Antivirus, Encryption and Information Security

Police took down several popular counter-antivirus (CAV) services, including AvCheck

Security Affairs

JUNE 2, 2025

Department of Justice has dismantled an online cybercrime syndicate that provided encryption services to help malware evade detection. “Crypting is the process of using software to make malware difficult for antivirus programs to detect,” the DoJ said. An international law enforcement operation led by the U.S.

Antivirus

Antivirus Cybercrime Malware Firewall

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Security Affairs

APRIL 2, 2025

Delivered via phishing and hosted on compromised SharePoint sites, it remains undetected by most antivirus solutions, posing a serious security risk. The backdoor, targeting Windows, uses AES-CBC encryption with base64 encoding and loads the payload via the exec function. ” concludes the report.

Antivirus

Antivirus Cybercrime Malware Encryption

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. This cloud communication is used for the FortiGuard Web Filter feature, FortiGuard AntiSpam feature and FortiGuard AntiVirus feature.”

Encryption

Encryption Antivirus Advertising DNS

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Play ransomware group hit 900 organizations since 2022

Security Affairs

JUNE 6, 2025

The threat actors behind the operation use tools like AdFind and Grixba to gather network data and identify antivirus defenses, then disable security software using GMER, IOBit, or PowerTool. They often deploy PowerShell scripts to target Microsoft Defender. Attackers rely on Cobalt Strike , SystemBC , and PsExec for lateral movement.

Ransomware

Ransomware Encryption Antivirus Malware

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Antivirus

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20

Security Affairs

NOVEMBER 17, 2024

New Campaign Uses Remcos RAT to Exploit Victims Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign Ymir: new stealthy ransomware in the wild ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes Glove Stealer: Leveraging IElevator (..)

Malware

Malware Antivirus Encryption Education

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November. The malicious code was advertised on cybercrime forums for $3,000 per month.

Malware

Malware Advertising Antivirus Cybercrime

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. Custom Ragnar Locker ransom note (Source: Sophos).

Encryption

Encryption Ransomware Energy and Utilities Advertising

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. After that, the following files are extracted, namely: Avira.exe : Legitimate injector from Avira Antivirus. In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication.

Antivirus

Antivirus Malware Banking Internet

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

MARCH 31, 2025

The PowerShell code avoids antivirus detection by using Get-Command to execute the payload. This DLL acts as a loader, decrypting and executing the final Remcos payload from encrypted files within the ZIP.

Phishing

Phishing Antivirus Encryption Hacking

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus

Antivirus Firmware Encryption Manufacturing

Russia’s FSB used spyware against a Russian programmer

Security Affairs

DECEMBER 7, 2024

The spyware allowed Russian authorities to track a target device’s location, record phone calls, and keystrokes, and read messages from encrypted messaging apps. Kirill Parubets and his spouse were detained, during which the FSB pressured him to become an informant, threatening life imprisonment if he refused.

Spyware

Spyware Passwords Encryption Surveillance

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

The discovered infected archives contained an additional executable, with a modified start script tricking victims into disabling antivirus protections. Its configuration is Base64-encoded and encrypted with AES-CBC. By December 2024, reports emerged of further miner-infected versions spreading via Telegram and YouTube.

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

Medusa Ransomware targeted over 40 organizations in 2025

Security Affairs

MARCH 7, 2025

“Like the majority of ransomware operators, Spearwing and its affiliates carry out double extortion attacks, stealing victims’ data before encrypting networks in order to increase the pressure on victims to pay a ransom,” reads the report published by Symantec.

Ransomware

Ransomware Antivirus Healthcare Encryption

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Security Affairs

NOVEMBER 24, 2024

Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware

Malware Spyware Antivirus VPN

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. ViperSoftX also checks for active antivirus products running on the machine. c2 arrowlchat[.]com

Encryption

Encryption Malware Cryptocurrency Software

CoffeeLoader uses a GPU-based packer to evade detection

Security Affairs

MARCH 31, 2025

“The main module implements numerous techniques to evade detection by antivirus (AV) and Endpoint Detection and Response (EDRs) including call stack spoofing, sleep obfuscation, and leveraging Windows fibers.” For sleep obfuscation, CoffeeLoader encrypts its memory while inactive, decrypting only during execution.

Malware

Malware Encryption Antivirus Marketing

On the Irish Health Services Executive Hack

Security Boulevard

FEBRUARY 11, 2022

Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. The antivirus server was later encrypted in the attack).

Hacking

Hacking Antivirus CISO Ransomware

Ransomware groups target Veeam Backup & Replication bug

Security Affairs

JULY 15, 2024

An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts. Once data exfiltration was completed, the attackers deployed ransomware to encrypt the infected systems. The vulnerability CVE-2023-275327 (CVSS score of 7.5)

Backups

Backups Ransomware Antivirus DNS

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

. “The actors customized previous ransomware binaries for the intended victim through the use of confidential information such as leaked accounts and unique company IDs as the appended file extension. Upon further analysis, we have learned that these flags are used for intermittent encryption.” ” concludes the report.

Ransomware

Ransomware Encryption Healthcare Education

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it. Earlier versions of the ransomware were written in C++ and the malware added the.akira extension to the encrypted files. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Antivirus Architecture

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Kroll researchers reported that the ransomware strain outstands for the use of encryption to protect the ransomware binary. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Hacking Data breaches Digital transformation

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

MAY 4, 2022

The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption. “Conti looks for and executes DLLs in its current directory.

Ransomware

Ransomware Antivirus Malware Encryption

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. The attackers implement a double extortion model using the PYSA ransomware to exfiltrate data from victims prior to encrypting their files.

