Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin.

Ransomware 315

Ransomware Encryption Backups Manufacturing 315

CyberSecurity Insiders

JANUARY 3, 2023

The ransomware attack that took place on British Daily Newspaper ‘The Guardian’ seems to have intensified deeply as the staff of the media group has been advised to work from home and have been handed over separate email ids for official communication. And the incident was discovered by the IT staff on the 20th of the same month.

Ransomware 121

Ransomware Media Malware Cyber Attacks 121

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The cybercrime group behind the attack leaked the data stolen from the victim on January 5, 2022.

Encryption 86

Encryption Ransomware Cybercrime Engineering 86

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 115

Ransomware Encryption Insurance Malware 115

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 126

Ransomware Encryption Malware Hacking 126

Krebs on Security

FEBRUARY 20, 2024

authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. First surfacing in September 2019, the gang is estimated to have made hundreds of millions of U.S. Ivan Gennadievich Kondratyev , a.k.a.

Ransomware 275

Ransomware Cybercrime Encryption Insurance 275

Heimadal Security

JANUARY 30, 2023

Cybersecurity researchers uncovered a new strain of ransomware named Mimic. Mimic uses Everything API, a file search tool for Windows, to search for files to encrypt. Some of the code in Mimic is similar to that found in Conti, whose source code was leaked to a Ukrainian researcher in March 2022.

Encryption 92

Encryption Engineering Ransomware Malware 92

Heimadal Security

NOVEMBER 21, 2022

AXLocker is a new strain of ransomware discovered in late November 2022. It encrypts the files of victims and demands payment, but it also steals the Discord accounts of infected users—a double-edged sword. First, AXLocker encrypts your files. How Does The Virus Work? The danger of AXLocker is twofold.

Encryption 79

Encryption Accountability Ransomware Risk 79

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 123

Ransomware Encryption Backups Manufacturing 123

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The experts pointed out that the Rorschach ransomware appears to be unique. The experts pointed out that the Rorschach ransomware appears to be unique. ” continues the analysis.

Encryption 89

Encryption Ransomware Malware Backups 89

Joseph Steinberg

JUNE 9, 2022

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. The ransomware attack on Tenafly’s school system is a reminder of a sad, ironic, reality.

Ransomware 355

Ransomware Artificial Intelligence Education Cybercrime 355

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption 114

Encryption Ransomware Cybercrime Malware 114

Malwarebytes

MAY 6, 2022

The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. Black Basta made a name for itself very quickly by coming out of nowhere and carrying out at least eleven successful breaches in April 2022.

Ransomware 77

Ransomware Encryption Accountability Technology 77

Malwarebytes

FEBRUARY 1, 2023

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their dark web leak sites. Lockbit has rebounded from its unusual fall from grace in November, snatching the title of the month's worst ransomware, back from Royal.

Ransomware 78

Ransomware Telecommunications Healthcare Encryption 78

Security Boulevard

OCTOBER 4, 2022

OpenText today published a Nastiest Malware of 2022 report that highlighted how ransomware attacks are evolving into triple threats. In addition to encrypting and stealing data, many attackers now include a distributed denial-of-service (DDoS) attack when victims refuse to cave to ransom demands.

Malware 122

Malware DDOS Ransomware Encryption 122

SecureList

MAY 16, 2023

Download the full version of the report (PDF) Kaspersky Incident Response in various regions and industries In 2022, 45.9% Key trends in 2022: initial attack vectors and impact In 2022, attackers most often penetrated organizations’ infrastructure by exploiting various vulnerabilities in public-facing applications (42.9%).

Ransomware 116

Ransomware Encryption Security Awareness Authentication 116

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 144

Encryption Ransomware Backups VPN 144

Bleeping Computer

APRIL 15, 2022

While countries worldwide have been the frequent target of ransomware attacks, Russia and CIS countries have been avoided by threat actors. The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities. [.].

Ransomware 97

Ransomware Encryption Hacking 97

Malwarebytes

JULY 1, 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. In June, LockBit was the most active ransomware , just as it has been all year. Known ransomware attacks by group, June 2022.

Ransomware 87

Ransomware Software Technology Malware 87

Malwarebytes

JUNE 1, 2022

We can now add “a ransomware attack” to this once static list. When a ransomware attack takes out an organization, they often revert to pen and paper to keep things ticking over. When ransomware locks down a chunk of historical data, things apparently become much more convoluted. Tips to avoid ransomware.

Ransomware 118

Ransomware Backups Encryption Authentication 118

Security Boulevard

JUNE 2, 2022

Ransomware attacks increased by yet another 80% between February 2021 and March 2022, based on an analysis of ransomware payloads seen across the Zscaler cloud. Double-extortion attacks, which include data exfiltration in addition to encryption, are rising even faster at 117% year-over-year. PYSA/Mespinoza. AvosLocker.

