Article, CSO, Encryption and Ransomware

LockFile ransomware uses intermittent encryption to evade detection

CSO Magazine

AUGUST 30, 2021

A new ransomware threat called LockFile has been victimizing enterprises worldwide since July. Key to its success are a few new tricks that make it harder for anti-ransomware solutions to detect it. Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. |

Encryption

Encryption Ransomware CSO Antivirus

New Royal ransomware group evades detection with partial encryption

CSO Magazine

DECEMBER 14, 2022

A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. To read this article in full, please click here

Encryption

Encryption Ransomware

New Rorschach ransomware hits with unique features and very fast encryption

CSO Magazine

APRIL 4, 2023

Researchers warn of a new strain of ransomware dubbed Rorschach that doesn't appear to be related to previously known threats and uses several unique features in its implementation, including one of the fastest file encryption routines observed so far. “A To read this article in full, please click here

Encryption

Encryption Ransomware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

BrandPost: Novel Encryption Technique Helps Lockfile Ransomware Hide in Plain Sight

CSO Magazine

NOVEMBER 8, 2021

It’s known as “intermittent encryption” and researchers from Sophos recently discovered Lockfile encrypts alternate bundles of 16 bytes in a document to stay hidden. This novel approach helps the ransomware to avoid triggering a red flag because the new encryption method looks statistically very similar to the unencrypted original.

Encryption

Encryption Ransomware Engineering Technology

New Intel CPU-level threat detection capabilities target ransomware

CSO Magazine

JANUARY 19, 2021

Security vendors can now leverage new telemetry and machine learning processing capabilities built into Intel's 11th Gen mobile processors to better detect and block sophisticated ransomware programs that attempt to evade traditional detection techniques. To read this article in full, please click here

Threat Detection

Threat Detection CSO Ransomware Mobile

Ryuk ransomware explained: A targeted, devastatingly effective attack

CSO Magazine

MARCH 19, 2021

What is Ryuk ransomware? Ryuk is a sophisticated ransomware threat that has been targeting businesses, hospitals, government institutions and other organizations since 2018. Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ]

Ransomware

Ransomware CSO Encryption Government

New Linux-based ransomware targets VMware servers

CSO Magazine

MAY 26, 2022

Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs) that share the same hard drive storage. To read this article in full, please click here

Ransomware

Ransomware Encryption Security Awareness

Ransomware operators might be dropping file encryption in favor of corrupting files

CSO Magazine

SEPTEMBER 23, 2022

Ransomware started out many years as scams where users were being tricked into paying fictitious fines for allegedly engaging in illegal online behavior or, in more serious cases, were blackmailed with compromising videos taken through their webcams by malware. To read this article in full, please click here

Encryption

Encryption Ransomware DDOS Scams

Insured companies more likely to be ransomware victims, sometimes more than once

CSO Magazine

MAY 15, 2023

Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers. Back in 2019, fewer than 20% of enterprises suffered repeat ransomware attacks, while during the pandemic, the percentage rose to around 30%.

Insurance

Insurance Cyber Insurance Ransomware Encryption

BrandPost: Detect Log4j Attacks Hiding in Encrypted Traffic

CSO Magazine

JANUARY 21, 2022

ExtraHop threat researchers have observed attackers in the wild using encrypted traffic to avoid detection of Log4Shell attacks. This is consistent with the general trend of cyberattackers using encryption as an evasion mechanism to avoid detection during both the initial intrusion and lateral movement stages of an attack, among others.

Encryption

Encryption Ransomware

Nebulon's TripLine offers ransomware encryption protection for on-prem systems

CSO Magazine

MAY 9, 2023

Smart infrastructure provider Nebulon today announced the immediate availability of TripLine, an early warning system for cryptographically based ransomware attacks on on-premises systems. To read this article in full, please click here It’s designed to quickly identify the precise time and system location where an attack has occurred.

