2022, Cybercrime, Encryption and Information Security

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. Starting from September 2022, the note was changed to Royal.

Encryption

Encryption Ransomware Malware Healthcare

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

LastPass revealed that encrypted password vaults were stolen

Security Affairs

DECEMBER 23, 2022

The data breach suffered by LastPass in August 2022 may have been more severe than previously thought. In an update published on Thursday, the company revealed that threat actors obtained personal information belonging to its customers, including encrypted password vaults. Website URLs) and 256-bit AES-encrypted sensitive (i.e.

Encryption

Encryption Passwords Data breaches Backups

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. “Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.

Backups

Backups Encryption Data breaches Passwords

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware

Ransomware Encryption Malware Hacking

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption

Encryption Ransomware Malware Backups

Ransomware attacks hit 105 US local governments in 2022

Security Affairs

JANUARY 2, 2023

In 2022, ransomware attacks targeted 105 state or municipal governments or agencies in the US, reads a report published by Emsisoft. The only local government known to have paid a ransom in 2022 was Quincy, MA., In at least 17 incidents (68 percent), threat actors exfiltrated data including Protected Health Information (PHI).

Government

Government Ransomware Healthcare Education

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. In March 2022, SOVA authors released version 3.0 The malware encrypts the files inside the infected devices using an AES algorithm and renaming them with the extension “.enc”.

Encryption

Encryption Malware Banking Ransomware

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022. Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. ” reads the report. ” reads the report.

Ransomware

Ransomware Financial Services Manufacturing Healthcare

A database containing data of +8.9 million Zacks users was leaked online

Security Affairs

JUNE 13, 2023

A database containing the personal information of more than 8.9 million Zacks Investment Research users was leaked on a cybercrime forum. A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023.

Data breaches

Data breaches Passwords Cybercrime Encryption

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware group has been active since April 2022 , like other ransomware operations, it implements a double-extortion attack model. A joint research by Elliptic and Corvus Insurance revealed that the group accumulated at least $107 million in Bitcoin ransom payments since early 2022.

Hacking

Hacking Encryption Ransomware Insurance

Defending Against the Threats to Our Security

SecureWorld News

JULY 3, 2023

According to PurpleSec, 98% of cybercrime relies on social engineering to accomplish it. Ransomware attacks grew by 41% in 2022, and identification and remediation for a breach took 49 days longer than the average breach. Ransomware is malware that encrypts the victim's data and demands a ransom for its decryption.

Cybercrime

Cybercrime Social Engineering Data breaches Education

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

in March 2022. “Ransomware is malicious software designed to encrypt data on victim computers, allowing bad actors the ability to demand a ransom payment in exchange for the decryption key.” victims, and we are disrupting the broader cybercrime ecosystem.” Vasinskyi was extradited to the U.S.

Ransomware

Ransomware Cryptocurrency Cybercrime Encryption

The source code of Zeppelin Ransomware sold on a hacking forum

Security Affairs

JANUARY 5, 2024

Researchers from cybersecurity firm KELA reported that a threat actor announced on a cybercrime forum the sale of the source code and a cracked version of the Zeppelin ransomware builder for $500. To each encrypted file, it appends a randomized nine-digit hexadecimal number as an extension. reads the joint advisory.

Ransomware

Ransomware Hacking Encryption Malware

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

The debate about which threats pose the most danger to industrial enterprises often revolves around comparisons between APTs and cybercrime. And plans to improve information security and introduce new protection tools and measures are predicated, in some way, on the chosen adversary model. Actions of various attacker categories.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT.

Ransomware

Ransomware Encryption Backups Manufacturing

New RA Group ransomware gang is the latest group using leaked Babuk source code

Security Affairs

MAY 15, 2023

Once encrypted the victims files RA Group, the gang drops customized ransom notes (“How To Restore Your Files.txt.”), which include the victim’s name and a unique link to download the exfiltration proofs. The ransomware supports intermittent encryption to speed up the encryption process. ” continues the report.

Ransomware

Ransomware Encryption Cybercrime Insurance

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. “Probably, they wanted to keep that revenue stream going.”

Malware

Malware VPN Internet Internet

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

The cybercrime group claims to have stolen 1 TB of data from the hospital and threatens to leak it. The message published by the gang on its leak site emphasizes that they didn’t encrypt data to avoid causing malfunctions to the hospital’s medical equipment.

Ransomware

Ransomware Financial Services Cybercrime Encryption

The missed link between Ransom Cartel and REvil ransomware gangs

Security Affairs

OCTOBER 19, 2022

Researchers at Palo Alto Network’s Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil cybercrime gang. The Ransom Cartel operation was launched in December 2022, and security experts at MalawareHunterTeam were among the first research teams to speculate a possible link with Revil.

