybercrime.

Banking 119

Banking Cybercrime Malware Accountability 119

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. in) used by the attackers. Pierluigi Paganini.

Encryption 135

Encryption Malware Media Authentication 135

Security Affairs

NOVEMBER 1, 2021

The HelloKitty ransomware group, like other ransomware gangs, implements a double extortion model, stealing sensitive documents from victims before encrypting them. CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. SecurityAffairs – hacking, cybercrime).

DDOS 130

DDOS Ransomware Cybercrime Encryption 130

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. In 2019, the U.S.

Ransomware 122

Ransomware Cybercrime Banking Encryption 122

Security Affairs

JUNE 13, 2023

A database containing the personal information of more than 8.9 million Zacks Investment Research users was leaked on a cybercrime forum. A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023.

Data breaches 91

Data breaches Passwords Cybercrime Encryption 91

Security Affairs

JANUARY 30, 2021

The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground. The availability of the master decryption key allows the victims to recover their encrypted files for free. Unfortunately, at the time of writing the RAR archive is not available.

Ransomware 135

Ransomware Encryption Malware Cybercrime 135

Security Affairs

AUGUST 5, 2021

Lile other ransomware operations, BlackMatter also set up its leak sitewhere it will publish data exfiltrated from the victims before encrypting their system. So it is BlackMatter: [link] And then the similarities to DarkSide ( [link] ) not surprising… — MalwareHunterTeam (@malwrhunterteam) August 5, 2021.

Ransomware 138

Ransomware Encryption Healthcare Cybercrime 138

Security Affairs

DECEMBER 10, 2021

Another one used to encrypt companies' networks. demonslay335 @VK_Intel pic.twitter.com/YttzWWUD3c — MalwareHunterTeam (@malwrhunterteam) December 8, 2021. Unlike other malware, ALPHV (BlackCat) is the first Rust ransomware that was used in attacks in the wild by a cybercrime organization. Also look at that UI.

Ransomware 103

Ransomware Malware Cybercrime Encryption 103

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. It’s just some kind of sabotage.”

Ransomware 268

Ransomware Healthcare Cybercrime Government 268

Security Affairs

JANUARY 12, 2022

Upon executing the Omicron Stats.exe, it unpacks resources encrypted with triple DES using ciphermode ECB and padding mode PKCS7. 2021-11-26 04:34:54 2021-11-26 10:05:15 149.154.167.91 2021-12-05 12:06:03 2021-12-05 13:19:35 149.154.167.91 2021-12-09 16:18:46 2021-12-09 20:00:13 149.154.167.91

Malware 138

Malware Manufacturing Cryptocurrency Cybercrime 138

Security Affairs

MAY 15, 2023

Once encrypted the victims files RA Group, the gang drops customized ransom notes (“How To Restore Your Files.txt.”), which include the victim’s name and a unique link to download the exfiltration proofs. The ransomware supports intermittent encryption to speed up the encryption process. ” continues the report.

Ransomware 90

Ransomware Encryption Cybercrime Insurance 90

Security Affairs

FEBRUARY 9, 2023

Experts spotted a new variant of ESXiArgs ransomware targeting VMware ESXi servers, authors have improved the encryption process, making it much harder to recover the encrypted virtual machines. The attack exploits a heap-overflow vulnerability in VMware ESXi and is tracked as CVE-2021-21974 which was patched in February 2021.

Ransomware 93

Ransomware Encryption Hacking Cybercrime 93

Security Affairs

OCTOBER 19, 2022

Researchers at Palo Alto Network’s Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil cybercrime gang. The REvil group was one of the most active ransomware gangs in the first half of 2021, in October 2021 the gang shut down its operations due to the pressure of law enforcement.

Ransomware 117

Ransomware Encryption Engineering Cybercrime 117

Security Affairs

AUGUST 12, 2021

Threat actors behind the Magniber Ransomware are exploiting the PrintNightmare flaws ( CVE-2021-1675 , CVE-2021-34527 , and CVE-2021-36958 ) to infect Windows servers. SecurityAffairs – hacking, cybercrime). A local attacker could exploit the vulnerability to gain SYSTEM privileges on vulnerable systems.

Ransomware 114

Ransomware Cybercrime Encryption Hacking 114

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. ” reported BleepingComputer. . Pierluigi Paganini.

Ransomware 124

Ransomware Encryption Advertising Malware 124

Security Affairs

JULY 8, 2021

The security breach was first reported by BleepingComputer that also shared a copy of the data breach notification letter sent to the impacted customers. ” The provider notified Morgan Stanley in May 2021 that hackers compromised its FTA install back in January by exploiting a zero-day vulnerability later addressed by the vendor. .

