Advertising, Cryptocurrency and Ransomware

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

MAY 14, 2021

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform.

Ransomware

Ransomware Cryptocurrency Cybercrime Healthcare

Crooks impersonate brands using search engine advertisement services

Security Affairs

DECEMBER 26, 2022

The FBI warns of cybercriminals using search engine advertisement services to impersonate brands and defraud users. The FBI is warning of cyber criminals using search engine advertisement services to impersonate brands and direct users to websites that were used to defraud users. ” reads the advisory published by the FBI.

Advertising

Advertising Engineering Education Internet

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

APRIL 29, 2021

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes. ” A proposed framework for a public-private operational ransomware campaign.

Ransomware

Ransomware Government Healthcare Cryptocurrency

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang

Krebs on Security

JUNE 7, 2021

million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. The funds had been sent to DarkSide , a ransomware-as-a-service syndicate that disbanded after a May 14 farewell message to affiliates saying its Internet servers and cryptocurrency stash were seized by unknown law enforcement entities.

Ransomware

Ransomware Cybercrime Cryptocurrency Healthcare

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Krebs on Security

JANUARY 28, 2022

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. The nickname “ YBCat ” advertised that same ToX ID on Carder[.]uk,

Ransomware

Ransomware Accountability Cybercrime Malware

Threat Actors Merging Malicious Activity With Cryptocurrency Show How the Attack Landscape is Developing in Decentralized Finance

Security Boulevard

AUGUST 2, 2022

Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. It is easy to detect and block things like malicious cryptocurrency apps or crypto-phishing websites.

Cryptocurrency

Cryptocurrency Ransomware Government Risk

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

Cryptojacking, as defined by the Federal Trade Commission , is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. Related: Why cryptojacking is more insidious than ransomware. LW: So cryptocurrency got discovered as the ideal payment vehicle for ransomware.

Cryptocurrency

Cryptocurrency Passwords Ransomware Malware

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

G7 Finance ministers expressed concern on Tuesday over the rise in ransomware attacks during the Covid-19 pandemic, including some involving cryptocurrencies. G7 Finance ministers warn of ransomware attacks that have been growing in scale, sophistication, and frequency over the past two years. ” continues the statement.

Ransomware

Ransomware Cryptocurrency Financial Services Banking

Nitro Ransomware asks for Gift Cards as ransom

CyberSecurity Insiders

APRIL 30, 2021

Nitro Ransomware, a new variant of file encrypting malware is shaking up the internet by demanding Discord Nitro Gift Cards from victims instead of cryptocurrency. that allows its subscribers to upload files that are large and also offers to its users better emoji option along with HD Video streaming that is free of advertisements.

Ransomware

Ransomware Encryption Cryptocurrency Internet

Sodinokibi Ransomware crew chooses Monero for ransom payments

Security Affairs

APRIL 13, 2020

The crew behind the Sodinokibi Ransomware plans to stop accepting Bitcoin and switched on Monero cryptocurrency to hide the money trail. The gang behind the Sodinokibi Ransomware has started accepting the Monero cryptocurrency instead of Bitcoin to make it harder investigation by law enforcement agencies.

Ransomware

Ransomware Cryptocurrency Advertising Hacking

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. ru , which at one point advertised the sale of wooden staircases. Last week, the United States joined the U.K. Another domain registered to that phone number was stairwell[.]ru

Ransomware

Ransomware Cybercrime Accountability Malware

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. The malicious code combines features from different families of malware such as ransomware, cryptocurrency miners, botnets, and worms. ” continues the report.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

SecureList

OCTOBER 24, 2023

In this article, we share excerpts from our reports on malware that has been active for less than a year: the GoPIX stealer targeting the PIX payment system, which is gaining popularity in Brazil; the Lumar multipurpose stealer advertised on the dark web; and the Rhysida ransomware supporting old Windows versions.

Ransomware

Ransomware Malware Advertising Passwords

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

The Department of Justice has charged the two Chinese nationals for laundering cryptocurrency for North Korea-linked APT groups. for helping North Korea-linked hackers in laundering cryptocurrency. The cryptocurrency have been stolen by the APT groups from two cryptocurrency exchanges. and Li Jiadong (???),

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

The source code for the KPot information stealer was put up for auction and the REvil ransomware operators want to acquire it. The authors of KPot information stealer have put its source code up for auction , and the REvil ransomware operators will likely be the only group to bid. KPOT source code up for sale! Pierluigi Paganini.

