The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. SecurityAffairs – Ragnar Locker ransomware, hacking).

Encryption 102

Encryption Ransomware Energy and Utilities Advertising 102

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. SecurityAffairs – hacking, ransomware).

Ransomware 96

Ransomware Antivirus Encryption Backups 96

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware 94

Ransomware Malware Antivirus Encryption 94

Security Affairs

MARCH 3, 2023

“FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. ” reads the alert. ” continues the alert.

Ransomware 92

Ransomware Healthcare Antivirus Encryption 92

Security Affairs

DECEMBER 19, 2022

. “The actors customized previous ransomware binaries for the intended victim through the use of confidential information such as leaked accounts and unique company IDs as the appended file extension. Upon further analysis, we have learned that these flags are used for intermittent encryption.” Pierluigi Paganini.

Ransomware 128

Ransomware Encryption Healthcare Education 128

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Some info stealers may use encryption techniques to hide their communication with command-and-control servers, making it more challenging for security systems to detect malicious activities.

Banking 117

Banking Cybercrime Malware Accountability 117

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware 92

Ransomware Antivirus Backups Malware 92

Security Affairs

MAY 9, 2023

The new ransomware strain outstands for the use of encryption to protect the ransomware binary. CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer.

Ransomware 78

Ransomware VPN Antivirus Encryption 78

Security Affairs

MARCH 9, 2023

“This payload extracts ScrubCrypt, which obfuscates and encrypts applications and makes them able to dodge security programs. The PowerShell script is encoded to avoid detection by AntiVirus solutions. The experts noticed that encrypted data at the top can be split into four parts using backslash “”.

Antivirus 91

Antivirus Encryption Hacking Cybercrime 91

Security Affairs

MAY 4, 2022

The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption. SecurityAffairs – hacking, DLL hijacking). To nominate, please visit:?

Ransomware 105

Ransomware Antivirus Malware Encryption 105

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware 125

Ransomware Encryption Malware Accountability 125

Security Affairs

OCTOBER 13, 2023

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing support for encrypting Linux systems, specifically VMware ESXi servers. bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software.

Ransomware 118

Ransomware System Administration Antivirus Malware 118

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking 92

Hacking VPN Internet Internet 92

Security Affairs

MAY 11, 2021

The ACSC also provided the following recommendations: Patch operating systems and applications, and keep antivirus signatures up to date. Maintain offline, encrypted backups of data and regularly test your backups. SecurityAffairs – hacking, Avaddon). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 129

Ransomware Backups Antivirus DDOS 129

Security Affairs

AUGUST 27, 2022

Our investigation showed that the samples had leaked accounts, customer passwords, and unique company IDs used as extensions of encrypted files.” This ransomware has techniques for evading detection by taking advantage of the “safe mode” feature of a device to proceed with its encryption routine unnoticed. Trend Micro concludes.

Ransomware 98

Ransomware Encryption Accountability Antivirus 98

Security Affairs

AUGUST 6, 2022

This hashed password was not visible to any Slack clients; discovering it required actively monitoring encrypted network traffic coming from Slack’s servers.” Upon receiving the report from the security researcher, the company immediately addressed the flaw and investigated its potential impact on users. Pierluigi Paganini.

Passwords 94

Passwords Password Management Antivirus Encryption 94

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Install and regularly update antivirus software on all hosts, and enable real time detection.

Ransomware 101

Ransomware DDOS Passwords Backups 101

Security Affairs

JANUARY 6, 2023

. “The hackers entered the system and encrypted the December database. ” According to the media outlet, the attack was sophisticated, and both the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) and the Romanian antivirus firm BitDefender were not able to decrypt the files. Pierluigi Paganini.

Ransomware 85

Ransomware Antivirus Media Encryption 85

CyberSecurity Insiders

JANUARY 6, 2023

Test security of systems and networks regularly. Support information security within organizational policies and programs. Requirement 2: Broader scope defining the need for security configuration management (SCM) on more types of assets. Requirement 5: It is no longer sufficient to just have standard antivirus software.

Antivirus 138

Antivirus Retail Software Accountability 138

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. SecurityAffairs – hacking, Wannacry).

Malware 100

Malware Computers and Electronics Encryption Ransomware 100

Security Affairs

MARCH 17, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. The attackers implement a double extortion model using the PYSA ransomware to exfiltrate data from victims prior to encrypting their files.

Education 97

Education Ransomware Encryption Antivirus 97

Security Affairs

SEPTEMBER 20, 2020

Once gained the foothold in the target network, the attackers will attempt lateral movements to elevate the privileges and search for high-value machines to encrypt (i.e. SecurityAffairs – hacking, education institutions). backup servers, network shares, servers, auditing devices). PowerShell) to easily deploy tooling or ransomware.

