Security Affairs

FEBRUARY 13, 2022

Organizations have paid more than $600 million in cryptocurrency during 2021, nearly one-third to the Conti ransomware gang. and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021. Last week, cybersecurity agencies from the U.K., added the company. .

Ransomware 89

Ransomware Cryptocurrency Cybercrime Malware 89

Security Affairs

JUNE 9, 2023

Researchers discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. Kroll security experts discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. ” reads the analysis published by the security firm.

Ransomware 78

Ransomware Hacking Retail Internet 78

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Cybercrime 117

Cybercrime Ransomware DDOS Encryption 117

Security Affairs

OCTOBER 26, 2021

The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. SecurityAffairs – hacking, Ranzy Locker ransomware).

Ransomware 127

Ransomware Firmware Antivirus Accountability 127

Security Affairs

SEPTEMBER 28, 2023

Johnson Controls International suffered a ransomware attack that impacted the operations of the company and its subsidiaries. The company provides HVAC (heating, ventilation, and air conditioning), solutions for building automation, fire and security systems, and components for energy management. ” reported Bleeping Computer. .”

Ransomware 115

Ransomware Insurance Technology Encryption 115

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? Bloomberg was informed about the payment by two people familiar with the attack. The pipeline allows carrying 2.5 The pipeline allows carrying 2.5

Cyber Attacks 110

Cyber Attacks Ransomware Insurance Hacking 110

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware 100

Malware Data collection Manufacturing Healthcare 100

Security Affairs

NOVEMBER 28, 2023

An international law enforcement operation dismantled the core of a ransomware group operating from Ukraine. A joint law enforcement operation led by Europol and Eurojust, with the support of the police from seven nations, has arrested in Ukraine the core members of a ransomware group. ” concludes the press release.

Ransomware 99

Ransomware Malware Phishing Hacking 99

Security Affairs

OCTOBER 13, 2023

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort aimed at sharing technical details associated with various ransomware operations.

Ransomware 116

Ransomware System Administration Antivirus Malware 116

Security Affairs

JULY 15, 2021

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. Once the virtual machines are shut down, the ransomware will encrypt .vmdk vmdk (virtual hard disk), .vmsd

Ransomware 143

Ransomware Encryption Malware Hacking 143

Security Affairs

AUGUST 5, 2021

The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform. This is the last ransomware in order of time that is able to target VM platforms, some of the other ransomware operations that do the same are REvil , RansomExx/Defray , Mespinoza , HelloKitty , and Babuk.

Ransomware 138

Ransomware Encryption Healthcare Cybercrime 138

Security Affairs

OCTOBER 15, 2021

A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year.

Ransomware 92

Ransomware Cyber threats Firmware Backups 92

Security Affairs

OCTOBER 20, 2023

A joint international law enforcement investigation led to the arrest of a malware developer who was involved in the Ragnar Locker ransomware operation. Yesterday we became aware of a joint law enforcement operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure.

Ransomware 91

Ransomware Cybercrime Malware Hacking 91

Security Affairs

DECEMBER 14, 2023

French police arrested a Russian national who is suspected of laundering money resulting from the criminal activity of the Hive ransomware gang. The French authorities arrested in Paris a Russian national who is suspected of laundering criminal proceeds for the Hive ransomware gang. anti-cybercrime (Ofac).”

Ransomware 112

Ransomware Cryptocurrency Cybercrime VPN 112

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware 125

Ransomware Encryption Malware Education 125

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware). ” concludes the report.

Ransomware 92

Ransomware Cybercrime Malware Hacking 92

Security Affairs

AUGUST 13, 2021

The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow victims to decrypt their files for free. Pierluigi Paganini.

Ransomware 137

Ransomware Authentication Malware Hacking 137

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware 124

Ransomware Passwords Scams Government 124

Security Affairs

JULY 5, 2022

AstraLocker ransomware operators told BleepingComputer they’re shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. ” reported ReversingLabs.

