Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. The Hive ransomware adds the.hive extension to the filename of encrypted files. .

Encryption 108

Encryption Ransomware Spyware Malware 108

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware 125

Ransomware Encryption Backups Manufacturing 125

Security Affairs

NOVEMBER 8, 2023

The attacks frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons.” The FBI also published recommendations for organizations to improve their security posture in response to these new activity trends. ” reported the PIN.

Ransomware 107

Ransomware Backups Encryption Phishing 107

Security Affairs

SEPTEMBER 1, 2023

. “Key Group ransomware uses a base64 encoded static key N0dQM0I1JCM= to encrypt victims’ data. The threat actor tried to increase the randomness of the encrypted data by using a cryptographic technique called salting. ” reads the report published by EclecticIQ.

Ransomware 113

Ransomware Encryption Backups Malware 113

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

AUGUST 30, 2019

PerCSoft is a cloud management provider for Digital Dental Record (DDR), that operates the online data backup service called DDS Safe. DDS Safe, is a HIPAA Compliant 3 layered online dental backup system that provides dental offices triple the protection of traditional online back-up solutions. SecurityAffairs – DDS Safe, hacking).

Backups 91

Backups Ransomware Advertising Encryption 91

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. Recently, the Chinese security firm Rising detected a Linux variant of the SFile ransomware that uses the RSA+AES algorithm mode. SecurityAffairs – hacking, ransomware). SecurityAffairs – hacking, ransomware).

Ransomware 139

Ransomware Encryption Backups Malware 139

Security Affairs

JUNE 29, 2023

Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software. Arcserve released UDP 9.1

Authentication 89

Authentication Backups Ransomware Software 89

Security Affairs

JANUARY 6, 2023

The decryptor also supports the “Scan Entire System” mode which allows users to search for all encrypted files. The user guide released by the security firm strongly recommends users of maintaining the “Backup files” option enabled. By checking the backup option, users will see both the encrypted and decrypted files.

Ransomware 95

Ransomware Antivirus Encryption Backups 95

Security Affairs

NOVEMBER 5, 2021

Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. The ransomware module encrypts the files in the victim’s server and appends a file extension.babyk to the encrypted files.”

Ransomware 125

Ransomware Backups Encryption DNS 125

Security Affairs

OCTOBER 5, 2022

The security firm discovered a bug in the encryption process implemented by the Hades ransomware that can be used to recover the files encrypted by some variants. “We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. Pierluigi Paganini.

Ransomware 88

Ransomware Encryption Backups Passwords 88

Security Affairs

MAY 11, 2021

Maintain offline, encrypted backups of data and regularly test your backups. Regularly conduct backup procedures and keep backups offline or in separated networks. SecurityAffairs – hacking, Avaddon). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 129

Ransomware Backups Antivirus DDOS 129

Security Affairs

FEBRUARY 13, 2024

The attack took place on February 11 and encrypted data in the production servers. As a result of the attack, the system is down, files and databases are encrypted.” “During the night of February 11 to 12, 2024, a massive cyber ransomware attack took place on the production servers on which the HIS IT system runs.

Ransomware 112

Ransomware Backups Encryption Healthcare 112

Security Affairs

NOVEMBER 12, 2023

Like other ransomware gangs, Lorenz operators also implement double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom. In mid-October, the ALPHV/BlackCat ransomware group claimed to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site.

Ransomware 125

Ransomware Healthcare Encryption Cyber Attacks 125

Security Affairs

OCTOBER 15, 2023

The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. The group claims to have stolen 5TB of patients’ and employee’s information, backups, PII documents, and more. Threat actors continue to target hospitals.

Ransomware 123

Ransomware Healthcare Data breaches Cyber Attacks 123

Security Affairs

APRIL 14, 2023

The account was used to create database backups which were then downloaded and deleted. It also downloaded existing nightly full-backups of the database. The company pointed out that although MyBB stores passwords in an encrypted format they assumed all passwords are compromised.

Data breaches 91

Data breaches Backups Passwords Accountability 91

Security Affairs

OCTOBER 3, 2023

Like all ransomware, this is a type of malware that, once introduced into an organization, encrypts the data and then requires the victim to pay a ransom in order to decrypt it. Encrypted file structure ransomware BlackCat / ALPHV: [ORIGINAL_FILENAME].[ORIGINAL_extension].specific/different Black The LockBit 3.0 ORIGINAL_extension].specific/different

Ransomware 121

Ransomware Encryption Technology Backups 121

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 These switches are running Linux and are powerful. They are ideal to host implants.”

Firewall 108

Firewall Authentication Architecture Backups 108

Security Affairs

FEBRUARY 7, 2022

. “On the final wizard page, you can opt-in whether you want to backup encrypted files. These backups may help if anything goes wrong during the decryption process. TargetCompany has been active since June 2021 , once encrypted a file it adds.mallox,exploit,architek, or.brg extension to the filenames of encrypted files.

