Security Affairs

FEBRUARY 11, 2025

Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The ransomware component is then decrypted and loaded into the SmokeLoader process memory.

Ransomware 73

Ransomware Encryption Backups Malware 73

eSecurity Planet

SEPTEMBER 22, 2022

To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

Encryption 135

Encryption Ransomware Backups Advertising 135

eSecurity Planet

AUGUST 4, 2022

It’s been a couple of decades since data tapes delivered by trucks made encryption a standard enterprise cybersecurity practice. Yet even as technology has changed, sending and receiving data remains a major vulnerability, ensuring encryption’s place as a foundational security practice. What is Encryption?

Encryption 132

Encryption Software Computers and Electronics Technology 132

Krebs on Security

SEPTEMBER 18, 2023

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The 8Base ransomware group’s victim shaming website on the darknet.

Ransomware 321

Ransomware Accountability Encryption Internet 321

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 145

Ransomware Encryption Malware Hacking 145

Security Affairs

MARCH 2, 2025

The Qilin ransomware group claims responsibility for attacking the newspaper Lee Enterprises, stealing 350GB of data. The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises , Inc. is a publicly traded American media company.

Ransomware 79

Ransomware Cybercrime Encryption Healthcare 79

SecureList

MAY 11, 2022

Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises , old variants of malware return while the new ones develop.

Ransomware 141

Ransomware Encryption Malware Cybercrime 141

Security Affairs

JUNE 6, 2025

Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat actors are actively exploiting Fortigate vulnerabilities (CVE-2024-21762, CVE-2024-55591, and others) to deploy Qilin ransomware. CISA confirmed that the flaw CVE-2025-24472 is known to be used in ransomware campaigns.

Ransomware 78

Ransomware Authentication Healthcare Firewall 78

Malwarebytes

JANUARY 2, 2024

Researchers at SRLabs have made a decryption tool available for Black Basta ransomware, allowing some victims of the group to decrypt files without paying a ransom. The decryptor works for victims whose files were encrypted between November 2022 and December 2023. How to avoid ransomware Block common forms of entry.

Encryption 122

Encryption Ransomware Backups Malware 122

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption 139

Encryption Ransomware Cybercrime Malware 139

Security Affairs

APRIL 30, 2025

Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft. The RAT supports advanced evasion techniques, including living-off-the-land ( LOTL ) tactics and encrypted command and control (C2) communications. opendnsapi.net), and uses IPFS to retrieve encrypted modules.

Encryption 103

Encryption Ransomware Malware Phishing 103

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. Editors note: This report was authored by Gautham Ashok & Alexa Feminella.

VPN 133

VPN Authentication Ransomware Risk 133

Malwarebytes

JUNE 1, 2022

We can now add “a ransomware attack” to this once static list. When a ransomware attack takes out an organization, they often revert to pen and paper to keep things ticking over. When ransomware locks down a chunk of historical data, things apparently become much more convoluted. Tips to avoid ransomware.

Ransomware 141

Ransomware Backups Encryption Authentication 141

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. It’s just some kind of sabotage.” 23, 2020.

Ransomware 303

Ransomware Healthcare Cybercrime Government 303

SecureWorld News

JUNE 9, 2025

Global data reveals that cyberattacks rose by 131% between 2022 and 2023 across the aviation industry, with a 74 percent increase since 2020, underscoring the profundity of this threat. Ransomware is especially prevalent, with 55% of civil aviation cyber decision-makers admitting to being victims in the past 12 months.

Cybersecurity 117

Cybersecurity Social Engineering Computers and Electronics Risk 117

CSO Magazine

DECEMBER 14, 2022

A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. To read this article in full, please click here

Encryption 120

Encryption Ransomware 120

CyberSecurity Insiders

SEPTEMBER 20, 2022

According to a Monday Twitter update posted by Uber, Lapsus$ ransomware spreading gang is suspected to be behind the cyber attack on its repositories, email and cloud systems and internal slack communication servers. The post Uber data breach 2022 Update on Lapsus$ Ransomware appeared first on Cybersecurity Insiders.

Data breaches 127

Data breaches Ransomware Cyber Attacks Accountability 127

Hacker Combat

MAY 10, 2022

To breach a company, ransomware attackers utilize a variety of methods. A researcher has demonstrated how a vulnerability common to several ransomware families can help take control of the malware and stop it from encrypting files on infected devices. Malvuln had almost 600 malware vulnerabilities as of May 4, 2022.

Encryption 132

Encryption Ransomware Malware Cyber Attacks 132

CyberSecurity Insiders

JANUARY 3, 2023

The ransomware attack that took place on British Daily Newspaper ‘The Guardian’ seems to have intensified deeply as the staff of the media group has been advised to work from home and have been handed over separate email ids for official communication. And the incident was discovered by the IT staff on the 20th of the same month.

