Antivirus, Information Security and Ransomware

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. Such is the case of mhyprot2.sys, Pierluigi Paganini.

Antivirus

Antivirus Ransomware Malware Cybercrime

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. It was this first time that the operators adopted this tactic.

Ransomware

Ransomware Encryption Antivirus VPN

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric. The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric.

Ransomware

Ransomware Digital transformation Retail Antivirus

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware.

Antivirus

Antivirus Ransomware Malware Software

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort aimed at sharing technical details associated with various ransomware operations.

Ransomware

Ransomware System Administration Antivirus Malware

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware

Ransomware Antivirus Backups Malware

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Antivirus Encryption Backups

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.

Ransomware

Ransomware VPN Antivirus Encryption

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is warning of the capabilities of the recently emerged Royal ransomware. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. ” reads the alert.

Ransomware

Ransomware Healthcare Antivirus Encryption

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. ” reads the post published by Avast. anabolic.exe.

Ransomware

Ransomware Malware Antivirus Encryption

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language. The researchers estimated that combined revenue surpasses US$550 million. AGENDA.THIAFBB.”

Ransomware

Ransomware Encryption Healthcare Education

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November.

Ransomware

Ransomware Antivirus Passwords Malware

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. ” DEV-0569 relies heavily on defense evasion techniques and employed the open-source tool Nsudo to disable antivirus solutions in recent campaigns. . ” concludes the IT giant.

Ransomware

Ransomware Malware Antivirus Phishing

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Security Affairs

MAY 11, 2021

The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. “The Australian Cyber Security Centre (ACSC) is aware an ongoing ransomware campaign utilising the Avaddon Ransomware malware. Pierluigi Paganini.

Ransomware

Ransomware Backups Antivirus DDOS

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta ‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. concludes the report.

Cybercrime

Cybercrime Ransomware Antivirus Malware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infrastructure. Pierluigi Paganini.

Ransomware

Ransomware DDOS Passwords Backups

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

MAY 4, 2022

A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as theres nothing to kill the DLL just lives on disk waiting. Pierluigi Paganini.

Ransomware

Ransomware Antivirus Malware Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress. inch diskettes. inch diskettes.

Ransomware

Ransomware Hacking Encryption Penetration Testing

New Agenda Ransomware appears in the threat landscape

Security Affairs

AUGUST 27, 2022

Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that was written in the Go programming language. ” reads the report published by Trend Micro.

Ransomware

Ransomware Encryption Accountability Antivirus

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

The City of Dallas, Texas, was hit by a ransomware attack that forced it to shut down some of its IT systems. The IT systems at the City of Dallas, Texas, have been targeted by a ransomware attack. However, CBS News Texas obtained an image the ransomware note dropped by the malware on the infected systems. Source J.D.

Ransomware

Ransomware Healthcare Education Encryption

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. SecurityAffairs – hacking, Ranzy Locker ransomware).

Ransomware

Ransomware Firmware Antivirus Accountability

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

What is the impact of ransomware on organizations? Based on Ransomlooker, a free Cybernews tool for monitoring the dark web and other hidden areas of the internet, 64% of organizations have already suffered from a ransomware attack. Ensure that your systems are up to date with the latest security patches and software updates.

Social Engineering

Social Engineering Ransomware Engineering Phishing

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

Emsisoft has released a free decryption tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft released a free decryptor tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom.

Ransomware

Ransomware Encryption Malware Accountability

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware attacks against education institutions. PowerShell) to easily deploy tooling or ransomware.

Education

Education Ransomware Antivirus Backups

Ryuk ransomware operations already made over $150M

Security Affairs

JANUARY 7, 2021

The Ryuk ransomware had a disruptive impact on multiple industries around the world, operators already earned more than $150 million. The Ryuk ransomware gang is one of the most prolific criminal operations that caused destruction in multiple industries around the world. SecurityAffairs – hacking, Ryuk ransomware).

Ransomware

Ransomware Cryptocurrency Antivirus Banking

Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack

Security Affairs

JANUARY 6, 2023

The Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack in December that is still impacting medical activity. The Saint Gheorghe Recovery Hospital in Botoşani, in northeastern Romania, was hit by a ransomware attack in December that is still impacting medical operations. Pierluigi Paganini.

Ransomware

Ransomware Antivirus Media Encryption

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. The Cring ransomware appeared in the threat landscape in January, it was first reported by Amigo_A and the CSIRT team of Swisscom. The #CRING #ransomware is then downloaded via certutill.

VPN

VPN Ransomware Antivirus Firmware

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. LockFile ransomware gang started its operations last month, recently it was spotted targeting Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

Encryption

Encryption Ransomware Financial Services Antivirus

UHS hospitals hit by Ryuk ransomware attack

Security Affairs

SEPTEMBER 28, 2020

Universal Health Services (UHS) healthcare providers has reportedly shut down systems at healthcare facilities after a Ryuk ransomware attack. “When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. SecurityAffairs – hacking, Ryuk ransomware).

