Security Affairs

FEBRUARY 11, 2025

Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The ransomware component is then decrypted and loaded into the SmokeLoader process memory.

Ransomware 84

Ransomware Encryption Backups Malware 84

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. “There will be panic. 428 hospitals.”

Ransomware 303

Ransomware Healthcare Cybercrime Government 303

Krebs on Security

MARCH 7, 2022

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. Before that, Jeffrey Ladish , an information security consultant based in Oakland, Calif.,

Ransomware 280

Ransomware Cryptocurrency DDOS Scams 280

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. Threat actors hit the companys information technology (IT) infrastructure.

Technology 120

Technology Ransomware Engineering Manufacturing 120

Security Affairs

NOVEMBER 1, 2022

Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. KELA identified around 600 victims by analyzing ransomware actors’ blogs and negotiation portals, data leak sites and public reports. The most targeted sector was professional services.

Ransomware 132

Ransomware Cybercrime Hacking Information Security 132

Security Affairs

MARCH 14, 2025

The US Justice Department announced that the LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S. The US Justice Department announced that one of the LockBit ransomware developer, Rostislav Panev (51), has been extradited to the United States. reads the press release published by DoJ.

Ransomware 77

Ransomware Cryptocurrency Small Business Malware 77

Security Affairs

DECEMBER 1, 2023

The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. The average ransom payment was $1.2

Ransomware 135

Ransomware Malware Retail Insurance 135

Security Boulevard

JANUARY 4, 2022

While there have been great advances over the years with respect to information security tools, technologies, training and awareness, significant challenges remain. What follows are my estimations of the top information security challenges for.

Information Security 143

Information Security Technology Security Awareness Risk 143

Security Affairs

APRIL 30, 2025

Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft. Subsequently, to provide coverage for this data theft, they deploy ransomware onto the machine, encrypting all the data and demanding a ransom (T1486 – Data Encrypted for Impact). ” continues the report.

Encryption 113

Encryption Ransomware Malware Phishing 113

Security Affairs

MAY 6, 2025

A new BYOI technique lets attackers bypass SentinelOne EDR, disable protection, and deploy Babuk ransomware by exploiting the agent upgrade process. Once disabled the EDR agent, the attackers deployed the Babuk ransomware. Forensics showed rapid version changes, installer file use, and event log entries tied to EDR tampering.

Ransomware 140

Ransomware Hacking Information Security 140

SecureList

MAY 11, 2023

Ransomware keeps making headlines. In 2022, Kaspersky solutions detected over 74.2M attempted ransomware attacks which was 20% more than in 2021 (61.7M). In 2022, Kaspersky solutions detected over 74.2M attempted ransomware attacks which was 20% more than in 2021 (61.7M). We named it RedAlert/N13V.

Ransomware 140

Ransomware Malware Architecture Telecommunications 140

Security Affairs

FEBRUARY 13, 2025

The group also created the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe.

Telecommunications 118

Telecommunications DNS Passwords Hacking 118

Security Affairs

OCTOBER 11, 2022

Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. ransomware. . ransomware. .

Ransomware 144

Ransomware Encryption Malware Hacking 144

Security Affairs

OCTOBER 22, 2024

Bumblebee has been active since March 2022 when it was spotted by Google’s Threat Analysis Group (TAG), experts noticed that cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns switched to the Bumblebee loader. lnk” that, once executed, starts the attack chain.

Malware 135

Malware Phishing Ransomware Hacking 135

Security Affairs

NOVEMBER 13, 2024

The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. In early July and August of 2022, the researchers noticed several Cisco RV320s , DrayTek Vigor routers , and NETGEAR ProSAFEs that were part of the botnet. ” continues the report.

VPN 134

VPN Government Malware Manufacturing 134

Security Affairs

JUNE 6, 2025

Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat actors are actively exploiting Fortigate vulnerabilities (CVE-2024-21762, CVE-2024-55591, and others) to deploy Qilin ransomware. CISA confirmed that the flaw CVE-2025-24472 is known to be used in ransomware campaigns.

Ransomware 52

Ransomware Authentication VPN Healthcare 52

Security Affairs

MAY 12, 2024

Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported. The FBI, CISA, HHS, and MS-ISAC have issued a joint Cybersecurity Advisory (CSA) regarding the Black Basta ransomware activity as part of the StopRansomware initiative. ” reads the CSA.

Ransomware 144

Ransomware Hacking Healthcare Retail 144

Security Affairs

MAY 31, 2022

Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. The experts warn of ransomware attacks against government organizations. They observed a total of 48 government organizations from 21 countries that were hit by 13 ransomware attacks in 2022.

Government 145

Government Ransomware Cybercrime Banking 145

Security Affairs

NOVEMBER 28, 2022

Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations.

