Security Affairs

MARCH 7, 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts tracked the Medusa ransomware activity as Spearwing.

Ransomware 66

Ransomware Antivirus Healthcare Encryption 66

CSO Magazine

AUGUST 30, 2021

A new ransomware threat called LockFile has been victimizing enterprises worldwide since July. Key to its success are a few new tricks that make it harder for anti-ransomware solutions to detect it. Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. |

Encryption 125

Encryption Ransomware CSO Antivirus 125

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. and the Ragnar Locker ransomware executable will automatically be present in the root of the C: drive.

Encryption 140

Encryption Ransomware Energy and Utilities Advertising 140

Bleeping Computer

MAY 7, 2023

A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of "large commercial entities." [.]

Antivirus 119

Antivirus Ransomware Encryption VPN 119

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch inch diskettes. inch diskettes. FBI spoofs 2012 – 2013.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

NOVEMBER 17, 2024

New Campaign Uses Remcos RAT to Exploit Victims Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign Ymir: new stealthy ransomware in the wild ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes Glove Stealer: Leveraging IElevator (..)

Malware 119

Malware Antivirus Encryption Education 119

Webroot

FEBRUARY 21, 2025

Phishing scams, ransomware attacks, data breaches, and identity theft are part of a growing list of online dangers that are a daily reality. What began as antivirus product has expanded into a comprehensive portfolio to secure your entire digital life. Secure backup Keeps your critical files safe from data loss or ransomware attacks.

Antivirus 84

Antivirus Identity Theft Cyber threats Phishing 84

Hacker Combat

APRIL 6, 2022

Ransomware attacks targeting governments, businesses, hospitals, and private individuals are rising. You are neither safe on your private nor public network, as ransomware can encrypt your files and hold them hostage. We will look at the features of some of the best ransomware protection that you can run on your systems.

Ransomware 130

Ransomware Antivirus Encryption Passwords 130

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts.

Backups 143

Backups Ransomware Antivirus DNS 143

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches 123

Data breaches Cybercrime Cyber Insurance Marketing 123

Security Affairs

FEBRUARY 7, 2020

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Cybercriminals behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products.

Software 145

Software Ransomware Antivirus Encryption 145

Krebs on Security

FEBRUARY 23, 2019

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days. The company declined to specify how much was paid or what strain of ransomware was responsible for the attack. Roswell, Ga.

Ransomware 274

Ransomware Backups Encryption Internet 274

eSecurity Planet

OCTOBER 18, 2022

For any organization struck by ransomware , business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”. The good news is that ransomware files can be decrypted. What can be done to recover from ransomware attacks when backups are not available? How Does Ransomware Encryption Work?

Ransomware 145

Ransomware Encryption Insurance Backups 145

Security Affairs

DECEMBER 1, 2024

Through Zyxel! Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter )

Malware 76

Malware Social Engineering Antivirus Engineering 76

SecureWorld News

JANUARY 16, 2025

A report from 2023 revealed that 67% of energy and utility companies faced ransomware attacks, with many incidents exploiting unpatched vulnerabilities. Regularly updating and patching systems, including antivirus software, firewalls, and SCADA networks, can mitigate this risk.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

The Hacker News

JANUARY 24, 2024

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood.

Ransomware 109

Ransomware Encryption Antivirus 109

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware 143

Ransomware Hacking Data breaches Digital transformation 143

Security Affairs

DECEMBER 19, 2022

Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language. The researchers estimated that combined revenue surpasses US$550 million. AGENDA.THIAFBB.”

Ransomware 144

Ransomware Encryption Healthcare Education 144

eSecurity Planet

DECEMBER 13, 2021

Cybersecurity vaccines are emerging as a new tool to defend against threats like ransomware and zero-day vulnerabilities. Cybersecurity firms have released “vaccines” in recent days to protect against the widely used STOP ransomware strain and the new Apache Log4Shell vulnerability. They also come with the same limitations.

Ransomware 145

Ransomware Cybersecurity Encryption Malware 145

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. The Cactus ransomware relies on multiple legitimate tools (e.g.