Ransomware

Ransomware Malware Advertising Cybercrime

LockBit ransomware gang claims to have stolen data from PayBito crypto exchange

Security Affairs

FEBRUARY 5, 2022

LockBit ransomware gang claims to have stolen customers’ data from the PayBito crypto exchange. PayBito is a bitcoin and cryptocurrency exchange for major cryptocurrencies including Bitcoin Cash, Bitcoin, Ethereum, HCX, Litecoin, Ethereum Classic. Like other ransomware gangs, Lockbit 2.0 affiliate program. .

Ransomware

Ransomware Cryptocurrency Hacking Advertising

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. Image: Malwarebytes.

Ransomware

Ransomware Accountability Cybercrime Passwords

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

Coronavirus -themed attacks continue to increase, experts observed new Coronavirus ransomware that acts as a cover for Kpot Infostealer. In this campaign, crooks are exploiting the interest in the Coronavirus (COVID-19) outbreak to deliver a couple of malware, the CoronaVirus Ransomware and the Kpot information-stealing Trojan.

Ransomware

Ransomware Cryptocurrency Advertising Passwords

Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!

Anton on Security

FEBRUARY 7, 2024

This quick and easy money maker serves a clear profit motive for criminal actors, as it allows threat actors to use a victim’s cloud processing power to mine for cryptocurrency in a shorter period of time. ” [ A.C. — free ransomware in the cloud is often different from the classics ] Now, go and read the report!

Cybersecurity

Cybersecurity Ransomware Passwords Cryptocurrency

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Cryptocurrency

Cryptocurrency Financial Services Banking Government

DarkSide Ransomware gang targets Toshiba Business

CyberSecurity Insiders

MAY 17, 2021

After hitting US Fuel supplier Colonial Pipeline, DarkSide Ransomware Group has now targeted Toshiba Business that offers printing and scanning equipment and tools to businesses worldwide. After a 6 day outage of Colonial Pipeline due to a ransomware attack, the Biden administration ordered an investigation in this regard.

Ransomware

Ransomware Cryptocurrency Cybercrime Advertising

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

Security Affairs

DECEMBER 8, 2023

Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange has pleaded in a money-laundering scheme. Anatoly Legkodymov (41) (aka Anatolii Legkodymov, Gandalf, and Tolik), the Russian founder of the unlicensed Bitzlato cryptocurrency exchange, has pleaded guilty in a money-laundering scheme.

Cryptocurrency

Cryptocurrency Marketing Advertising Hacking

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

MARCH 28, 2019

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. In 2018, the Lazarus APT group targeted several cryptocurrency exchanges , including the campaign tracked as Operation AppleJeus discovered in August 2018. ” Kaspersky says. .

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Cryptocurrency Attacks to be Aware of in 2021

Digital Shadows

JUNE 7, 2021

It’s been a pretty big year so far for cryptocurrency. Cryptocurrencies’ current total market cap sits just above $1.7 The cryptocurrency exchange Coinbase recently launched an IPO, India has reversed a ban on cryptocurrencies, and ransomware groups continue to demand payment in anonymity-based cryptocurrency.

Cryptocurrency

Cryptocurrency Phishing Advertising Antivirus

Venezuelan cardiologist accused of operating and selling Thanos ransomware

Security Affairs

MAY 17, 2022

Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling the Thanos ransomware. Thanos ransomware (a.k.a.

Ransomware

Ransomware Cybercrime VPN Malware

Sodinokibi ransomware gang launches auction site to sell stolen data

Security Affairs

JUNE 3, 2020

REvil /Sodinokibi ransomware operators launch an auction site to sell data stolen from victims that have chosen to not pay the ransom. The Sodinokibi ransomware operators have launched an eBay-like auction site for stolen data where they plan to sell data stolen from the victims. SecurityAffairs – ransomware, cybersecurity).