Data breaches 120

Data breaches Hacking Banking Financial Services 120

CyberSecurity Insiders

MAY 22, 2021

a world leader in memory products and technology solutions, is proud to announce it has won the following Global InfoSec Awards for its encrypted USB solutions family from Cyber Defense Magazine (CDM), the industry’s leading electronic information magazine: Data Loss Prevention Market Leader. Encryption Market Leader.

InfoSec 40

InfoSec Technology Encryption B2C 40

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware 132

Ransomware Encryption Malware Education 132

Security Affairs

MARCH 19, 2022

In July, researchers from Fortinet first spotted the new ransomware family, tracked as Diavol, and speculated it might have been developed by Wizard Spider , the cybercrime gang behind the TrickBot botnet. Fortinet experts noticed similarities between Diavol and Conti threats, but unlike Conti, Diavol doesn’t avoid infecting Russian victims.

Ransomware 93

Ransomware Encryption Banking Malware 93

Security Affairs

SEPTEMBER 27, 2021

Researchers from vpnMentor recently published a report that sheds the light on the use of Telegram in the cybercrime ecosystem. vpnMentor researchers joined several cybercrime-focused Telegram groups and discovered a vast network of more 1,000s individuals sharing data leaks and dumps and discussing how to exploit them in illegal activities.

Cybercrime 128

Cybercrime Hacking Mobile DDOS 128

Krebs on Security

JULY 25, 2023

In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021. com, super-socks[.]com,

Malware 201

Malware VPN Internet Internet 201

Security Affairs

OCTOBER 27, 2021

link] — Avast Threat Labs (@AvastThreatLabs) October 27, 2021. Babuk is a Russian ransomware, its source code was leaked , along with some of the decryption keys, in September 2021. Metropolitan Police Department, encrypted its files and demanded a $4 million ransom. SecurityAffairs – hacking, cybercrime).

Ransomware 96

Ransomware Encryption Cybercrime Hacking 96

Security Affairs

JULY 30, 2022

It is quite easy today for cybercrime groups to launch a cyber attack benefitting from the Ransomware-as-a-Service model causing damages of any size. The findings are worrisome. of all the stolen data contains GDPR personal data based on this analysis; In 95.3%

Ransomware 91

Ransomware Cybercrime Cyber Attacks Encryption 91

Security Affairs

APRIL 3, 2021

The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. In February, the Spanish student Javier Yuste released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free.

Ransomware 100

Ransomware Encryption Malware Cybercrime 100

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability ( CVE-2021-44228 ) to deliver the new Khonsari ransomware on Windows machines. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES. you wish to decrypt , call (225) 287-1309 or email karenkhonsari@gmail.com.If

Ransomware 144

Ransomware Encryption Engineering Malware 144

Security Affairs

JANUARY 20, 2022

. “The FBI first learned of Diavol ransomware in October 2021. Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker.

Ransomware 115

Ransomware Banking Malware Encryption 115

Security Affairs

MARCH 3, 2021

A couple of weeks ago, security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. The company is also going to retire legacy FTA server software by April 30, 2021. reported FireEye. reported FireEye.

Ransomware 134

Ransomware Cybersecurity Cyber Attacks Data breaches 134

Security Affairs

MAY 9, 2021

Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye’s Mandiant. The malware will also encrypt files in the recovery folder at C:Recovery, then it will write a ransom note to each folder and directory on the system called ‘read_me_unlock.txt’.

Ransomware 127

Ransomware Penetration Testing Malware Cybercrime 127

Security Affairs

DECEMBER 30, 2021

The AvosLocker ransomware operators released a free decryptor after they accidentally encrypted the system of US Government entity. The AvosLocker ransomware operation provided a free decryptor after they encrypted the systems of a US government agency. pancak3lullz) December 29, 2021. pic.twitter.com/zFg7Idj9Zs — ???????

Ransomware 112

Ransomware Government Encryption Malware 112

Security Affairs

DECEMBER 10, 2021

. “The ACSC is aware of multiple instances of Australian organisations that have been impacted by Conti ransomware in November and December 2021. Experts speculate the operators are members of a Russia-based cybercrime group known as Wizard Spider. This activity has happened across multiple sectors.

Ransomware 97

Ransomware Cybercrime Encryption Malware 97

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. Recently, the Chinese security firm Rising detected a Linux variant of the SFile ransomware that uses the RSA+AES algorithm mode. as the suffix name. . ” reported The Record.

Ransomware 143

Ransomware Encryption Backups Malware 143

Security Affairs

JANUARY 14, 2022

” To cash out the funds received as ransom payments, the cybercrime group carried out complex financial transactions using online payment services that are banned in Ukraine, they used an extensive network of fictitious identities.

Ransomware 119

Ransomware DDOS Telecommunications Malware 119

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches 93

Data breaches Cybercrime Ransomware Passwords 93