Ransomware 143

Ransomware Encryption Telecommunications Malware 143

Security Affairs

MAY 24, 2025

The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. Linked to BazarCall campaigns, the group previously enabled Ryuk and Conti ransomware attacks. FBI warns Silent Ransom Group has targeted U.S. law firms using phishing and social engineering.

Social Engineering 125

Social Engineering Antivirus Phishing Engineering 125

Security Affairs

FEBRUARY 17, 2025

On February 11, 2025, the US, UK, and Australia sanctioned a Russian bulletproof hosting services provider and two Russian administrators because they supported Russian ransomware LockBit operations. Dutch police seized 127 servers of the bulletproof hosting service Zservers/XHost after government sanctions.

Cybercrime 84

Cybercrime Ransomware Hacking Advertising 84

Security Affairs

OCTOBER 16, 2022

Threat actors have compromised hundreds of servers exploiting critical flaw CVE-2022-41352 in Zimbra Collaboration Suite (ZCS). Last week, researchers from Rapid7 warned of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352 , in the Zimbra Collaboration Suite. reported Rapid7. “We

Hacking 143

Hacking Antivirus Telecommunications Engineering 143

Security Affairs

JUNE 8, 2022

Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. SecurityAffairs – hacking, Black Basta ransomware). Pierluigi Paganini.

Encryption 145

Encryption Ransomware Malware Hacking 145

Security Affairs

DECEMBER 21, 2022

Play ransomware attacks target Exchange servers with a new exploit that bypasses Microsoft’s ProxyNotShell mitigations. Play ransomware operators target Exchange servers using a new exploit chain, dubbed OWASSRF by Crowdstrike, that bypasses Microsoft’s mitigations for ProxyNotShell vulnerabilities.

Ransomware 143

Ransomware Authentication Hacking Cybercrime 143

Security Affairs

SEPTEMBER 30, 2023

Federal Bureau of Investigation (FBI) warns of dual ransomware attacks aimed at the same victims. Federal Bureau of Investigation (FBI) is warning of dual ransomware attacks, a new worrisome trend in the threat landscape that sees threat actors targeting the same victims two times. ” continues the alert. .

Ransomware 144

Ransomware Architecture Encryption Malware 144

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. Pierluigi Paganini.

Hacking 144

Hacking Ransomware Technology Cybersecurity 144

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 141

Ransomware Encryption Insurance Malware 141

Security Affairs

OCTOBER 19, 2022

Researchers at Palo Alto Network’s Unit 42 linked the Ransom Cartel ransomware operation to the REvil ransomware operations. Researchers at Palo Alto Network’s Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil cybercrime gang. ” continues the report. ” .

Ransomware 142

Ransomware Encryption Engineering Cybercrime 142

Security Affairs

JUNE 6, 2022

LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. ransomware to evade sanctions. Pierluigi Paganini.

Hacking 145

Hacking Ransomware Cybersecurity Cybercrime 145

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks.

Malware 142

Malware Ransomware Banking Healthcare 142

Security Affairs

OCTOBER 27, 2023

The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and defense contractor Boeing and threatened to leak the stolen data. In 2022, Boeing recorded $66.61 billion in sales, the aerospace giant has 156,000 (2022). In 2022, Boeing recorded $66.61 ransomware ??????: ” ?????????:

Ransomware 145

Ransomware Manufacturing InfoSec Hacking 145

Security Affairs

JULY 15, 2022

Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. ” concludes Microsoft.

Ransomware 145

Ransomware Cryptocurrency Government Small Business 145

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 144

Ransomware Encryption Backups Malware 144

Security Affairs

JULY 23, 2022

DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. ” reads the announcement published by DoJ.

Ransomware 145

Ransomware Healthcare Cryptocurrency Encryption 145

Security Affairs

JANUARY 11, 2025

According to the indictment, the defendants operated cryptocurrency mixers that served as safe havens for laundering criminally derived funds, including the proceeds of ransomware and wire fraud, said Principal Deputy Assistant Attorney General Brent S. were allegedly used for laundering funds from ransomware and cybercrimes.

Cybercrime 85

Cybercrime Cryptocurrency Hacking Ransomware 85

Security Affairs

JULY 9, 2024

Avast developed and released a decryptor for the DoNex ransomware family that allows victims to recover their files for free. Avast researchers identified a cryptographic flaw in the DoNex ransomware and its predecessors that allowed them to develop a decryptor. “All brands of the DoNex ransomware are supported by the decryptor.”

Ransomware 137

Ransomware Encryption Passwords Hacking 137

Security Affairs

SEPTEMBER 29, 2022

The recently born Bl00Dy Ransomware gang has started using the recently leaked LockBit ransomware builder in attacks in the wild. The Bl00Dy Ransomware gang is the first group that started using the recently leaked LockBit ransomware builder in attacks in the wild. Ransomware. builder to create its own ransomware.

Ransomware 135

Ransomware Hacking Encryption Passwords 135