Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. Like other ransomware operations, LockBit 2.0

Encryption 144

Encryption Ransomware Malware Hacking 144

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The activity of the gang was relatively quiet during the COVID-19 outbreak since May 4, when the ransomware operators launched a massive campaign that targeted organizations worldwide.

Encryption 99

Encryption Ransomware Firewall Backups 99

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. ” Image: Chainalysis.

Ransomware 274

Ransomware Cybercrime Antivirus Encryption 274

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine.”

Encryption 100

Encryption Ransomware Energy and Utilities Advertising 100

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. The AvosLocker ransomware appends the .avoslinux

Ransomware 121

Ransomware Encryption Advertising Malware 121

Security Affairs

DECEMBER 26, 2019

Experts spotted a new strain of the Ryuk Ransomware that was developed to avoid encrypting folders commonly seen in *NIX operating systems. Kremez noticed that the ransomware doesn’t encrypt folders that are associated with *NIX operating systems. 2019-12-21: #Ryuk #Ransomware as V2.EXE Pierluigi Paganini.

Encryption 61

Encryption Ransomware Malware Advertising 61

Security Affairs

JULY 20, 2022

Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. A notable example includes BlackCat and Hive.

Ransomware 132

Ransomware Encryption Malware Advertising 132

Security Affairs

SEPTEMBER 26, 2020

Good news for the victims of the ThunderX ransomware, cybersecurity firm Tesorion has released a decryptor to recover their files for free. Cybersecurity firm Tesorion has released a free decryptor for the ThunderX ransomware that allows victims to recover their files. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Ransomware 142

Ransomware Encryption Advertising Hacking 142

Security Affairs

MARCH 26, 2019

Good news for the victims of the Hacked Ransomware, the security firm Emsisoft has released a free decryptor to decrypt the data of infected computers. Security experts at Emsisoft released a free decryptor for the Hacked Ransomware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption 94

Encryption Hacking Ransomware Advertising 94

Malwarebytes

OCTOBER 20, 2023

Even though it had a long run for a ransomware group, it seems the bell might be tolling for Ragnar Locker. The ransomware group’s infrastructure was also seized in the Netherlands, Germany and Sweden and the associated data leak website was taken down in Sweden. How to avoid ransomware Block common forms of entry.

Ransomware 115

Ransomware Backups Encryption Software 115

Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption 99

Encryption Ransomware Advertising Malware 99

Security Affairs

JUNE 6, 2023

Researchers from security firm Uptycs reported that threat actors linked to the Cyclops ransomware are offering a Go-based information stealer. The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. ” reads the report. ” reads the report.

Ransomware 73

Ransomware Encryption Cybercrime Malware 73

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. ” reads a blog post published by Bleepingcomputer.

Encryption 85

Encryption Ransomware Cryptocurrency Passwords 85

SecureList

JULY 20, 2022

If we look back at what we covered last month, we will see that ransomware (surprise, surprise!) In this blog post, we provide several excerpts from last month’s reports on new ransomware strains. Luna: brand-new ransomware written in Rust. The advertisement states that Luna only works with Russian-speaking affiliates.

Ransomware 95

Ransomware Encryption Advertising Malware 95

CyberSecurity Insiders

APRIL 30, 2021

Nitro Ransomware, a new variant of file encrypting malware is shaking up the internet by demanding Discord Nitro Gift Cards from victims instead of cryptocurrency. that allows its subscribers to upload files that are large and also offers to its users better emoji option along with HD Video streaming that is free of advertisements.

Ransomware 142

Ransomware Encryption Cryptocurrency Internet 142

Security Affairs

OCTOBER 13, 2023

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort aimed at sharing technical details associated with various ransomware operations.

Ransomware 117

Ransomware System Administration Antivirus Malware 117

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. ” continues the analysis.

Ransomware 144

Ransomware Encryption Advertising Malware 144

Bleeping Computer

NOVEMBER 11, 2021

The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices. [.].

Internet 100

Internet Internet Ransomware Advertising 100

Security Affairs

SEPTEMBER 28, 2020

The operators behind new ransomware dubbed Mount Locker have adopted the same tactic of other gangs threatening the victims to leak stolen data. A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. MountLocker #Ransomware claimed Makalot Industrial Co.

Ransomware 133

Ransomware Encryption Advertising Engineering 133

Heimadal Security

NOVEMBER 1, 2021

Chaos ransomware is an in-development ransomware builder that is being advertised as the latest iteration of Ryuk on underground hacker forums. Fake Minecraft alt lists published on gaming forums are used by the ransomware gang to encrypt gamers’ Windows devices.’ What Happened?