Ransomware

Ransomware Healthcare Advertising Antivirus

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

ransomware gang. ransomware. “The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. ransomware. ransomware as recently as March 2023.” “LockBit 3.0

Ransomware

Ransomware Penetration Testing Encryption Accountability

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs.

Ransomware

Ransomware Penetration Testing Healthcare Government

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

Last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man that is accused of distributing the infamous GandCrab ransomware. Last week, the Minister of Internal Affairs of Belarus announced the arrest of a man on charges of distributing the infamous GandCrab ransomware.

Ransomware

Ransomware Advertising Malware Hacking

Kaseya VSA supply-chain ransomware attack hit hundreds of companies

Security Affairs

JULY 3, 2021

A supply attack by REvil ransomware operators against Kaseya VSA impacted multiple managed service providers (MSPs) and their clients. A new supply chain attack made the headlines, this afternoon, the REvil ransomware gang hit the cloud-based MSP platform impacting MSPs and their customers. ” continues the Kaseya’s notice.

Ransomware

Ransomware Antivirus Software Encryption

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

The US Federal Bureau of Investigation (FBI) said that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors. Secret Service (USSS) to provide information on BlackByte ransomware. ” reads the advisory.

Ransomware

Ransomware Accountability Firmware Antivirus

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. The malicious code appended the extension .

Education

Education Ransomware Encryption Antivirus

If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04

Malwarebytes

FEBRUARY 12, 2024

Last year, some ransomware gangs refrained from deploying ransomware in their own attacks, opting to steal sensitive data and then threaten to publish it online if their victims refused to pay up—a method of extracting a ransom that is entirely without ransom ware. But not every organization has that at hand. ThreatDown can help.

Malware

Malware Ransomware Antivirus Information Security

HardBit ransomware gang adjusts their demands so the insurance company would cover the ransom cost

Security Affairs

FEBRUARY 21, 2023

Recently emerged HardBit ransomware gang adjusts their demands so the insurance company would cover the ransom cost. The HardBit ransomware group first appeared on the threat landscape in October 2022, but unlike other ransomware operations, it doesn’t use a double extortion model at this time. Very important!

Insurance

Insurance Ransomware Cyber Insurance Malware

Nemty Ransomware, a new malware appears in the threat landscape

Security Affairs

AUGUST 26, 2019

A new ransomware, dubbed Nemty, appeared in the threat landscape over the weekend, it spreads via compromised RDP connections. A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. Below the ransom note dropped by the Nemty ransomware after the encryption process is completed.

Ransomware

Ransomware Malware Antivirus Encryption

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. ” reads the issued by French CERT.

Government

Government Ransomware Encryption Penetration Testing

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The group provides Ransomware-as-a-Service (RaaS) to a network of affiliates.

Ransomware

Ransomware Healthcare Phishing Risk

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

. “Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. ” continues the press release.

Malware

Malware Antivirus Cybercrime Software

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine.”

Encryption

Encryption Ransomware Energy and Utilities Advertising

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Cybercriminals can sell not only bank logs but other kinds of logs, like session cookies with sensitive information, and more. Mars is not ransomware but an info stealer – there are some associations between the two.

Banking

Banking Cybercrime Malware Accountability

Cactus ransomware gang claims the Schneider Electric hack

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Webinars

Trending Sources

Akira ransomware received $42M in ransom payments from over 250 victims

Webinars

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Windows Defender identified Chromium, Electron apps as Hive Ransomware

FBI and CISA published a new advisory on AvosLocker ransomware

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Bitdefender released a free decryptor for the MegaCortex ransomware

New CACTUS ransomware appeared in the threat landscape

The U.S. CISA and FBI warn of Royal ransomware operation

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Experts spotted a variant of the Agenda Ransomware written in Rust

BlackCat Ransomware gang breached over 60 orgs worldwide

DEV-0569 group uses Google Ads to distribute Royal Ransomware

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Avoslocker ransomware gang targets US critical infrastructure

An expert shows how to stop popular ransomware samples via DLL hijacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

New Agenda Ransomware appears in the threat landscape

City of Dallas shut down IT services after ransomware attack

Ranzy Locker ransomware hit tens of US companies in 2021

Ransomware realities in 2023: one employee mistake can cost a company millions

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

NCSC warns of a surge in ransomware attacks on education institutions

Ryuk ransomware operations already made over $150M

Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

LockFile Ransomware uses a new intermittent encryption technique

UHS hospitals hit by Ryuk ransomware attack

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

PYSA ransomware gang is the most active group in November

Belarussian authorities arrested GandCrab ransomware distributor

Kaseya VSA supply-chain ransomware attack hit hundreds of companies

BlackByte ransomware breached at least 3 US critical infrastructure organizations

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04

HardBit ransomware gang adjusts their demands so the insurance company would cover the ransom cost

Nemty Ransomware, a new malware appears in the threat landscape

CERT France – Pysa ransomware is targeting local governments

US CISA and FBI publish joint alert on DarkSide ransomware

Romanians arrested for running underground malware services

Ragnar Ransomware encrypts files from virtual machines to evade detection

Info stealers and how to protect against them

Stay Connected