Ransomware 121

Ransomware Media Malware Cyber Attacks 121

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 145

Encryption Ransomware Backups VPN 145

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 145

Encryption Ransomware Backups VPN 145

eSecurity Planet

FEBRUARY 24, 2025

Over 200,000 internal messages from the notorious ransomware group Black Basta have surfaced online exposing deep divisions, ransom negotiations, and internal dysfunction. Cybersecurity experts are now poring over the data, uncovering a rare inside look at how one of the most feared ransomware groups operates and potentially unravels.

Ransomware 67

Ransomware Phishing Healthcare Cryptocurrency 67

SecureList

MAY 16, 2023

Download the full version of the report (PDF) Kaspersky Incident Response in various regions and industries In 2022, 45.9% Key trends in 2022: initial attack vectors and impact In 2022, attackers most often penetrated organizations’ infrastructure by exploiting various vulnerabilities in public-facing applications (42.9%).

Ransomware 141

Ransomware Encryption Security Awareness Authentication 141

Security Boulevard

OCTOBER 4, 2022

OpenText today published a Nastiest Malware of 2022 report that highlighted how ransomware attacks are evolving into triple threats. In addition to encrypting and stealing data, many attackers now include a distributed denial-of-service (DDoS) attack when victims refuse to cave to ransom demands.

Malware 122

Malware DDOS Ransomware Encryption 122

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 142

Ransomware Encryption Backups Manufacturing 142

eSecurity Planet

JANUARY 6, 2022

About the only consensus on cybersecurity in 2022 is that things will get uglier, but in what ways? Third-party security, ransomware , artificial intelligence (AI) and decentralized finance (DeFi) are some of the threats you can expect to see more of this year – with the potential for far worse results than we’ve seen in the past.

Ransomware 136

Ransomware Cybersecurity Artificial Intelligence CISO 136

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 136

Ransomware Encryption Insurance Malware 136

Security Affairs

JULY 9, 2024

Avast developed and released a decryptor for the DoNex ransomware family that allows victims to recover their files for free. Avast researchers identified a cryptographic flaw in the DoNex ransomware and its predecessors that allowed them to develop a decryptor. “All brands of the DoNex ransomware are supported by the decryptor.”

Ransomware 130

Ransomware Encryption Passwords Hacking 130

Security Affairs

JULY 15, 2022

Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. The ransomware targets a limited types of files, including log files (.log),

Ransomware 138

Ransomware Encryption Malware Hacking 138

Krebs on Security

DECEMBER 8, 2022

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. Department of Health and Human Services (HHS) warned that Venus ransomware attacks were targeting a number of U.S. Encrypting sensitive data wherever possible.

Healthcare 331

Healthcare Backups Ransomware Insurance 331

Heimadal Security

OCTOBER 17, 2022

Threat actors are targeting exposed Remote Desktop services to encrypt windows devices using the new Venus Ransomware. Venus Ransomware began operating in the middle of August 2022 and has been used to encrypt victims’ machines since then. How Venus […]. How Venus […].

Ransomware 128

Ransomware Encryption Cybersecurity 128

The Last Watchdog

AUGUST 15, 2022

The top ransomware gangs have become so relentless that it’s not unusual for two or more of them to attack the same company within a few days – or even a few hours. Related: How ‘IABs’ foster ransomware. Thus, some of the victim company’s assets got triple encrypted.

Ransomware 214

Ransomware System Administration Cyber Attacks Hacking 214

Security Affairs

NOVEMBER 28, 2022

Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The key is then RSA encrypted and written to aes.bin.

Ransomware 139

Ransomware Encryption Telecommunications Malware 139

Security Affairs

JANUARY 17, 2022

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020 , it was observed targeting only Windows systems. Recently, Rising captured the Linux platform variant of the ransomware.”

Ransomware 145

Ransomware Encryption Backups Malware 145

Security Affairs

OCTOBER 11, 2022

Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. ransomware. . ransomware. .

Ransomware 142

Ransomware Encryption Malware Hacking 142

Krebs on Security

JUNE 8, 2023

More alarmingly, the company said it appears attackers first started exploiting the flaw in October 2022. Because a ransomware actor doesn’t care about that level of access. If they’re going for data ransoming, they’re encrypting the data itself — not the machines.” They don’t need it.

Firmware 340

Firmware Malware Software Ransomware 340

Security Affairs

JULY 20, 2022

Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. A notable example includes BlackCat and Hive.

Ransomware 142

Ransomware Encryption Malware Advertising 142