This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.
Russian authorities sentenced four members of the REvil ransomware operation to several years in prison in Russia. Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. in March 2022.
A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. In December 2023, CISA, the FBI, and ACSC warned of Play ransomware’s operation that hit 300 victims by October 2023. ” The Play ransomware group follows a double extortion model.
BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack.
Experts warn of a new wave of attacks involving the Bumblebee malware, months after Europol’s ‘ Operation Endgame ‘ that disrupted its operations in May. The Bumblebee malware loader has resurfaced in new attacks, four months after Europol disrupted it during “ Operation Endgame ” in May.
Qilin ransomware gang now offers a “Call Lawyer” feature to help affiliates pressure victims into paying, per Cybereason. The Qilin ransomware group is now offering legal support to its affiliates through a “Call Lawyer” feature to pressure victims into paying. ” reads the report published by Cybereason.
US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group. Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. The man is accused of being a LockBit ransomware developer from 2019 through at least February 2024.
By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild.
Of particular concern this month is CVE-2022-24521 , which is a “privilege escalation” vulnerability in the Windows common log file system driver. Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component ( RPC ) that earned a CVSS score of 9.8 (10
Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But according to Microsoft and an advisory from the U.S. National Security Agency (NSA).
Shefel asserts he and his team were responsible for developing the card-stealing malware that Golubov’s hackers installed on Target and Home Depot payment terminals, and that at the time he was technical director of a long-running Russian cybercrime community called Lampeduza. “I’m also godfather of his second son.”
Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev for his alleged role in multiple ransomware attacks. ” reported RIA Novosti.
Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. ” Microsoft wrote on X. .
Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack. A few days later, the ransomware gang Hive leaked the alleged stolen files on its Tor leak site.
The company said it would roll out the changes in stages between April and June 2022. As Ars Technica veteran reporter Dan Goodin put it , “security professionals—some who have spent the past two decades watching clients and employees get infected with ransomware, wipers, and espionage with frustrating regularity—cheered the change.”
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. Image: Varonis. The upshot? ” Meanwhile, the U.S.
Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code.
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The bug already seeing exploitation is CVE-2022-44698 , which allows attackers to bypass the Windows SmartScreen security feature.
The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic. SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much.
SonicWall’s mid-year report update has been released with new information on malware, ransomware, cryptojacking and more. The post 2022 cyber threat report details growing trends appeared first on TechRepublic.
A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.
Figures of the year In 2022, Kaspersky mobile products and technology detected: 1,661,743 malicious installers 196,476 new mobile banking Trojans 10,543 new mobile ransomware Trojans Trends of the year Mobile attacks leveled off after decreasing in the second half of 2021 and remained around the same level throughout 2022.
But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents. Among those is CVE-2022-22005 , a weakness in Microsoft’s Sharepoint Server versions 2013-2019 that could be exploited by any authenticated user.
authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. First surfacing in September 2019, the gang is estimated to have made hundreds of millions of U.S. Ivan Gennadievich Kondratyev , a.k.a.
As ransomware attacks continued this year, a few key groups inflicted some of the greatest damage to their victims. The post The most dangerous and destructive ransomware groups of 2022 appeared first on TechRepublic.
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. News of the Trickbot compromise was first published here on Oct.
Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The ransomware component is then decrypted and loaded into the SmokeLoader process memory.
government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023.
Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.
This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware.
But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes. Campbell, Calif. They don’t need it.
Looking back, 2021 was a breakout year for ransomware around the globe, with ransoms spiking to unprecedented multi-million dollar amounts. Related: Colonial Pipeline attack ups ransomware ante. EDR systems are supposed to protect IT system endpoints against these very malware, ransomware, and other types of malicious code.
indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices and was used in ransomware attacks. authorities have indicted Russian national Rustam Gallyamov, the leader of the Qakbot operation, which infected over 700,000 computers and facilitated ransomware attacks. and abroad.
Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft. Their campaigns involve multi-phase intrusions, initial access, privilege escalation, and data exfiltration, using modular malware, LOTL techniques, and evasive C2 infrastructure. ” reads the report published by PRODAFT.
The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. The average ransom payment was $1.2
The US Justice Department announced that the LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S. The US Justice Department announced that one of the LockBit ransomware developer, Rostislav Panev (51), has been extradited to the United States. reads the press release published by DoJ.
The Qilin ransomware group claims responsibility for attacking the newspaper Lee Enterprises, stealing 350GB of data. The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises , Inc. is a publicly traded American media company.
Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. Editors note: This report was authored by Gautham Ashok & Alexa Feminella.
I had the chance at RSA Conference 2022 to visit with John Shier, senior security advisor at Sophos, a security software and hardware company. It might be someone who specializes in embedding droppers – a type of malware delivery tool designed to stealthily install the endgame payload, Shier says. Teeming criminal activity.
Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community.
Ransomware keeps making headlines. In 2022, Kaspersky solutions detected over 74.2M attempted ransomware attacks which was 20% more than in 2021 (61.7M). In 2022, Kaspersky solutions detected over 74.2M attempted ransomware attacks which was 20% more than in 2021 (61.7M). We named it RedAlert/N13V.
Kaspersky offers various services to organizations that have been targeted by cyberattackers, such as incident response, digital forensics, and malware analysis. Download the full version of the report (PDF) Kaspersky Incident Response in various regions and industries In 2022, 45.9%
The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. In early July and August of 2022, the researchers noticed several Cisco RV320s , DrayTek Vigor routers , and NETGEAR ProSAFEs that were part of the botnet. ” continues the report.
Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. The gang claims to have breached the corporate network on October 3rd, 2022.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content