Encryption

Encryption Ransomware

Ransomware attacks on retailers rose 75% in 2021

CSO Magazine

SEPTEMBER 9, 2022

Retailers are fast becoming the favorite targets for ransomware criminals, with two out of three companies in the sector being attacked last year, according to a new report from cybersecurity firm Sophos. Attackers were able to successfully encrypt files in more than half of the attacks.

Retail

Retail Ransomware Encryption Cybersecurity

BianLian ransomware group shifts focus to extortion

CSO Magazine

MARCH 20, 2023

Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. To read this article in full, please click here The decryption tool was released in January.

Ransomware

Ransomware Encryption Cybersecurity

OnePercent ransomware group hits companies via IceID banking Trojan

CSO Magazine

AUGUST 24, 2021

The FBI is warning companies that a ransomware group calling itself OnePercent or 1Percent is leveraging the IceID Trojan and the Cobalt Strike backdoor to gain a foothold inside networks. The ransomware group has been active since at least November 2020 and has hit companies in the United States.

Ransomware

Ransomware Banking Encryption

New ransomware group CACTUS abuses remote management tools for persistence

CSO Magazine

MAY 8, 2023

A cybercriminal group has been compromising enterprise networks for the past two months and has been deploying a new ransomware program that researchers dubbed CACTUS. Encrypted files are appended with.cts1, although Kroll notes the number at the end of the extension has been observed to vary across incidents and victims.

Ransomware

Ransomware VPN Cyber threats Encryption

BrandPost: Beating Ransomware in the Midgame: Detection Best Practices in 2022

CSO Magazine

APRIL 14, 2022

What is Ransomware? Ransomware (ransom + malware) is a form of malware designed to allow malicious actors to extort money from an organization. This is accomplished by using a variety of encryption techniques that lock an organization's files to then force the organization to pay for the key to unlock the data.

Ransomware

Ransomware Encryption Malware

WannaCry explained: A perfect ransomware storm

CSO Magazine

AUGUST 24, 2022

WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them. What is WannaCry?

Ransomware

Ransomware Cybercrime Encryption Government

Ragnar Locker continues trend of ransomware targeting energy sector

CSO Magazine

SEPTEMBER 2, 2022

The recent attack on Greece’s largest natural gas transmission operator DESFA by ransomware gang Ragnar Locker is the latest on a growing list of incidents where ransomware groups attacked energy companies. To read this article in full, please click here over the past two years.

Ransomware

Ransomware Encryption

New ransomware HavanaCrypt poses as Google software update

CSO Magazine

AUGUST 24, 2022

A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. To read this article in full, please click here

Software

Software Ransomware Password Management Encryption

DarkSide ransomware explained: How it works and who is behind it

CSO Magazine

MAY 13, 2021

DarkSide is a ransomware threat that has been in operation since at least August 2020 and was used in a cyberattack against Georgia-based Colonial Pipeline , leading to a major fuel supply disruption along the East Coast of the US. To read this article in full, please click here (Insider Story)

Ransomware

Ransomware Encryption Malware Hacking

BrandPost: Are Retailers Ready for Holiday Season Ransomware?

CSO Magazine

NOVEMBER 24, 2021

Retail has a ransomware problem. While almost every sector has been plagued by ransomware over this past year– which is malicious software that locks access to systems and encrypts data so that users cannot access it – retail is a particularly hard hit vertical. To read this article in full, please click here

Retail

Retail Ransomware Encryption Software

Ransomware could target OneDrive and SharePoint files by abusing versioning configurations

CSO Magazine

JUNE 16, 2022

Researchers warn that documents hosted in the cloud might not be out of reach for ransomware actors and that while they're harder to permanently encrypt due to the automated backup features of cloud service, there are still ways to make life hard for organizations. To read this article in full, please click here

Ransomware

Ransomware Backups Encryption

BrandPost: Everything SMBs Need to Know About Ransomware in 2021

CSO Magazine

AUGUST 13, 2021

Ransomware attacks on large enterprises like Colonial Pipeline dominate the headlines. But did you know small and medium-size businesses (SMBs) account for at least half of all ransomware attacks, if not closer to two-thirds, according to the U.S. 1 In fact, ransomware is the most common cyberthreat that SMBs face. What it is.

