Security Affairs

JULY 29, 2022

Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. The malware uses TOR exit nodes as a backup C2 infrastructure.

Malware 108

Malware Backups Manufacturing Accountability 108

Security Affairs

OCTOBER 31, 2022

The infection chain was divided into four stages : The malware was installed through a dropper, a program executed by opening an attachment to a deceptive e-mail, probably a fake pdf or doc file, or executed directly from the Internet, without user interaction, exploiting the exploit described in the point 4. The infection chain.

Malware 97

Malware Computers and Electronics Encryption Ransomware 97

Security Affairs

DECEMBER 24, 2022

“We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September.” “The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.”

Government 52

Government Malware Telecommunications Cybercrime 52

Security Affairs

APRIL 9, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! billion rubles.

Computers and Electronics 80

Computers and Electronics Backups Cybercrime Marketing 80

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches 87

Data breaches DDOS Backups Firewall 87

Security Affairs

JULY 2, 2023

Illicit Telegram Communities Dismantling of an encrypted network sends shockwaves through organised crime groups across Europe TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant Malware Trojanized Super Mario Game Installer Spreads SupremeBot Malware Initial research exposing JOKERSPY Who is 8BASE?

Cybercrime 85

Cybercrime Hacking Ransomware Malware 85

Security Affairs

NOVEMBER 19, 2023

The Talos researchers discovered a number of features implemented by Phobos allowing operators to establish persistence in a targeted system, perform speedy encryption, and remove backups. Disable system recovery, backup and shadow copies and the Windows firewall. Embedded configuration with more than 70 options available.

Ransomware 125

Ransomware Encryption Backups Manufacturing 125

Security Affairs

NOVEMBER 6, 2022

Cisco addressed several high-severity flaws in its products LockBit ransomware gang claims the hack of Continental automotive group 250+ U.S. Cisco addressed several high-severity flaws in its products LockBit ransomware gang claims the hack of Continental automotive group 250+ U.S.

Hacking 88

Hacking Ransomware Cybercrime Backups 88

Security Affairs

OCTOBER 27, 2022

In October 2022, the malware was used in post-compromise activity attributed to another actor, DEV-0950 (which overlaps with FIN11 / TA505 cybercrime gang). In some cases, the attackers delivered the Truebot malware between the Raspberry Robin infection and the Cobalt Strike deployment.

Ransomware 96

Ransomware Malware Data collection Encryption 96

Security Affairs

NOVEMBER 8, 2023

The FBI also published recommendations for organizations to improve their security posture in response to these new activity trends. The FBI also recommends reviewing the security posture of third-party vendors.

Ransomware 107

Ransomware Backups Encryption Phishing 107

Security Affairs

JUNE 7, 2022

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation.

Ransomware 141

Ransomware Backups Malware Firewall 141

Security Affairs

JANUARY 17, 2022

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. The principle is simple, according to the authors of the malware, recent files may be more important for some victims and typically they are not included in recent backups. ” reported The Record.

Ransomware 139

Ransomware Encryption Backups Malware 139

Security Affairs

SEPTEMBER 1, 2023

The Key Group ransomware deletes volume shadow copies using living-off-the-land binaries (LOLBINs) and backups made with the Windows Server Backup tool. The ransomware also disables updates from multiple anti-malware solutions (i.e Avast, ESET, and Kaspersky) by modifying the hosts file inside the Windows OS.

Ransomware 113

Ransomware Encryption Backups Malware 113

Security Affairs

JULY 5, 2023

The malware allows operators to steal information from various browsers, it also supports ransomware capabilities. The malware communicates with the command and control servers through HTTPS. Furthermore, the malware exhibits stealer functionalities, enabling the theft of user data.”

Energy and Utilities 82

Energy and Utilities Ransomware Backups Malware 82

Security Affairs

MAY 9, 2024

Below is the request employed in the attacks observed by the experts:, GET /api/v1/totp/user-backup-code/././license/keys-status/{Any The fact that Mirai was delivered through this vulnerability will also mean the deployment of other harmful malware and ransomware is to be expected.

Authentication 96

Authentication Backups Cyber threats Malware 96

Security Affairs

OCTOBER 29, 2021

Pundari also added that the government didn’t pay a ransom to the threat actors and the system was recovered from backups. “The Department is conscious of the security and integrity of its data. SecurityAffairs – hacking, cybercrime). The government was not able to pay cheques and ordinary operations were impacted.

Ransomware 83

Ransomware Government Financial Services Cybercrime 83

IT Security Guru

AUGUST 16, 2021

million to cybercrime, as per official police statistics. One of the most damaging forms of cybercrime comes in the form of Ransomware. . Not only that, but 81% of cyber security experts believe we are likely to see more ransomware than ever across the next few years, thanks to its increasing prevalence. What is Ransomware?

Ransomware 102

Ransomware Cybercrime Backups Encryption 102

Security Affairs

MAY 4, 2024

Such drastic containment measures are typically associated with malware infections, while the unavailability of affected systems often suggests a ransomware infection. Another concern for companies affected by ransomware is the potential exfiltration of data.

Ransomware 91

Ransomware Data breaches Malware Backups 91

Security Affairs

JANUARY 28, 2023

The recent Hive infrastructure takedown as well as other major gangs dissolution such as Conti in 2022, is making room in the cybercrime business The Lockbit locker leaked a few months ago in the underground, is increasing its popularity and adoption among micro-criminal actors.