Retail 143

Retail Ransomware Encryption Hacking 143

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Malware in Encrypted Traffic. A surprising 91.5

Encryption 145

Encryption Malware Ransomware Firewall 145

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. locked to the filename of the encrypted files.

Government 143

Government Ransomware Encryption Penetration Testing 143

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware 143

Ransomware Encryption Antivirus Architecture 143

Krebs on Security

MAY 22, 2019

On or around May 12, at least two antivirus firms began detecting booby-trapped Microsoft Word files that were sent along with some various of the following message: {Pullman & Assoc. Please download and read the attached encrypted document carefully. Wiseman & Assoc.| Steinburg & Assoc. Swartz & Assoc.

Phishing 280

Phishing Antivirus Scams Malware 280

Security Affairs

MAY 11, 2021

The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. “The Australian Cyber Security Centre (ACSC) is aware an ongoing ransomware campaign utilising the Avaddon Ransomware malware. ” reads the alert published by ACSC.

Ransomware 142

Ransomware Backups Antivirus DDOS 142

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. The Cring ransomware appeared in the threat landscape in January, it was first reported by Amigo_A and the CSIRT team of Swisscom. The #CRING #ransomware is then downloaded via certutill.

VPN 135

VPN Ransomware Antivirus Firmware 135

eSecurity Planet

OCTOBER 27, 2021

What’s the best antivirus software? With the rise in malware and ransomware and a growing reliance on the internet, antivirus solutions are critical for protecting your data and applications. Top 4 antivirus software. Multi-layer ransomware protection. Ransomware protection. Encryption.

Antivirus 98

Antivirus Software Malware Marketing 98

Security Affairs

JULY 8, 2022

Emsisoft has released a free decryption tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft released a free decryptor tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom.

Ransomware 141

Ransomware Encryption Malware Accountability 141

Security Affairs

SEPTEMBER 20, 2020

National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware attacks against education institutions. PowerShell) to easily deploy tooling or ransomware. Pierluigi Paganini.

Education 145

Education Ransomware Antivirus Backups 145

Krebs on Security

MAY 13, 2024

and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. Pin was active on Opensc around March 2012, and authored 13 posts that mostly concerned data encryption issues, or how to fix bugs in code. Last week, the United States joined the U.K.

Ransomware 316

Ransomware Cybercrime Accountability Malware 316

Security Affairs

FEBRUARY 19, 2024

The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric. The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric.

Ransomware 142

Ransomware Digital transformation Retail Antivirus 142

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. It continues: “Prior to deploying the ransomware, Snatch threat actors were observed spending up to three months on a victim’s system.

Ransomware 298

Ransomware Accountability Cybercrime Backups 298

Security Affairs

MARCH 17, 2021

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. locked to the filename of the encrypted files.

Education 128

Education Ransomware Encryption Antivirus 128

Security Affairs

SEPTEMBER 28, 2020

Universal Health Services (UHS) healthcare providers has reportedly shut down systems at healthcare facilities after a Ryuk ransomware attack. “When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. SecurityAffairs – hacking, Ryuk ransomware).

Ransomware 140

Ransomware Healthcare Advertising Antivirus 140

Security Affairs

AUGUST 3, 2020

Last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man that is accused of distributing the infamous GandCrab ransomware. Last week, the Minister of Internal Affairs of Belarus announced the arrest of a man on charges of distributing the infamous GandCrab ransomware.

Ransomware 145

Ransomware Advertising Malware Hacking 145

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. The threat actors had access to the company systems between September 4 and September 30, 2023, when they deployed ransomware.

Data breaches 138

Data breaches Ransomware Manufacturing Encryption 138

Webroot

MARCH 12, 2025

Backing up your data simply means creating copies of your important files and storing them in secure, encrypted locations. Malware and ransomware attacks : Cybercriminals also deploy malware to lock, steal, or destroy your files. Ensures that your valuable data is encrypted, secure, and accessible when you need it.

Backups 91

Backups Encryption Antivirus Data preservation 91