Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. LockFile ransomware gang started its operations last month, recently it was spotted targeting Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

Encryption 143

Encryption Ransomware Financial Services Antivirus 143

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. It’s just some kind of sabotage.”

Ransomware 303

Ransomware Healthcare Cybercrime Government 303

eSecurity Planet

SEPTEMBER 22, 2022

To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

Encryption 135

Encryption Ransomware Backups Advertising 135

Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. ESETresearch has identified Linux and FreeBSD variants of the #Hive #Ransomware.

Encryption 138

Encryption Ransomware Spyware Malware 138

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption 139

Encryption Ransomware Cybercrime Malware 139

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. Like other ransomware operations, LockBit 2.0

Encryption 145

Encryption Ransomware Malware Hacking 145

SecureList

MAY 12, 2021

As the world marks the second Anti-Ransomware Day, there’s no way to deny it: ransomware has become the buzzword in the security community. Yet, much of the media attention ransomware gets is focused on chronicling which companies fall prey to it. Part I: Three preconceived ideas about ransomware.

Ransomware 145

Ransomware Encryption Malware Cybercrime 145

Tech Republic Security

JULY 7, 2022

Since May of 2021, state-sponsored attackers have been deploying Maui ransomware in an attempt to encrypt sensitive records and disrupt services for vulnerable healthcare organizations. The post North Korean-sponsored ransomware attacks target US healthcare companies appeared first on TechRepublic.

Healthcare 180

Healthcare Ransomware Encryption 180

CSO Magazine

SEPTEMBER 9, 2022

Retailers are fast becoming the favorite targets for ransomware criminals, with two out of three companies in the sector being attacked last year, according to a new report from cybersecurity firm Sophos. Attackers were able to successfully encrypt files in more than half of the attacks.

Retail 130

Retail Ransomware Encryption Cybersecurity 130

Security Affairs

MARCH 13, 2025

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025.

Ransomware 71

Ransomware Encryption Cryptocurrency Insurance 71

eSecurity Planet

MARCH 17, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware.

Ransomware 70

Ransomware Backups Firmware Insurance 70

Hacker Combat

MAY 10, 2022

To breach a company, ransomware attackers utilize a variety of methods. A researcher has demonstrated how a vulnerability common to several ransomware families can help take control of the malware and stop it from encrypting files on infected devices. Suppose the new DLL is placed next to the ransomware executable.

Encryption 132

Encryption Ransomware Malware Cyber Attacks 132

Bleeping Computer

JUNE 1, 2022

The duration of ransomware attacks in 2021 averaged 92.5 In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours, measured from initial network access to payload deployment. hours in 2019. [.].

Ransomware 143

Ransomware Encryption 143

SecureList

JUNE 17, 2021

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The ransomware family was DearCry. March 2021. Ransomware is written in Python.

Ransomware 144

Ransomware Encryption VPN System Administration 144

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 145

Encryption Ransomware Backups VPN 145

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 145

Encryption Ransomware Backups VPN 145

Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o — Dominic Alvieri (@AlvieriD) March 10, 2025 RansomHouse is a data extortion group that has been active since Dec 2021.

Hacking 118

Hacking Healthcare Backups Ransomware 118

Tech Republic Security

SEPTEMBER 16, 2021

The free decryption tool will help victims restore their encrypted files from attacks made before July 13, 2021, says Bitdefender.

Ransomware 196

Ransomware Encryption 196

SecureList

OCTOBER 7, 2021

These days, when speaking of cyberthreats, most people have in mind ransomware, specifically cryptomalware. This roundup spotlights the ransomware Trojan families that most actively attacked businesses in the CIS in H1 2021, and their technical characteristics. Ransomware families at a glance. Note left by the ransomware.

Ransomware 144

Ransomware Encryption Passwords Malware 144

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? The systems at the company were infected with the Phoenix Locker, a variant of ransomware tracked as Hades that was part of the arsenal of the cybercrime group known as Evil Corp.