Ransomware

Ransomware Digital transformation Insurance Encryption

BrandPost: How to Bridge the Ransomware Security Gap

CSO Magazine

OCTOBER 25, 2022

It is hard to believe how far ransomware has evolved since its origins in the early 1980s. In fact, according to recent reports , ransomware attacks increased by 80% in the first half of 2022 compared to the first half of 2021. To read this article in full, please click here

Ransomware

Ransomware Encryption

BrandPost: Healthcare Organizations: Moving to High Alert for Ransomware

CSO Magazine

APRIL 13, 2021

Healthcare facilities are currently a favorite target of criminals who use ransomware (aka malicious software) to launch attacks. Ransomware attacks on healthcare organizations also tie up hundreds of IT staff hours responding and recovering, impact multiple branches and clinics, and damage hard-earned business reputations.

Healthcare

Healthcare Ransomware Cryptocurrency Encryption

BrandPost: Key Finding – NETSCOUT Threat Intelligence Report 1st Half 2021: Triple Extortion

CSO Magazine

JANUARY 21, 2022

In this valuable NETSCOUT Threat Intelligence Report video , we explore the triple extortion attack method by looking at three key components: Data Encryption. Fact: Ransomware gangs have added triple-extortion attacks to their criminal service offerings. Data Theft. DDoS Attacks.

DDOS

DDOS Encryption Ransomware

BrandPost: Why Unified Platforms Are the Future of Network Security

CSO Magazine

OCTOBER 18, 2022

With network attacks booming, endpoints under duress from ransomware, and massive amounts of malware hiding in encrypted traffic, it’s never been more important to centralize and unify the security of network environments, users, and devices. To read this article in full, please click here

Network Security

Network Security Encryption Ransomware Malware

BrandPost: New Threats Based on ProxyShell Vulnerability Require Immediate Action

CSO Magazine

NOVEMBER 18, 2021

Conti ransomware affiliates are using Microsoft Exchange servers to hack into corporate networks using recently disclosed ProxyShell vulnerability exploits. Sophos made the discovery in a customer engagement in which the ransomware gang used Exchange to encrypt a customer’s data. To read this article in full, please click here

Ransomware

Ransomware Encryption Internet Internet

5 years after NotPetya: Lessons learned

CSO Magazine

JUNE 27, 2022

NotPetya was so named because it was similar to but different from Petya, a self-propagating ransomware virus discovered in 2016 that, unlike other nascent forms of ransomware at the time, was incapable of being decrypted. To read this article in full, please click here To read this article in full, please click here

Ransomware

Ransomware Encryption Malware

Security at the core of Intel’s new vPro platform

CSO Magazine

MARCH 23, 2023

Windows 11 systems can also take advantage of vPro’s memory encryption to provide better virtualization-based security. In tests conducted by SE Labs and commissioned by Intel, the vPro platform had 93% efficacy at detecting top ransomware attacks, a 24% improvement over software alone. To read this article in full, please click here

Threat Detection

Threat Detection Encryption Ransomware Software

BrandPost: Using Perimeter Defense to Shield Your Network from Attacks

CSO Magazine

DECEMBER 14, 2021

A successful phishing campaign will download just the kind of malware that drives ransomware. Learn how to recognize signs of compromise and stop the proliferation of attacks and malware that are known to drop ransomware before the encryption occurs and you receive the ransom note.

Phishing

Phishing Encryption Ransomware Malware

BrandPost: What the Colonial Pipeline Attack Means for Securing Critical Infrastructure

CSO Magazine

MAY 21, 2021

The cyber attack on Colonial Pipeline is the latest in an increasing number of ransomware attacks that have been targeting both private enterprise and the public sector. In this case, it appears that the ransomware variant involved is DarkSide, which ExtraHop has seen in customer environments.

