Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. “In addition, the attacker panel has been improved, some UI issues were fixed and the authors added an option to encrypt the builds right from the panel and downloaded it as a DLL.”

Cybercrime 130

Cybercrime Malware Cryptocurrency Advertising 130

Malwarebytes

JUNE 30, 2021

A coordinated effort between global law enforcement agencies—led by the Dutch National Police—shut down a VPN service that was advertised on cybercrime forums. The VPN company promised users the ability to double- and triple-encrypt their web traffic to obscure their location and identity. ” Click “Save Settings.”

VPN 140

VPN Cybercrime Encryption Advertising 140

Security Affairs

MARCH 17, 2020

Operators behind a new piece of ransomware dubbed Nefilim have started threatening victims to release stolen data like other cybercrime gangs. Nefilim will encrypt a file using AES-128 encryption, then the AES encryption key is encrypted using an RSA-2048 public key that is embedded in the ransomware executable.

Ransomware 137

Ransomware Encryption Cybercrime Malware 137

SecureWorld News

MARCH 29, 2024

The concept of the term "malvertising" (a portmanteau of "malicious advertising") suggests an overlap with ads, albeit dodgy ones, and therefore fuels the fallacy that its impact hardly goes beyond frustration. A stepping stone to impactful cybercrime This tactic has tangible real-world implications.

Cybercrime 108

Cybercrime Advertising Engineering Antivirus 108

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. Most of the attacks targeted non-standard ports and experts observed a spike in the number of encrypted malware. million encrypted malware attacks, +27% over the previous year. .”

IoT 110

IoT Encryption Malware Advertising 110

Security Affairs

OCTOBER 23, 2018

Now experts from Check Point have discovered a new version that is being advertised in an underground forum. ” The new variant implements a new encryption method used to protect the hardcoded C&C domain string. ” The new variant implements a new encryption method used to protect the hardcoded C&C domain string.

Marketing 105

Marketing Cybercrime Cryptocurrency Advertising 105

Security Affairs

MARCH 2, 2025

3 cyberattack led to unauthorized access, file withdrawals, and encryption of critical applications. “Preliminary investigations indicate that threat actors unlawfully accessed the Companys network, encrypted critical applications, and exfiltrated certain files. The company reported to the SEC that a Feb.

Ransomware 76

Ransomware Cybercrime Encryption Healthcare 76

Security Affairs

DECEMBER 30, 2019

The United Nations on Friday have approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. The United Nations on Friday has approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. It will only serve to stifle global efforts to combat cybercrime.”

Cybercrime 94

Cybercrime Surveillance Spyware Government 94

Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption 98

Encryption Ransomware Advertising Malware 98

Malwarebytes

SEPTEMBER 15, 2023

The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the last 24 months. Stop malicious encryption. The report also discusses the criminal organizations behind cyberattacks and the influence of geopolitical events.

Cybercrime 122

Cybercrime Ransomware DDOS Backups 122

Malwarebytes

JUNE 3, 2021

Since the initial lockdown, we have seen the rise of certain types of cybercrime, including scams and fraud campaigns that either bank on the global COVID-19 pandemic or take advantage of potential victims that adhere to work-from-home measures. Future cybercrimes in the UK and beyond. Organized crime: Online fraud.

Cybercrime 107

Cybercrime Scams Ransomware Phishing 107

Security Affairs

JUNE 30, 2021

Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. “International law enforcement continues to work collectively against facilitators of cybercrime, wherever and however it is committed. SecurityAffairs – hacking, cybercrime ).

VPN 141

VPN Cybercrime Encryption Advertising 141

Krebs on Security

FEBRUARY 16, 2022

The same day the ICRC went public with its breach, someone using the nickname “ Sheriff ” on the English-language cybercrime forum RaidForums advertised the sale of data from the Red Cross and Red Crescent Movement. This in turn allowed them to access the data, despite this data being encrypted.”

Hacking 304

Hacking Ransomware Media Accountability 304

Krebs on Security

DECEMBER 19, 2023

. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.” BlackCat attacks usually involve encryption and theft of data; if victims refuse to pay a ransom, the attackers typically publish the stolen data on a BlackCat-linked darknet site. .”

Ransomware 327

Ransomware Cybercrime Advertising Encryption 327

Security Affairs

DECEMBER 2, 2019

The malicious code executes a small program, just before starting the encryption process, to disable security tools running on the infected systems that could detect its operations. These are encrypted under the suffix. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 144

Ransomware Encryption Advertising Cybercrime 144

Penetration Testing

JUNE 9, 2025

vip Linux variants of GOREshell disguised as system daemons like snapd and update-notifier The GOREshell backdoor is implemented in the Go programming language, obfuscated using Garble, and contains embedded SSH keys for encrypted C2 communications. Support independent cybersecurity journalism.

Penetration Testing 90

Penetration Testing Advertising Cybersecurity DNS 90

Security Affairs

OCTOBER 31, 2020

The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. The cybercrime gang published some screenshots showing directories and files from the systems of the breached company. “Absolutely all servers and working computers of the company are hacked and encrypted.

Hacking 145

Hacking Ransomware Advertising Encryption 145

Security Affairs

JANUARY 30, 2021

The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground. The availability of the master decryption key allows the victims to recover their encrypted files for free. Unfortunately, at the time of writing the RAR archive is not available.