Cyber Attacks 142

Cyber Attacks Ransomware Insurance Hacking 142

Security Affairs

JUNE 5, 2021

Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. ” concludes the report.

Ransomware 145

Ransomware Malware Encryption Financial Services 145

Security Affairs

MARCH 24, 2021

Security experts reported that a second ransomware gang, named Black Kingdom , is targeting Microsoft Exchange servers. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021. Pierluigi Paganini.

Ransomware 145

Ransomware Encryption VPN Malware 145

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. The other handle that appeared tied to Wazawaka was “Orange,” the founder of the RAMP ransomware forum. This post is an attempt to remedy that.

Ransomware 254

Ransomware VPN Cybercrime Accountability 254

The Last Watchdog

MAY 5, 2022

Ransomware? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

Ransomware 247

Ransomware Risk Internet Internet 247

Security Affairs

JULY 15, 2021

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. Once the virtual machines are shut down, the ransomware will encrypt .vmdk vmdk (virtual hard disk), .vmsd

Ransomware 145

Ransomware Encryption Malware Hacking 145

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. The AvosLocker ransomware appends the .avoslinux

Ransomware 140

Ransomware Encryption Advertising Malware 140

Security Affairs

AUGUST 5, 2021

The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform. This is the last ransomware in order of time that is able to target VM platforms, some of the other ransomware operations that do the same are REvil , RansomExx/Defray , Mespinoza , HelloKitty , and Babuk.

Ransomware 144

Ransomware Encryption Healthcare Cybercrime 144

Security Affairs

APRIL 13, 2025

The ransomware group has since leaked the stolen data on its dark web leak site. RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Ransomware attacks on U.S.

Data breaches 130

Data breaches Unstructured Data Identity Theft Healthcare 130

eSecurity Planet

DECEMBER 13, 2021

Cybersecurity vaccines are emerging as a new tool to defend against threats like ransomware and zero-day vulnerabilities. Cybersecurity firms have released “vaccines” in recent days to protect against the widely used STOP ransomware strain and the new Apache Log4Shell vulnerability. They also come with the same limitations.

Ransomware 145

Ransomware Cybersecurity Encryption Malware 145

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Malware in Encrypted Traffic. A surprising 91.5

Encryption 145

Encryption Malware Ransomware Firewall 145

SecureWorld News

JANUARY 16, 2025

A report from 2023 revealed that 67% of energy and utility companies faced ransomware attacks, with many incidents exploiting unpatched vulnerabilities. Hackers used compromised credentials to gain access to Colonial Pipeline's network, deploying ransomware that encrypted critical systems.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

Security Affairs

NOVEMBER 1, 2021

The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). ” reads the flash alert.

DDOS 145

DDOS Ransomware Cybercrime Encryption 145

CyberSecurity Insiders

NOVEMBER 18, 2021

Sophos, the multinational data security firm, has found a new variant of ransomware dubbed Memento that is exhibiting new traits rather than just locking down the files after stealing a portion of data. Researchers have found that Memento Ransomware does the usual encryption process after stealing a portion of data.

Ransomware 136

Ransomware Encryption Passwords Technology 136

Security Affairs

OCTOBER 25, 2021

An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware. An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258 , in the popular billing software suite BillQuick Web Suite time to deploy ransomware.

Ransomware 138

Ransomware Engineering Software Encryption 138

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware 145

Ransomware Encryption Malware Education 145

SecureWorld News

JUNE 9, 2025

Much of the industry still relies on legacy operational tech (OT) systems that lack modern security features such as automated patch management and encryption by default. Ransomware is especially prevalent, with 55% of civil aviation cyber decision-makers admitting to being victims in the past 12 months.

Cybersecurity 117

Cybersecurity Social Engineering Computers and Electronics Risk 117

Security Affairs

JUNE 29, 2021

The REvil ransomware operators added a Linux encryptor to their arsenal to encrypt Vmware ESXi virtual machines. The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises. Then the REvil ransomware will encrypt the files.

Ransomware 144

Ransomware Encryption Hacking Malware 144