Cyber Attacks

Cyber Attacks Ransomware Encryption

Best practices for recovering a Microsoft network after an incident

CSO Magazine

JULY 27, 2022

We have our normal password management processes, password storage tools, and encryption processes. Your servers are hit with ransomware or hacked. To read this article in full, please click here Doing so requires multiple backups, cloud resources, and tested backup and recovery processes. Then disaster strikes.

Backups

Backups Password Management Passwords Encryption

BrandPost: Insecure Protocols: SMBv1, LLMNR, NTLM, and HTTP

CSO Magazine

MAY 21, 2021

Four years ago, the WannaCry ransomware variant spread like wildfire, infecting and encrypting over 230,000 computers at public- and private-sector organizations worldwide, and inflicting hundreds of millions, if not billions, of dollars in damage. To read this article in full, please click here And it's not just SMBv1.

Ransomware

Ransomware Encryption

BrandPost: SIEM Alone Won't Stop Advanced Threats. Integrated NDR & SIEM Can. Here's Why.

CSO Magazine

OCTOBER 11, 2021

Ransomware was a $350+ million dollar business in 2020 , and all signs point to major growth in 2021. We saw increased usage of the double-extortion method, in which ransomware gangs exfiltrate data and threaten to release it publicly, on top of their traditional encryption-for-ransom scheme, to extract even greater payments from victims.

Encryption

Encryption Ransomware

Rash of hacktivism incidents accompany Russia’s invasion of Ukraine

CSO Magazine

MARCH 1, 2022

The hackers purportedly compromised the railway system’s routing and switching devices and rendered them inoperable by encrypting data stored on them. It's worth noting that the situation is really quite unprecedented,” Brett Callow, threat analyst at Emsisoft, tells CSO. “I To read this article in full, please click here

DDOS

DDOS Media Hacking CSO

BrandPost: 7 Key Considerations Before Purchasing a SASE Solution

CSO Magazine

DECEMBER 9, 2022

Consequently, when the pandemic forced many to suddenly shift to working out of home offices and other off-site locations, a spike in malware , particularly ransomware , was experienced worldwide. These malicious hackers were then able to infiltrate networks by hijacking encrypted VPN tunnels.

VPN

VPN Encryption Authentication Ransomware

Extortion group teases 190GB of stolen data as Samsung confirms security breach

CSO Magazine

MARCH 7, 2022

Ransomware is believed to be the attack method used by LAPSUS$ to target Samsung, which has confirmed a security breach of certain internal company data. The ransomware group first teased the data haul on Friday, March 4, with a snapshot of C/C++ directives in Samsung software. Attackers claim to have 190GB of Samsung data.

Data breaches

Data breaches Ransomware Encryption Software

Intel adds security enhancements to vPro line

CSO Magazine

MARCH 7, 2022

The platform contains security enhancements including: Threat Detection Technology (TDT), a hardware-based way to detect ransomware in an efficient and timely manner. To read this article in full, please click here Intel pulled the wraps off its latest vPro platform powered by its 12th Gen Core processors last week.

Threat Detection

Threat Detection Technology Encryption Ransomware

Luna Moth callback phishing campaign leverages extortion without malware

CSO Magazine

NOVEMBER 21, 2022

The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time. To read this article in full, please click here

Phishing

Phishing Malware Social Engineering Retail

How security vendors are aiding Ukraine

CSO Magazine

MARCH 2, 2022

CrowdStrike: Endpoint protection, threat intelligence, and response company CrowdStrike has released a new tool to decrypt “PartyTicket” ransomware targeting Ukrainian entities since February 23. The firm stated that the ransomware contains implementation errors, making its encryption breakable and slow.