Education

Education Ransomware Encryption Antivirus

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware

Ransomware Encryption Malware Accountability

New variant of Dridex banking Trojan implements polymorphism

Security Affairs

JULY 1, 2019

Even if the activity of Dridex decreased in the last couple of years, crooks continued to updates it adding new features such the support of XML scripts, hashing algorithms, peer-to-peer encryption, and peer-to-command-and-control encryption. ” reads the analysis published by eSentire. com domain to download the Dridex installer.

Banking

Banking Antivirus Advertising Encryption

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

[link] pic.twitter.com/z91nfnGYAQ — Dominic Alvieri (@AlvieriD) February 19, 2024 The Cactus ransomware operation has been active since March 2023, Kroll researchers reported that the ransomware strain is notable for the use of encryption to protect the ransomware binary.

Ransomware

Ransomware Digital transformation Retail Antivirus

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. At least in one case, an attack of the ransomware resulted in a temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted.”

VPN

VPN Ransomware Antivirus Firmware

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Encryption Antivirus

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

Once gained the foothold in the target network, the attackers will attempt lateral movements to elevate the privileges and search for high-value machines to encrypt (i.e. backup servers, network shares, servers, auditing devices). PowerShell) to easily deploy tooling or ransomware.

Education

Education Ransomware Antivirus Backups

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Security Affairs

MAY 11, 2021

The ACSC also provided the following recommendations: Patch operating systems and applications, and keep antivirus signatures up to date. Maintain offline, encrypted backups of data and regularly test your backups. Regularly conduct backup procedures and keep backups offline or in separated networks.

Ransomware

Ransomware Backups Antivirus DDOS

Nemty Ransomware, a new malware appears in the threat landscape

Security Affairs

AUGUST 26, 2019

The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes their shadow copies to make in impossible any recovery procedure. Below the ransom note dropped by the Nemty ransomware after the encryption process is completed. ” continues BleepingComputer.

Ransomware

Ransomware Malware Antivirus Encryption

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Install and regularly update antivirus software on all hosts, and enable real time detection.

Ransomware

Ransomware DDOS Passwords Backups

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. “On one of the compromised information systems, experts found encrypted files with the extension “ newversion.”

Government

Government Ransomware Encryption Penetration Testing

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. RTF”, etc).

Ransomware

Ransomware Antivirus Encryption Backups

[SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies

Security Affairs

MARCH 21, 2019

Note that ransomware is probably detected during antivirus behavioral analysis — heuristic and signature-based detection are easily passed. Another interesting thing is that the ransomware sample launches itself with the -w argument and also spawned a new process for each file it encrypted. locker ” is appended. Let’s look.

Ransomware

Ransomware Encryption Malware Antivirus

Top Cybersecurity Companies for 2022

eSecurity Planet

JUNE 7, 2022

Protect your company computers, laptops and mobile devices with security products all managed via a cloud-based management console. The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. Improved Data Security. Get started today!

Cybersecurity

Cybersecurity Identity Theft Encryption Antivirus

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

“FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. ” reads the alert. ” continues the alert.

Ransomware

Ransomware Healthcare Encryption Antivirus

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Security Affairs

MAY 22, 2024

“On September 30, 2023, OVT became aware of a security incident that resulted in the encryption of certain OVT systems by an unauthorized third party. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Data breaches

Data breaches Ransomware Manufacturing Encryption

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Upon executing the code, it will ask the user the path for the payload to be encrypted and the password to be used for AES encryption to hide the malware within the loader. “The authors use the open source tool Ezuri, to load its previously seen payloads and avoid antivirus detections on the file.”

Malware

Malware Encryption Passwords Antivirus

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Ryuk infects computers by encrypting all local and shared files, not allowing the user’s access without paying the ransom. It was also possible to conclude that Emotet was the most widespread Malware worldwide and it has been enhanced with new capabilities that include the Ryuk Ransomware. DOWNLOAD FULL REPORT.

Malware

Malware Advertising Retail Antivirus

Police took down several popular counter-antivirus (CAV) services, including AvCheck

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Trending Sources

Some Fortinet products used hardcoded keys and weak encryption for communications

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Play ransomware group hit 900 organizations since 2022

LockFile Ransomware uses a new intermittent encryption technique

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20

Banshee macOS stealer supports new evasion mechanisms

Ragnar Ransomware encrypts files from virtual machines to evade detection

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Russia’s FSB used spyware against a Russian programmer

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Medusa Ransomware targeted over 40 organizations in 2025

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

CoffeeLoader uses a GPU-based packer to evade detection

On the Irish Health Services Executive Hack

Ransomware groups target Veeam Backup & Replication bug

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Experts spotted a variant of the Agenda Ransomware written in Rust

Akira ransomware received $42M in ransom payments from over 250 victims

Cactus ransomware gang claims the Schneider Electric hack

An expert shows how to stop popular ransomware samples via DLL hijacking

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

New variant of Dridex banking Trojan implements polymorphism

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

NCSC warns of a surge in ransomware attacks on education institutions

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Nemty Ransomware, a new malware appears in the threat landscape

Avoslocker ransomware gang targets US critical infrastructure

CERT France – Pysa ransomware is targeting local governments

Bitdefender released a free decryptor for the MegaCortex ransomware

[SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies

Top Cybersecurity Companies for 2022

The U.S. CISA and FBI warn of Royal ransomware operation

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Ezuri memory loader used in Linux and Windows malware

Report: Threat of Emotet and Ryuk

Stay Connected