Ransomware 98

Ransomware Backups Encryption Passwords 98

Security Affairs

OCTOBER 19, 2021

Like other ransomware operations, BlackMatter also set up its leak site where it publishes data exfiltrated from the victims before encrypting their system. BlackMatter then remotely encrypts the hosts and shared drives as they are found. Scanning backups. Secret Service at a U.S. Secret Service Field Office.

Ransomware 113

Ransomware Backups Encryption Cybercrime 113

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Regularly back up data, password protect backup copies offline. hard drive, storage device, the cloud).

Ransomware 98

Ransomware DDOS Passwords Backups 98

Security Affairs

JULY 5, 2023

Once inside the system, this malicious variant stealthily extracts sensitive information and proceeds to encrypt the compromised files.” In the last stage of the attack, the stealer uses the ransomware modules to encrypt the user’s data. ” extension to encrypted files and deletes backups.

Energy and Utilities 82

Energy and Utilities Ransomware Backups Malware 82

Security Affairs

APRIL 9, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! billion rubles. billion rubles.

Computers and Electronics 80

Computers and Electronics Backups Cybercrime Marketing 80

Security Affairs

FEBRUARY 5, 2022

After ransomware ads were banned on hacking forum, the LockBit operators set up their own leak site promoting the latest variant and advertising the LockBit 2.0 enumerates system information to include hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices.

Ransomware 88

Ransomware Backups Encryption Accountability 88

Security Affairs

AUGUST 21, 2020

The University was able to recover the operations from the backups, but decided to pay the ransom to avoid having ransomware operators leak student information online. ” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers. .” “It was determined that approximately.02%

Ransomware 144

Ransomware Cyber Insurance Insurance Advertising 144

Security Affairs

AUGUST 12, 2020

The City of Lafayette, Colorado, USA, has been forced to pay $45,000 because they were unable to restore necessary files from backup. Now the City of Lafayette admitted they were a victim of a ransomware attack that encrypted its systems and confirmed that opted to pay a $45,000 ransom to receive a decryption tool to recover its files.

Backups 137

Backups Advertising Ransomware Hacking 137

Security Affairs

FEBRUARY 8, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has released a script to allow them to recover encrypted VMware ESXi servers. Experts noticed that only a few thousand systems were encrypted worldwide. This tool works by reconstructing virtual machine metadata from virtual disks that were not encrypted by the malware.”

Ransomware 87

Ransomware Encryption Backups Cybersecurity 87

Security Affairs

AUGUST 21, 2021

Most of the recent ransomware attack resulted in data breaches for the victims, threat actors implemented a double-extortion schema threatening the victims to data stolen before encrypting them on compromised systems. SecurityAffairs – hacking, CISA). softwa re company Kaseya. . Follow me on Twitter: @securityaffairs and Facebook.

Data breaches 114

Data breaches Ransomware Backups Technology 114

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. SecurityAffairs – hacking, Wannacry).

Malware 97

Malware Computers and Electronics Encryption Ransomware 97

Security Affairs

JUNE 17, 2022

Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive and target cloud infrastructure. Researchers from Proofpoint reported that a feature in the in Microsoft 365 suite could be abused to encrypt files stored on SharePoint and OneDrive.

Encryption 88

Encryption Backups Ransomware Accountability 88

Security Affairs

FEBRUARY 12, 2022

If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth. Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud. SecurityAffairs – hacking, ransomware). ” concludes the advisory. Pierluigi Paganini.

Ransomware 90

Ransomware Backups Encryption Accountability 90

Security Affairs

JANUARY 16, 2022

The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3 (Hybrid Backup Sync).” reads the security advisory published by the vendor. Then it also deletes snapshots to prevent restoring of data from the backups and drops a ransom note (named !!!READ_ME.txt) Pierluigi Paganini.

Ransomware 114

Ransomware Encryption Backups Firmware 114

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware 144

Ransomware Encryption Passwords Malware 144

Security Affairs

JANUARY 29, 2023

Copycat Criminals mimicking Lockbit gang in northern Europe Sandworm APT targets Ukraine with new SwiftSlicer wiper ISC fixed high-severity flaws in DNS software suite BIND Patch management is crucial to protect Exchange servers, Microsoft warns Hacker accused of having stolen personal data of all Austrians and more CVE-2023-23560 flaw exposes 100 (..)

DNS 85

DNS Data breaches Hacking Backups 85

Security Affairs

JULY 2, 2023

WordPress sites using the Ultimate Member plugin are under attack LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC Avast released a free decryptor for the Windows version of the Akira ransomware Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor miniOrange’s WordPress Social Login and Register plugin (..)

Cybercrime 85

Cybercrime Hacking Ransomware Malware 85

Security Affairs

NOVEMBER 23, 2020

“The FBI first observed Ragnar Locker1ransomwarein April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data,” reads the flash alert. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Ransomware 145

Ransomware Encryption VPN Backups 145

Security Affairs

JUNE 1, 2020

Last week a member of the Joomla Resources Directory (JRD) team left an unencrypted full backup of the JRD site ( resources.joomla.org ) on an unsecured Amazon Web Services S3 bucket operated by the company. “JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket.

Data breaches 101

Data breaches Backups Passwords Advertising 101