Penetration Testing 89

Penetration Testing Ransomware Firewall Social Engineering 89

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Regularly back up data, air gap, and password-protect backup copies offline.

Ransomware 105

Ransomware Antivirus Passwords Malware 105

Security Affairs

MARCH 26, 2023

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days CISA announced the Pre-Ransomware Notifications initiative China-linked hackers target telecommunication providers in the Middle East City of Toronto is one of the victims hacked by Clop gang using GoAnywhere (..)

Data breaches 77

Data breaches DDOS Backups Ransomware 77

Security Affairs

DECEMBER 7, 2021

Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. “Glupteba malware masquerades as free, downloadable software, videos, or movies (“freeware”) and infects a device when a user clicks on a link to the freeware. .” ” reads the post published by Google.

Backups 111

Backups Advertising Accountability Malware 111

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Implement network segmentation and maintain offline backups of data to ensure limited interruption to the organization.

Ransomware 98

Ransomware DDOS Passwords Backups 98

Security Affairs

JANUARY 6, 2023

The MegaCortex ransomware first appeared on the threat landscape in May 2019 when it was spotted by security experts at Sophos. The experts noticed that in MegaCortex attacks other malware like Emotet and Qbot (aka Qakbot) were present in the same network. The group typically asked ransoms between $20,000 to $5.8

Ransomware 95

Ransomware Antivirus Encryption Backups 95

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. If you use Remote Desktop Protocol (RDP), secure and monitor it.

Ransomware 69

Ransomware VPN Cybercrime Accountability 69

Security Affairs

JULY 3, 2022

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malware uses TOR exit nodes as a backup C2 infrastructure. SecurityAffairs – hacking, malware). In the example below, q:erpbirel.yax deciphers to d:recovery.lnk.”.

Manufacturing 99

Manufacturing Malware Backups Technology 99

Security Affairs

FEBRUARY 13, 2024

Stopping it will remove the evidence stored in the volatile memory (RAM) Collect and keep all relevant log information, from the affected equipment, but also from network equipment, firewall Examine the system logs to identify the mechanism by which IT infrastructure has been compromised Immediately inform all employees and notify affected customers (..)

Ransomware 112

Ransomware Backups Encryption Healthcare 112

Security Affairs

FEBRUARY 16, 2023

Talos researchers observed a financially motivated threat actor using a new ransomware dubbed MortalKombat and a clipper malware named Laplas. Technical analysis of the malware along with Indicators of compromise (IoCs) are included in the report published by Talos. Most of the victims are located in the U.S.,

Ransomware 80

Ransomware Cryptocurrency Malware Small Business 80

Security Affairs

OCTOBER 19, 2021

The launch of the BlackMatter ransomware-as-a-service (RaaS) was first spotted by researchers at Recorded Future who also reported that the gang is setting up a network of affiliates using ads posted on two cybercrime forums, such as Exploit and XSS. Scanning backups. Secret Service at a U.S. Secret Service Field Office.

Ransomware 113

Ransomware Backups Encryption Cybercrime 113

Security Affairs

DECEMBER 24, 2019

According to the alert, attackers leverage exploits, phishing attacks, credential stuffing to deliver the malware. This move is shocking and brings the ransomware attack to a higher level of threat, we can expect that other cybercrime gangs will adopt a similar strategy to blackmail the victims and force them to pay the ransom.

Ransomware 60

Ransomware Backups Encryption Cyber Attacks 60

Security Affairs

JANUARY 24, 2024

Threat actors are wiping NAS and backup devices. According to the NCSC-FI, six out of seven infections were caused by Akira family malware. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware 108

Ransomware VPN Government Retail 108

Security Affairs

APRIL 25, 2024

SCMagazine reported that Systembolaget, in response to Skanlog’s uncertainty about restoring its operations, plans to implement a backup procedure to address potential delays in deliveries. Skanlog spokesman warned that certain alcoholic beverages could be sold out within a few days.

Ransomware 105

Ransomware Retail Cyber Attacks Backups 105

Security Affairs

FEBRUARY 28, 2023

Since December 2022, Cisco Talos researchers have been observing an unidentified financially motivated threat actor deploying two new malware, the MortalKombat ransomware and a GO variant of the Laplas Clipper malware. ” reads the post published by Bitdefender.

Ransomware 89

Ransomware Antivirus Backups Malware 89

Security Affairs

MARCH 12, 2023

PlugX malware delivered by exploiting flaws in Chinese programs Prometei botnet evolves and infected +10,000 systems since November 2022 CISA adds VMware’s Cloud Foundation bug to Known Exploited Vulnerabilities Catalog Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man Latest version of Xenomorph Android malware (..)

Data breaches 83

Data breaches Banking Government Ransomware 83

Security Affairs

NOVEMBER 5, 2021

Over the past months, other ransomware gangs, including Conti and Lockfile , exploited ProxyShell flaws to deliver their malware. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware.

Ransomware 125

Ransomware Backups Encryption DNS 125

Security Affairs

DECEMBER 18, 2022

years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M

Data breaches 92

Data breaches Hacking DDOS VPN 92

Security Affairs

FEBRUARY 14, 2021

Cybercriminal behind the most prominent carding marketplace on the dark web Joker’s Stash retires, he will shut down its servers and destroy the backups. The administrator announced the decision via messages posted on various cybercrime forums. ” reads the article published by Forbes. Image source FlashPoint.

Cybercrime 97

Cybercrime Backups Hacking DNS 97