Threat Detection

Threat Detection Surveillance Technology Cybersecurity

ChatGPT Security and Privacy Issues Remain in GPT-4

eSecurity Planet

APRIL 27, 2023

Those issues continue to exist in ChatGPT, and both can be tricked into creating ransomware , obfuscating malware , and other exploits, they said. I’m more concerned about what these issues suggest for the future. The key is getting ahead of the risks.”

Engineering

Engineering Risk CSO Social Engineering

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

In this article we will learn how to address and effectively respond to major enterprise cybersecurity threats and provide tips to mitigate IT security risk. One example is our phenomenal Ransomware Protection and G Suite security feature.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Iranian APT group uses previously undocumented Trojan for destructive access to organizations

CSO Magazine

FEBRUARY 3, 2022

It also deploys file encrypting malware, but unlike ransomware, the goal is to cause business disruption and cover its tracks rather than financial gain. To read this article in full, please click here Who is Moses Staff?

Ransomware

Ransomware Encryption Malware

LockFile ransomware uses intermittent encryption to evade detection

New Royal ransomware group evades detection with partial encryption

Webinars

Trending Sources

New Rorschach ransomware hits with unique features and very fast encryption

Webinars

BrandPost: Novel Encryption Technique Helps Lockfile Ransomware Hide in Plain Sight

New Intel CPU-level threat detection capabilities target ransomware

Ryuk ransomware explained: A targeted, devastatingly effective attack

New Linux-based ransomware targets VMware servers

Ransomware operators might be dropping file encryption in favor of corrupting files

Insured companies more likely to be ransomware victims, sometimes more than once

BrandPost: Detect Log4j Attacks Hiding in Encrypted Traffic

Nebulon's TripLine offers ransomware encryption protection for on-prem systems

Ransomware attacks on retailers rose 75% in 2021

BianLian ransomware group shifts focus to extortion

OnePercent ransomware group hits companies via IceID banking Trojan

New ransomware group CACTUS abuses remote management tools for persistence

BrandPost: Beating Ransomware in the Midgame: Detection Best Practices in 2022

WannaCry explained: A perfect ransomware storm

Ragnar Locker continues trend of ransomware targeting energy sector

New ransomware HavanaCrypt poses as Google software update

DarkSide ransomware explained: How it works and who is behind it

BrandPost: Are Retailers Ready for Holiday Season Ransomware?

Ransomware could target OneDrive and SharePoint files by abusing versioning configurations

BrandPost: Everything SMBs Need to Know About Ransomware in 2021

BrandPost: How to Bridge the Ransomware Security Gap

BrandPost: Healthcare Organizations: Moving to High Alert for Ransomware

BrandPost: Key Finding – NETSCOUT Threat Intelligence Report 1st Half 2021: Triple Extortion

BrandPost: Why Unified Platforms Are the Future of Network Security

BrandPost: New Threats Based on ProxyShell Vulnerability Require Immediate Action

5 years after NotPetya: Lessons learned

Security at the core of Intel’s new vPro platform

BrandPost: Using Perimeter Defense to Shield Your Network from Attacks

BrandPost: What the Colonial Pipeline Attack Means for Securing Critical Infrastructure

Best practices for recovering a Microsoft network after an incident

BrandPost: Insecure Protocols: SMBv1, LLMNR, NTLM, and HTTP

BrandPost: SIEM Alone Won't Stop Advanced Threats. Integrated NDR & SIEM Can. Here's Why.

Rash of hacktivism incidents accompany Russia’s invasion of Ukraine

BrandPost: 7 Key Considerations Before Purchasing a SASE Solution

Extortion group teases 190GB of stolen data as Samsung confirms security breach

Intel adds security enhancements to vPro line

Luna Moth callback phishing campaign leverages extortion without malware

How security vendors are aiding Ukraine

ChatGPT Security and Privacy Issues Remain in GPT-4

Cyber Security Awareness and Risk Management

Iranian APT group uses previously undocumented Trojan for destructive access to organizations

Stay Connected