Ransomware 104

Ransomware Malware Hacking Risk 104

Security Affairs

DECEMBER 4, 2021

The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. ” states the alert.

Ransomware 137

Ransomware Hacking Malware Encryption 137

Security Affairs

DECEMBER 25, 2021

Recently launched ransomware operation, named Rook, made headlines for its announcement claiming a desperate need a lot of money. New ransomware variant, "Rook Ransomware", found on VT practicing searches/hunting on my day off. “The ransomware attempts to terminate any process that may interfere with encryption.

Ransomware 116

Ransomware Malware Encryption Backups 116

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. Pierluigi Paganini.

Ransomware 134

Ransomware Encryption Malware Cybercrime 134

Security Affairs

NOVEMBER 1, 2021

The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). ” reads the flash alert.

DDOS 123

DDOS Ransomware Cybercrime Encryption 123

Security Affairs

DECEMBER 23, 2023

The LockBit ransomware claims to have hacked accountancy firm Xeinadin threatens to leak the alleged stolen data. The LockBit ransomware claims responsibility for hacking the Xeinadin accountancy firm and threatens to disclose the alleged stolen data. ” reads the message published by the ransomware group on its Tor leak site.

Accountability 123

Accountability Ransomware Data breaches Hacking 123

Security Affairs

JANUARY 18, 2022

A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. scrypt.txt.” .

Ransomware 133

Ransomware Encryption Malware Passwords 133

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. “While we couldn’t find what targets were attacked using this AvosLocker ransomware Linux variant , BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.”

Ransomware 118

Ransomware Encryption Advertising Malware 118

Security Affairs

OCTOBER 16, 2021

The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. “As of mid-2021, X-Force observed ITG23 partner with two additional malware distribution affiliates — Hive0106 (aka TA551) and Hive0107. .

Malware 102

Malware Cybercrime DDOS Social Engineering 102

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption 98

Encryption Malware Banking Ransomware 98

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. FatFace CEO Liz Evans released a statement which said “ On 17th January 2021 FatFace identified some suspicious activity within its IT systems.

Energy and Utilities 122

Energy and Utilities Ransomware Banking Hacking 122

Security Affairs

DECEMBER 26, 2021

The IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday. French IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday, but according to the company the security breach had a limited impact on its operations.

Ransomware 129

Ransomware Cybercrime Advertising Information Security 129

Security Affairs

DECEMBER 1, 2021

Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. ” reads the post published by Mandiant.

Ransomware 117

Ransomware Education Hacking Encryption 117

Security Affairs

DECEMBER 31, 2022

Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes from cyberattacks on healthcare providers. Researchers from Jama Network analyzed trends in ransomware attacks on US hospitals, clinics, and health care delivery organizations between 2016 and 2021. million in 2021.

Healthcare 87

Healthcare Ransomware Backups Hacking 87

Security Affairs

JANUARY 26, 2023

The leak site of the Hive ransomware gang was seized due to an international operation conducted by law enforcement in ten countries. The Tor leak site used by Hive ransomware operators has been seized as part of an international operation conducted by law enforcement in 10 countries. cybersecurity and intelligence authorities.

Ransomware 91

Ransomware VPN Manufacturing Healthcare 91

Security Affairs

MARCH 24, 2021

Security experts reported that a second ransomware gang, named Black Kingdom , is targeting Microsoft Exchange servers. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021.

Ransomware 139

Ransomware Encryption VPN Malware 139

Security Affairs

JULY 7, 2022

US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. Pierluigi Paganini.

Healthcare 122

Healthcare Ransomware Encryption Government 122

Security Affairs

JANUARY 17, 2022

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020 , it was observed targeting only Windows systems. Recently, Rising captured the Linux platform variant of the ransomware.”

Ransomware 139

Ransomware Encryption Backups Malware 139

Security Affairs

JULY 23, 2022

DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. ” reads the announcement published by DoJ.

Ransomware 128

Ransomware Healthcare Cryptocurrency Encryption 128