Ransomware

Ransomware Encryption Engineering Cybercrime

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot. The alert published by the Ukraine CERT-UA includes Indicators of Compromise (IoCs) for this campaign and recommendations.

Phishing

Phishing Cybercrime Ransomware Encryption

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

Every week the best security articles from Security Affairs for free in your email box. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. If you want to also receive for free the newsletter with the international press subscribe here.

Ransomware

Ransomware DNS Cybercrime Hacking

Security Affairs newsletter Round 373 by Pierluigi Paganini

Security Affairs

JULY 10, 2022

Unfaithful HackerOne employee steals bug reports to claim additional bounties Threat Report Portugal: Q2 2022 CISA orders federal agencies to patch CVE-2022-26925 by July 22 Tens of Jenkins plugins are affected by zero-day vulnerabilities Microsoft: Raspberry Robin worm already infected hundreds of networks. Upgrade it now!

Cybercrime

Cybercrime Data breaches Ransomware Healthcare

LockBit published data stolen from Simone Veil hospital in Cannes

Security Affairs

MAY 3, 2024

The normal functioning of its information system is being restored at a sustained pace in accordance with the action plan defined at the start of the crisis.” In December 2022, the Hospital Centre of Versailles was hit by a cyber attack that forced it to cancel operations and transfer some patients in other hospitals.

Cyber Attacks

Cyber Attacks Ransomware Healthcare Media

LastPass: hackers breached the computer of a DevOps engineer in a second attack

Security Affairs

FEBRUARY 27, 2023

. “Our investigation has revealed that the threat actor pivoted from the first incident, which ended on August 12, 2022, but was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activities aligned to the cloud storage environment spanning from August 12, 2022 to October 26, 2022.”

Engineering

Engineering Backups Data breaches Passwords

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs

APRIL 16, 2023

One of the encryptors developed by Lockbit, named ‘locker_Apple_M1_64’, can encrypt files of Mac systems running on the Apple silicon M1. The MacOS variant has been available since November 11th, 2022. The MacOS variant has been available since November 11th, 2022. It appears we are late to the game.

Encryption

Encryption Architecture Ransomware Education

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Security Affairs

NOVEMBER 28, 2022

1/9 pic.twitter.com/WyxzCZSz84 — ESET research (@ESETresearch) November 25, 2022. From August 2022, Recorded Future researchers observed a rise in command and control (C2) infrastructure used by Sandworm (tracked by Ukraine’s CERT-UA as UAC-0113). The key is then RSA encrypted and written to aes.bin. Pierluigi Paganini.

Ransomware

Ransomware Encryption Telecommunications Malware

RedAlert, LILITH, and 0mega, 3 new ransomware in the wild

Security Affairs

JULY 15, 2022

RedAlert is human-operated ransomware, the ransomware uses NTRUEncrypt public key encryption algorithm for encryption. crypt[Random number] ” extension to the filenames of encrypted files. lilith” extension to the filenames of encrypted files. The ransomware targets a limited types of files, including log files (.log),

Ransomware

Ransomware Encryption Malware Hacking

Over 500 ESXiArgs Ransomware infections in one day, but they dropped the day after

Security Affairs

FEBRUARY 16, 2023

. “During analysis, we discovered two hosts with strikingly similar ransom notes dating back to mid-October 2022, just after ESXi versions 6.5 ” Censys reported that two hosts with a similar (but different) ransom note were infected on October 12, 2022. reached end of life.” ” continues the report.

Ransomware

Ransomware Encryption Hacking Cybercrime

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware

Malware Cybercrime Cryptocurrency Social Engineering

Black Hat USA 2022 Continued: Innovation in the NOC

Cisco Security

AUGUST 29, 2022

In part one of our Black Hat USA 2022 NOC blog, we discussed building the network with Meraki: Adapt and Overcome. Port Security, by Ryan MacLennan, Ian Redden and Paul Fiddler. CyberCrime Tracker. NetWitness PCAP file carving and submission to Cisco Secure Malware Analytics (formerly Threat Grid) for analysis.

DNS

DNS Wireless Malware Firewall

Reading the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report

Security Affairs

JULY 30, 2022

It is quite easy today for cybercrime groups to launch a cyber attack benefitting from the Ransomware-as-a-Service model causing damages of any size. The double-extortion model could expose the most private information of targeted entities on the Internet to the highest bidder. The findings are worrisome.

Ransomware

Ransomware Cybercrime Cyber Attacks Encryption

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Security Affairs

APRIL 9, 2024

BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022. The developers used AES encryption and implemented techniques to bypass the anti-malware scan interface (AMSI).