Ransomware 142

Ransomware Encryption Malware Cybercrime 142

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption 96

Encryption Ransomware Malware Scams 96

Krebs on Security

SEPTEMBER 20, 2021

Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground. Perhaps this particular retailer also did so at one point, however my message was returned with a note saying the email had been blocked.

Retail 359

Retail Healthcare Internet Internet 359

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort began in 2009 as “ super-socks[.]com SocksEscort began in 2009 as “ super-socks[.]com com, super-socks[.]com,

Malware 244

Malware VPN Internet Internet 244

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec hacking activity surged in the past year and the cybercrime gang was spotted using a new GhostLocker 2.0 GhostSec is a financially motivated threat actor that is also involved in hacktivism-related operations.

Ransomware 141

Ransomware Encryption Cybercrime Hacking 141

Security Affairs

NOVEMBER 1, 2020

The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019. Pierluigi Paganini. SecurityAffairs – hacking, Maze).

Ransomware 145

Ransomware Cybercrime Advertising Software 145

Security Affairs

OCTOBER 20, 2018

The developers of the GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The authors of the infamous GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. Security Affairs – GandCrab ransomware, cybercrime ).

Ransomware 111

Ransomware Cybercrime Identity Theft Advertising 111

Security Affairs

OCTOBER 11, 2020

The actors behind FONIX RaaS advertised several products on various cybercrime forums. “Notably, FONIX varies somewhat from many other current RaaS offerings in that it employs four methods of encryption for each file and has an overly-complex post-infection engagement cycle.” ” concludes the report.

Ransomware 129

Ransomware Encryption Advertising DDOS 129

Zero Day

JUNE 6, 2025

The data in question was posted on a Russian cybercrime forum on May 15 and then uploaded again on June 3, apparently garnering attention from other cybercriminals and potential buyers. The hackers say that the dates of birth and social security numbers were originally encrypted but have since been decrypted and are now visible in plain text.

Password Management 128

Password Management Passwords Identity Theft Artificial Intelligence 128

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. ” reported BleepingComputer. Pierluigi Paganini.

Ransomware 138

Ransomware Encryption Advertising Malware 138

Security Affairs

NOVEMBER 4, 2020

. “On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 142

Ransomware Advertising Retail Malware 142

Security Affairs

OCTOBER 2, 2018

GandCrab operates like a classic ransomware, it encrypts all user files and drops some ransom notes on the infected machine. to allow the code to encrypt the files opened by these applications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Securi ty Affairs – ransomare, cybercrime).

Ransomware 111

Ransomware Encryption Advertising Malware 111

Security Affairs

MARCH 13, 2025

Medusa operators leverage legitimate remote access tools like AnyDesk, Atera, and Splashtop, alongside RDP and PsExec, to move laterally and locate files for exfiltration and encryption. Encryption is executed using gaze.exe , which disables security tools, deletes backups, and encrypts files with AES-256 before dropping a ransom note.

Ransomware 68

Ransomware Encryption Cryptocurrency Insurance 68

Security Affairs

OCTOBER 26, 2019

Even though encryption should be taken seriously by businesses of all sizes, only a small fraction of the corporate sector puts their back on it. According to Juniper Research , up to 13% of the cybercrime market thrives because of the small business. Why is Encryption a Feasible Option against Digital Threats? Final Thoughts.

Encryption 71

Encryption Ransomware Cybercrime Cyber threats 71

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. “On one of the compromised information systems, experts found encrypted files with the extension “ newversion.”

Government 142

Government Ransomware Encryption Penetration Testing 142

Security Affairs

DECEMBER 10, 2021

Another one used to encrypt companies' networks. Unlike other malware, ALPHV (BlackCat) is the first Rust ransomware that was used in attacks in the wild by a cybercrime organization. Filemarker 19 47 B7 4D at EOF and before the encrypted key, which is JSON with some settings. Also look at that UI. Back to '80s?

Ransomware 120

Ransomware Malware Cybercrime Encryption 120

Krebs on Security

APRIL 4, 2024

Launched in 2008, privnote.com employs technology that encrypts each message so that even Privnote itself cannot read its contents. In keeping with the overall theme, these phishing domains appear focused on stealing usernames and passwords to some of the cybercrime underground’s busiest shops, including Brian’s Club.

Phishing 293

Phishing Cryptocurrency DDOS Internet 293

Security Affairs

MAY 27, 2020

Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. The PonyFinal ransomware usually adds the “ enc” extension to the names of the encrypted files, it drops a ransom note (named README_files.txt) on the infected systems.

Ransomware 136

Ransomware Security Intelligence Encryption Advertising 136

Security Affairs

MARCH 16, 2020

The security breach exposed name, email addresses, encrypted/hashed passwords, IP addresses, App IDs (32-character strings used to make requests to our service) associated with users’ accounts, personal and/or business names and addresses for some users, country of residence (if provided, website address (if provided).

Data breaches 138

Data breaches Passwords Advertising Accountability 138

Security Affairs

APRIL 3, 2021

In February, the Spanish student Javier Yuste released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Over the months Avaddon ransomware operators continued to promote their services in cybercrime forums to recruit more people to the network of its affiliates.

Ransomware 137

Ransomware Encryption Malware Cybercrime 137