Education 145

Education Ransomware Antivirus Backups 145

Security Affairs

APRIL 7, 2021

This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. At least in one case, an attack of the ransomware resulted in a temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted.” Pierluigi Paganini.

VPN 100

VPN Ransomware Antivirus Firmware 100

Security Affairs

JULY 28, 2021

PKPLUG used a technique known as “ living off the land ” to bypass antivirus detection and target Microsoft Exchange servers. The analysis of the file revealed that it includes the encrypted and compressed PlugX payload. Aro.dat is, in fact, an encrypted and compressed PlugX payload.” SecurityAffairs – hacking,Thor RAT).

Encryption 111

Encryption Antivirus Malware Hacking 111

Security Affairs

AUGUST 9, 2022

The information gathered by the experts led them into believing that the goal of the attacks was cyberespionage, the researchers linked the campaigns with a Chinese APT group tracked as TA428 (aka Colourful Panda, BRONZE DUDLEY). . SecurityAffairs – hacking, industrial enterprises). com specified in the administrator’s contact data.

Antivirus 101

Antivirus Encryption Malware Hacking 101

Security Affairs

AUGUST 26, 2019

The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes their shadow copies to make in impossible any recovery procedure. Below the ransom note dropped by the Nemty ransomware after the encryption process is completed. SecurityAffairs – Nemty ransomware, hacking).

Ransomware 93

Ransomware Malware Antivirus Encryption 93

Security Affairs

JULY 1, 2019

Even if the activity of Dridex decreased in the last couple of years, crooks continued to updates it adding new features such the support of XML scripts, hashing algorithms, peer-to-peer encryption, and peer-to-command-and-control encryption. SecurityAffairs – Dridex, hacking). ” reads the analysis published by eSentire.

Banking 78

Banking Antivirus Advertising Encryption 78

Security Affairs

NOVEMBER 19, 2022

. “When launched, BATLOADER uses MSI Custom Actions to launch malicious PowerShell activity or run batch scripts to aid in disabling security solutions and lead to the delivery of various encrypted malware payloads that is decrypted and launched with PowerShell commands.” SecurityAffairs – hacking, DEV-0569).

Ransomware 133

Ransomware Malware Antivirus Phishing 133

Security Affairs

MAY 4, 2023

FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.”

Ransomware 94

Ransomware Healthcare Education Encryption 94

Security Affairs

APRIL 30, 2021

.” The Portdoor backdoor implements multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration. ” continues the report.

Phishing 132

Phishing Malware Antivirus Encryption 132

Security Affairs

JANUARY 8, 2021

Upon executing the code, it will ask the user the path for the payload to be encrypted and the password to be used for AES encryption to hide the malware within the loader. “The authors use the open source tool Ezuri, to load its previously seen payloads and avoid antivirus detections on the file.”

Malware 137

Malware Encryption Antivirus Passwords 137

Security Affairs

DECEMBER 22, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. SecurityAffairs – hacking, PYSA). The post PYSA ransomware gang is the most active group in November appeared first on Security Affairs.

Ransomware 101

Ransomware Penetration Testing Healthcare Government 101

Security Affairs

JUNE 11, 2021

Below a list of tips recommended by the expets: Install an antivirus software; Practice proper cyber hygiene; Use strong passwords; Download software from trusted sources; Block third-party cookies; Regularly clean cookies; Encrypt your data; Store files on an encrypted cloud; Use multi-factor authentication. Pierluigi Paganini.

Malware 115

Malware Computers and Electronics Software Financial Services 115

Security Affairs

FEBRUARY 14, 2022

“BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.” Once gained access to the network, threat actors deployed tools to perform lateral movements and escalate privileges before exfiltrating and encrypting files.

Ransomware 92

Ransomware Accountability Firmware Antivirus 92

Security Affairs

SEPTEMBER 28, 2020

“When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. ” Some reports circulating online reveal that the ransomware added the “ ryk” extension to the filenames of encrypted documents, a circumstance that confirms a Ryuk ransomware infection.

Ransomware 118

Ransomware Healthcare Advertising Antivirus 118

Security Affairs

AUGUST 31, 2022

At the time of publication, this particular file is undetected by all antivirus vendors according to VirusTotal” The Base64 encoded payload, once decrypted, is a Windows 64-bit executable (1.7MB) called “msdllupdate.exe.”. “This technique works by sending an encrypted string appended to the DNS query set as a subdomain.

Malware 85

Malware DNS Antivirus Encryption 85