Engineering

Engineering Phishing Malware Hacking

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Security Affairs

JANUARY 28, 2022

According to CTWANT , which cited an undisclosed information security company, Delta Electronics was hit by Conti ransomware that asked Delta to pay a $15 million ransom to restore encrypted files and avoid their leak. ” reported a statement from the security company cited by CTWANT.

Computers and Electronics

Computers and Electronics Ransomware Manufacturing Malware

Law enforcement operation dismantled 911 S5 botnet

Security Affairs

MAY 30, 2024

“According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide.” The compromised devices were recruited in the 911 S5 residential proxy service. export laws.

VPN

VPN Cryptocurrency Malware Software

Security Affairs newsletter Round 390

Security Affairs

OCTOBER 23, 2022

Multiple supply chains potentially impacted Bulgaria hit by a cyber attack originating from Russia Interpol arrested 75 members of the cybercrime ring Black Axe 45,654 VMware ESXi servers reached End of Life on Oct. Follow me on Twitter: @securityaffairs and Facebook.

Data breaches

Data breaches Retail Ransomware Cybercrime

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. The experts noticed that threat actors tracked as DEV-0950 used Clop ransomware to encrypt the network of organizations previously infected with the worm. The final-stage malware was the Clop ransomware.

Ransomware

Ransomware Malware Data collection Encryption

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Security Affairs

FEBRUARY 16, 2023

During the second half of 2022, a variant of the Mirai bot, tracked as V3G4, targeted IoT devices by exploiting tens of flaws. Palo Alto Networks Unit 42 researchers reported that a Mirai variant called V3G4 was attempting to exploit several flaws to infect IoT devices from July to December 2022.

IoT

IoT DDOS Encryption Malware

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

These include: Magento – CVE-2022-24086 Qlik Sense – CVE-2023-41265, CVE-2023-41266 , and CVE-2023-48365 Ivanti Connect Secure – CVE-2023-46805 and CVE-2024-21887 , CVE-2024-21888 and CVE-2024-21893. The malware uses AES encryption for C2 communication, however, depending on the transmitted data, RSA may also be utilized.

Malware

Malware VPN Encryption Hacking

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. Recently, the Chinese security firm Rising detected a Linux variant of the SFile ransomware that uses the RSA+AES algorithm mode. as the suffix name. .” ” reported The Record. . Pierluigi Paganini.

Ransomware

Ransomware Encryption Backups Malware

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

Security Affairs

OCTOBER 15, 2023

Stats for 2022 in the link. Its policy forbids to encrypt systems of organizations where damage could lead to the death of individuals. According to local media, threat actors demand a $10 million ransom to provide the decryption key to restore encrypted data. Other ransomware attacks recently hit US hospitals.

Ransomware

Ransomware Healthcare Data breaches Cyber Attacks

RansomExx Ransomware upgrades to Rust programming language

Security Affairs

NOVEMBER 24, 2022

It requires a list of target directories to encrypt to be passed as command line parameters and then encrypts files using AES-256, with RSA used to protect the encryption keys.” ” reads the analysis published by IBM Security X-Force. ” concludes the report.

Ransomware

Ransomware Encryption Malware Manufacturing

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Webinars

Trending Sources

New Hive ransomware variant is written in Rust and use improved encryption method

Webinars

LastPass revealed that encrypted password vaults were stolen

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Rorschach ransomware has the fastest file-encrypting routine to date

Ransomware attacks hit 105 US local governments in 2022

SOVA Android malware now also encrypts victims’ files

Cuba Ransomware received over $60M in Ransom payments as of August 2022

A database containing data of +8.9 million Zacks users was leaked online

Black Basta gang claims the hack of the UK water utility Southern Water

Defending Against the Threats to Our Security

Ukrainian REvil gang member sentenced to 13 years in prison

The source code of Zeppelin Ransomware sold on a hacking forum

Threats to ICS and industrial enterprises in 2022

8Base ransomware operators use a new variant of the Phobos ransomware

New RA Group ransomware gang is the latest group using leaked Babuk source code

Who and What is Behind the Malware Proxy Service SocksEscort?

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

The missed link between Ransom Cartel and REvil ransomware gangs

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs newsletter Round 373 by Pierluigi Paganini

LockBit published data stolen from Simone Veil hospital in Cannes

LastPass: hackers breached the computer of a DevOps engineer in a second attack

Experts found the first LockBit encryptor that targets macOS systems

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

RedAlert, LILITH, and 0mega, 3 new ransomware in the wild

Over 500 ESXiArgs Ransomware infections in one day, but they dropped the day after

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Black Hat USA 2022 Continued: Innovation in the NOC

Reading the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Law enforcement operation dismantled 911 S5 botnet

Security Affairs newsletter Round 390

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Experts warn of attacks using a new Linux variant of SFile ransomware

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

RansomExx Ransomware upgrades to Rust programming language

Stay Connected