Ransomware 90

Ransomware Advertising Encryption Cybersecurity 90

Security Affairs

AUGUST 2, 2020

BleepingComputer researchers confirmed that Garmin has received the decryption key to recover their files encrypted with the WastedLocker Ransomware. BleepingComputer first revealed that Garmin has received the decryption key to recover the files encrypted with the WastedLocker Ransomware in the recent attack.

Ransomware 145

Ransomware Encryption Advertising Software 145

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. Pierluigi Paganini.

Ransomware 135

Ransomware Encryption Malware Cybercrime 135

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption 65

Encryption Ransomware Malware Scams 65

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. ” reads the message published by the ransomware operators.

Hacking 128

Hacking Ransomware Advertising Encryption 128

Security Affairs

JANUARY 27, 2022

LockBit expands its operations by implementing a Linux version of LockBit ransomware that targets VMware ESXi servers. LockBit is the latest ransomware operation to add the support for Linux systems, experts spotted a new version that targets VMware ESXi virtual machines. Trend Micro analyzed the Lockbit Linux-ESXi Locker version 1.0

Ransomware 86

Ransomware Encryption Advertising Hacking 86

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. sysopfb shows how we broke it.

Ransomware 106

Ransomware Encryption Malware InfoSec 106

Security Affairs

MARCH 17, 2020

Operators behind a new piece of ransomware dubbed Nefilim have started threatening victims to release stolen data like other cybercrime gangs. A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware. share much of the same code.”

Ransomware 105

Ransomware Encryption Cybercrime Advertising 105

Security Affairs

AUGUST 17, 2020

IT giant Konica Minolta was hit with a ransomware attack at the end of July, its services have been impacted for almost a week. A ransomware attack has impacted the services at the business technology giant Konica Minolta for almost a week, the attack took place at the end of July. Pierluigi Paganini.

Technology 138

Technology Ransomware Advertising Encryption 138

Security Affairs

JUNE 6, 2020

eCh0raix Ransomware operators are back after months of apparent inactivity, now are targeting QNAP storage devices in a new campaign. Threat actors behind the eCh0raix Ransomware have launched a new campaign aimed at infecting QNAP storage devices. encrypt extension to filenames of encrypted files. Pierluigi Paganini.

Ransomware 110

Ransomware Encryption Advertising Manufacturing 110

Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. Pierluigi Paganini.

Ransomware 120

Ransomware Advertising Encryption Malware 120

Security Affairs

OCTOBER 31, 2021

Chaos Ransomware operators target gamers’ Windows devices using Minecraft alt lists as a lure and promoting them on gaming forums. Cybercriminals are attempting to exploit this popularity, the Chaos Ransomware gang is targeting Japanese gamers’ Windows devices through fake Minecraft alt lists promoted on gaming forums.

Ransomware 130

Ransomware Encryption Accountability Mobile 130

Security Affairs

OCTOBER 15, 2020

The Egregor ransomware gang has hit the game developer Crytek and leaked files allegedly stolen from the systems of the gaming firm Ubisoft. A previously unknown ransomware gang dubbed Egregor has hit the game developer Crytek and leaked files allegedly stolen from the internal network of another leading gaming firm, Ubisoft.

Ransomware 135

Ransomware Advertising Phishing Media 135

Security Affairs

MARCH 16, 2020

Experts warn of a new malware strain, dubbed PXJ Ransomware, that does share the same underlying code with existing ransomware families. Security experts from IBM X-Force have spotted a new strain of ransomware, dubbed PXJ Ransomware, that does share the same code with other known ransomware families.

Ransomware 103

Ransomware Encryption Malware Advertising 103

Security Boulevard

MAY 12, 2023

The group claims to exfiltrate data prior to performing file encryption and hosts a data leak site hosted on a Tor hidden service that currently contains two victims. The group claims to exfiltrate data prior to performing file encryption and hosts a data leak site hosted on a Tor hidden service that currently contains two victims.

Ransomware 67

Ransomware Encryption Backups Advertising 67

SecureList

JULY 5, 2021

An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims have reportedly been compromised through a popular MSP software which led to encryption of their customers. To keep your company protected against ransomware 2.0

Ransomware 136

Ransomware Encryption VPN Software 136

Security Affairs

NOVEMBER 1, 2020

The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019. The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. Pierluigi Paganini.

Ransomware 142

Ransomware Cybercrime Advertising Software 142

Security Affairs

SEPTEMBER 17, 2020

University Hospital New Jersey (UHNJ) has suffered a ransomware attack, SunCrypt ransomware operators also leaked the data they have stolen. Systems at the University Hospital New Jersey (UHNJ) were encrypted with the SunCrypt ransomware, threat actors also stolen documents from the institution and leaked it online.

Ransomware 139

Ransomware Advertising Data breaches Encryption 139