Ransomware 105

Ransomware Architecture Manufacturing Encryption 105

Security Affairs

DECEMBER 2, 2022

Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022. The threat actors behind the Cuba ransomware (aka COLDDRAW, Tropical Scorpius ) have demanded over 145 million U.S. “Since spring 2022, Cuba ransomware actors have expanded their TTPs.

Ransomware 83

Ransomware Financial Services Manufacturing Healthcare 83

Malwarebytes

APRIL 17, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 62

Ransomware Backups Encryption Accountability 62

Malwarebytes

MARCH 10, 2022

In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. > BlackByte Ransomware Sample hash: 1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad. Observed since: February 2022 Ransomware note: .<company_name>

Ransomware 68

Ransomware Phishing Accountability Technology 68

Malwarebytes

APRIL 11, 2022

In this March 2022 ransomware review, we go over some of the most successful ransomware incidents based on both open source and dark web intelligence. Ransomware Attacks by Gang. Ransomware Attacks by Country. Ransomware Attacks by Industry. Ransomware Mitigations. Source: IC3.gov.

Ransomware 69

Ransomware Firmware Accountability Technology 69

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 119

Encryption Ransomware Backups VPN 119

Heimadal Security

OCTOBER 17, 2022

Threat actors are targeting exposed Remote Desktop services to encrypt windows devices using the new Venus Ransomware. Venus Ransomware began operating in the middle of August 2022 and has been used to encrypt victims’ machines since then. How Venus […]. How Venus […].

Ransomware 117

Ransomware Encryption Cybersecurity 117

Malwarebytes

FEBRUARY 13, 2023

New encryption routine Victims have reported a new variant of the encryptor that no longer leaves large chunks of data unencrypted. The recovery script released by CISA for organizations that have fallen victim to ESXiArgs ransomware reportedly no longer works for this new variant.

Encryption 64

Encryption Ransomware Internet Internet 64

SecureList

APRIL 15, 2024

builder leaked in 2022. They generated a custom version of the ransomware, which used the aforementioned account credential to spread across the network and perform malicious activities, such as killing Windows Defender and erasing Windows Event Logs in order to encrypt the data and cover its tracks. Revisiting the LockBit 3.0

Ransomware 97

Ransomware Encryption Passwords Accountability 97

Security Affairs

JUNE 3, 2023

Experts noticed that the new Linux ransomware BlackSuit has significant similarities with the Royal ransomware family. Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in Dallas, Texas. Extension: blacksuit.

Ransomware 93

Ransomware Healthcare Encryption Manufacturing 93

eSecurity Planet

JANUARY 6, 2022

About the only consensus on cybersecurity in 2022 is that things will get uglier, but in what ways? Third-party security, ransomware , artificial intelligence (AI) and decentralized finance (DeFi) are some of the threats you can expect to see more of this year – with the potential for far worse results than we’ve seen in the past.

Ransomware 136

Ransomware Cybersecurity Artificial Intelligence CISO 136

CyberSecurity Insiders

FEBRUARY 21, 2023

All these days we have read about ransomware spreading groups stealing data and then threatening to release it online, if the victim fails to pay heed to their demands. But now a new file encrypting malware variant has emerged onto the block that demands ransom, based on the insurance cover.

Insurance 124

Insurance Ransomware Cyber Insurance Encryption 124

CSO Magazine

APRIL 14, 2022

What is Ransomware? Ransomware (ransom + malware) is a form of malware designed to allow malicious actors to extort money from an organization. This is accomplished by using a variety of encryption techniques that lock an organization's files to then force the organization to pay for the key to unlock the data.

Ransomware 111

Ransomware Encryption Malware 111

Security Affairs

MARCH 9, 2023

The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. to deploy the ransomware.

Ransomware 89

Ransomware Encryption Media Phishing 89

Security Affairs

JULY 15, 2022

Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. The ransomware targets a limited types of files, including log files (.log),

Ransomware 125

Ransomware Encryption Malware Hacking 125

Malwarebytes

OCTOBER 20, 2023

Even though it had a long run for a ransomware group, it seems the bell might be tolling for Ragnar Locker. The ransomware group’s infrastructure was also seized in the Netherlands, Germany and Sweden and the associated data leak website was taken down in Sweden. The take down action was carried out between 16 and 20 October.

Ransomware 107

Ransomware Backups Encryption Software 107

Security Affairs

NOVEMBER 28, 2022

Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The key is then RSA encrypted and written to aes.bin.

Ransomware 118

Ransomware Encryption Telecommunications Malware 118