Ransomware

Ransomware Advertising Cryptocurrency Malware

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs

APRIL 24, 2020

The popular SeaChange video platform is the latest victim of the Sodinokibi Ransomware gang, which is threatening to leak the stolen data. SeaChange International, the multinational supplier of video delivery software solutions, was the victim of the Sodinokibi Ransomware gang. SecurityAffairs – Sodinokibi Ransomware, hacking).

Software

Software Ransomware VPN Advertising

SentinelOne released free decryptor for ThiefQuest ransomware

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. macOS ransomware #decryptor ( #EvilQuest )! |

Ransomware

Ransomware Encryption Malware InfoSec

Black Kingdom ransomware operators exploit Pulse VPN flaws

Security Affairs

JUNE 15, 2020

Black Kingdom ransomware operators are targeting organizations using unpatched Pulse Secure VPN software to deploy their malware. Black Kingdom ransomware was first spotted in late February by security researcher GrujaRS. Black Kingdom ransomware was first spotted in late February by security researcher GrujaRS.

VPN

VPN Ransomware Advertising Encryption

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

Security Affairs

MARCH 15, 2024

.” The marketplace allowed buyers to pay using cryptocurrency exchange and online payment system Perfect Money. The platform provided an illicit cryptocurrency exchange service for converting Bitcoin to Perfect Money and vice versa. The authorities also seized the exchange platform.

Cybercrime

Cybercrime Cryptocurrency Advertising Passwords

Who is Alleged Medibank Hacker Aleksandr Ermakov?

Krebs on Security

JANUARY 26, 2024

33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. REvil is a ransomware-as-a-service (RaaS) operation and generally motivated by financial gain,” a statement from the U.S.

Cybercrime

Cybercrime Ransomware Retail Insurance

STOP ransomware encrypts files and steals victim’s data

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. ” reads a blog post published by Bleepingcomputer.

Encryption

Encryption Ransomware Cryptocurrency Passwords

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

As the world marks the second Anti-Ransomware Day, there’s no way to deny it: ransomware has become the buzzword in the security community. Yet, much of the media attention ransomware gets is focused on chronicling which companies fall prey to it. Part I: Three preconceived ideas about ransomware.

Ransomware

Ransomware Encryption Malware Cybercrime

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 28, 2024

Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin Cryptocurrencies and cybercrime: A critical intermingling Kaiser Permanente data breach may have impacted (..)

Cybercrime

Cybercrime Spyware Data breaches Antivirus

Dark web threats and dark market predictions for 2024

SecureList

JANUARY 17, 2024

Notable among these was BunnyLoader , inexpensive and feature-rich malware capable of stealing sensitive data and cryptocurrency. This points to a continuous rise in companies falling prey to ransomware. They typically emerge when a new ransomware group appears.

Marketing

Marketing Cryptocurrency Malware Ransomware

Tools to Identify Exfiltration of Large Cryptocurrency Holdings Will Reduce Risk of Large Cyberattacks and Fraud on DeFi Platforms

Security Boulevard

MAY 27, 2022

The Exfiltration Phase of The Kill Chain of a Cryptocurrency-Based Attack Provides the Greatest Opportunity to Identify Cybercriminals. Cryptocurrency gained through illicit means is less useable than other assets due to the way cryptocurrency systems currently do not fully protect owner identity and allow for only limited liquidity.

Cryptocurrency

Cryptocurrency Risk Marketing Architecture

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Security Affairs

MAY 7, 2021

The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. Group-IB Threat Intelligence & Attribution team found that Hancitor is being actively used by the threat actors to deploy Cuba ransomware. Cuba ransomware has been active since at least January 2020.

Ransomware

Ransomware Education Manufacturing Malware

Security Affairs newsletter Round 400 by Pierluigi Paganini

Security Affairs

JANUARY 1, 2023

Personal health information of 42M Americans leaked between 2016 and 2021 Malvertising campaign MasquerAds abuses Google Ads New Linux malware targets WordPress sites by exploiting 30 bugs NETGEAR fixes a severe bug in its routers. Patch it asap! Follow me on Twitter: @securityaffairs and Facebook and Mastodon. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Advertising Cryptocurrency Hacking

Sodinokibi gang hacked law firm of the celebrities and threatens to release the docs

Security Affairs

MAY 9, 2020

The Sodinokibi ransomware gang stolen gigabytes of legal documents from the law firm of the stars, Grubman Shire Meiselas & Sacks (GSMLaw). The Sodinokibi ransomware gang has published a screenshot of the folders they have stolen from the law firm. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Ransomware Advertising Cryptocurrency

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Apple created post-quantum cryptographic protocol PQ3 for iMessage Russian hacker is set to face trial for the hack of a local power grid Microsoft released red teaming tool PyRIT for Generative AI CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week FTC charged Avast with selling users’ browsing data to advertising companies (..)

Spyware

Spyware Cyber Insurance Hacking Advertising

Ukraine police and Binance dismantled a cyber gang behind $42M money laundering

Security Affairs

AUGUST 18, 2020

Ukrainian authorities arrested the members of a cybercrime gang who ran 20 cryptocurrency exchanges involved in money laundering. Police in Ukraine announced the arrest of the members of a cybercrime gang composed of three individuals who ran 20 cryptocurrency exchanges used in money laundering activities. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Computers and Electronics Cybercrime Digital transformation

No “Apple magic” as 11% of macOS detections last year came from malware

Malwarebytes

MARCH 5, 2024

As revealed in our 2024 ThreatDown State of Malware report, a full 11% of all detections recorded by Malwarebytes on Mac computers in 2023 were for different variants of malware—the catch-all term that cybersecurity researchers use to refer to ransomware, trojans, info stealers, worms, viruses, and more.

Malware

Malware Adware Ransomware Social Engineering

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs

MAY 2, 2023

“Web resources offered users anonymous exchange of cryptocurrencies. Exchange services were advertised on closed hacker forums.” ” Many of these services are advertised on cybercrime forums, the services were offering support in both Russian and English. . authorities.”

Cybercrime

Cybercrime Cryptocurrency Advertising Education

U.S. DoJ charges Iranian duo over SamSam Ransomware activity

Security Affairs

NOVEMBER 29, 2018

DoJ charges two Iranian men over their alleged role in creating and spreading the infamous SamSam ransomware. Two Iranian men, Faramarz Shahi Savandi (34) and Mohammad Mehdi Shah Mansouri (27) have been charged by DoJ for their role in creating and distributing the dreaded SamSam ransomware. ” reads the DoJ indictment. .

Ransomware

Ransomware Encryption Advertising Backups

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Crooks impersonate brands using search engine advertisement services

Webinars

Trending Sources

Task Force Seeks to Disrupt Ransomware Payments

Webinars

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Threat Actors Merging Malicious Activity With Cryptocurrency Show How the Attack Landscape is Developing in Decentralized Finance

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The G7 expresses its concern over ransomware attacks

Nitro Ransomware asks for Gift Cards as ransom

Sodinokibi Ransomware crew chooses Monero for ransom payments

How Did Authorities Identify the Alleged Lockbit Boss?

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

US officials charge two Chinese men for laundering cryptocurrency for North Korea

REvil Ransomware member win the auction for KPot stealer source code

LockBit ransomware gang claims to have stolen data from PayBito crypto exchange

Who’s Behind the GandCrab Ransomware?

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!

U.S. Indicts North Korean Hackers in Theft of $200 Million

DarkSide Ransomware gang targets Toshiba Business

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Cryptocurrency Attacks to be Aware of in 2021

Venezuelan cardiologist accused of operating and selling Thanos ransomware

Sodinokibi ransomware gang launches auction site to sell stolen data

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

SentinelOne released free decryptor for ThiefQuest ransomware

Black Kingdom ransomware operators exploit Pulse VPN flaws

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

Who is Alleged Medibank Hacker Aleksandr Ermakov?

STOP ransomware encrypts files and steals victim’s data

Ransomware world in 2021: who, how and why

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Dark web threats and dark market predictions for 2024

Tools to Identify Exfiltration of Large Cryptocurrency Holdings Will Reduce Risk of Large Cyberattacks and Fraud on DeFi Platforms

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Security Affairs newsletter Round 400 by Pierluigi Paganini

Sodinokibi gang hacked law firm of the celebrities and threatens to release the docs

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukraine police and Binance dismantled a cyber gang behind $42M money laundering

No “Apple magic” as 11% of macOS detections last year came from malware

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

U.S. DoJ charges Iranian duo over SamSam Ransomware activity

Stay Connected