Blog, Cybercrime, Education and Ransomware

Educational Institutions, the Favorite Targets of Vice Society Ransomware in 2022

Heimadal Security

DECEMBER 9, 2022

Vice Society ransomware seemed to favor educational institutions in their attacks in 2022. The Cybercrime group targeted 33 schools in the last year, surpassing other threat actors like LockBit, BlackCat, BianLian, and Hive.

Education

Education Ransomware Manufacturing Healthcare

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

Microsoft has addressed a zero-day in the Windows Common Log File System (CLFS) actively exploited in ransomware attacks. Microsoft has addressed a zero-day vulnerability, tracked as CVE-2023-28252 , in the Windows Common Log File System (CLFS), which is actively exploited in ransomware attacks.

Cybercrime

Cybercrime Ransomware Education Media

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

MAY 14, 2021

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform.

Ransomware

Ransomware Cryptocurrency Cybercrime Healthcare

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Security Affairs

MAY 12, 2023

CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350.

Education

Education Ransomware Encryption Malware

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI. To nominate, please visit:?.

Cybercrime

Cybercrime Education Accountability Phishing

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog. and Europe in early March.” So it’s a double vig.”

Ransomware

Ransomware Backups Encryption Internet

‘Educational’ ransomware program may instead become a how-to guide for attackers

SC Magazine

MARCH 5, 2021

A developer published via GitHub a proof-of-concept (POC) ransomware program featuring strong compatibility with the post-exploitation tool Cobalt Strike, open-source coding, and extensionless encryption. But this news also leads to some interesting questions: What are the motivations for posting a POC ransomware program online?

Education

Education Ransomware Malware Cybercrime

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

. “While the ultimate goal of the current activity leveraging PaperCut’s software is unknown, these links (albeit somewhat circumstantial) to a known ransomware entity are concerning. ” concludes the report published by Huntress.

Cybercrime

Cybercrime Software Education Ransomware

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The internet has drawn comparisons to the Wild West, making ransomware the digital incarnation of a hold-up. They could be on the other side of the globe, part of a cybercrime regime that will never be discovered, much less brought to justice. Ransomware usually starts with a phishing email. Prevalence. A typical attack.

Ransomware

Ransomware Education Financial Services Phishing

Health insurer Point32Health suffered a ransomware attack

Security Affairs

APRIL 23, 2023

Non-profit health insurer Point32Health suffered a ransomware attack and has taken systems offline in response to the incident. Non-profit health insurer Point32Health has taken systems offline in response to a ransomware attack that took place on April 17.

Insurance

Insurance Ransomware Education Accountability

Pondurance Announces Partnership With E&I Cooperative Services

Security Boulevard

MAY 8, 2024

The vast majority of cyberattacks are executed for financial gain, and that means that any organization, regardless of size, industry, or current in-house capabilities, can become a victim of cybercrime. The post Pondurance Announces Partnership With E&I Cooperative Services appeared first on Pondurance.

Education

Education Cybercrime Phishing Ransomware

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

The City of Dallas, Texas, was hit by a ransomware attack that forced it to shut down some of its IT systems. The IT systems at the City of Dallas, Texas, have been targeted by a ransomware attack. However, CBS News Texas obtained an image the ransomware note dropped by the malware on the infected systems. Source J.D.

Ransomware

Ransomware Healthcare Education Encryption

Money Message ransomware group claims to have hacked IT giant MSI

Security Affairs

APRIL 6, 2023

Ransomware gang Money Message claims to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). MSI is headquartered in Taipei, Taiwan.

Hacking

Hacking Ransomware Manufacturing Education

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Security Affairs

APRIL 27, 2023

Microsoft revealed that recent attacks against PaperCut servers aimed at distributing Cl0p and LockBit ransomware. The group is known to be an affiliate of the Clop ransomware RaaS affiliate, it has been linked to GoAnywhere attacks and Raspberry Robin infection. The group used the file-sharing app MegaSync for data exfiltration.

Ransomware

Ransomware Education Media Malware

Trigona Ransomware targets Microsoft SQL servers

Security Affairs

APRIL 20, 2023

Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware. Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. The svchost.bat registers the Trigona binary to the Run key to maintain persistence.

Ransomware

Ransomware Malware Encryption Hacking

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The tool was developed by a company named Kodex, which claims that the tool was developed for an educational purpose. EvilExtractor is a modular info-stealer, it exfiltrates data via an FTP service.

Cybercrime

Cybercrime Malware Education Phishing

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. This week the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). MSI is headquartered in Taipei, Taiwan.

Ransomware

Ransomware Firmware Hacking Manufacturing

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate. Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. businesses called #ShieldsUp.

Cybersecurity

Cybersecurity Cybercrime Education Government

Cyber News Rundown: Global Cybercrime Costs Surpass $1 Trillion

Webroot

DECEMBER 11, 2020

Cybercrime surpasses $1Trillion in global costs. A recent study has put the global cost of cybercrime at over $1 trillion for 2020. The worldwide hosting service provider Netgain was forced to take many of its servers and data centers offline following a recent ransomware incident. Major hosting provider affected by cyberattack.

Cybercrime

Cybercrime Education Passwords Technology

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

The best way to stay up-to-date with the recent trends is by reading the top cybersecurity blogs. Here’s our list of the best cybersecurity blogs to read and follow. Securing Tomorrow SecuringTomorrow is a blog by McAfee, one of the biggest security software providers. Their main focus is on cybercrime investigations.

Cybersecurity

Cybersecurity IoT Antivirus Education

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. Check Point Research (CPR) and Check Point Incident Response Team (CPIRT) researchers detected a previously unknown ransomware strain, dubbed Rorschach ransomware , that was employed in attack against a US-based company.

Encryption

Encryption Ransomware Malware Backups

Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation

Security Affairs

APRIL 19, 2023

Russian national Denis Mihaqlovic Dubnikov has been sentenced to time served for committing money laundering for the Ryuk ransomware operation. Russian national Denis Dubnikov (30) has been sentenced to time served for committing money laundering for the Ryuk ransomware group. The man was also ordered to pay $2,000 in restitution.

Ransomware

Ransomware Education Media Hacking

FakeSG campaign, Akira ransomware and AMOS macOS stealer

SecureList

DECEMBER 13, 2023

In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns. In this article, we share excerpts from our reports on the FakeSG campaign, the Akira ransomware and the AMOS stealer. AMOS Stealers are growing in popularity.

Ransomware

Ransomware Passwords Malware Encryption

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs

MAY 2, 2023

“Noncompliant virtual currency exchanges, which have a lax anti-money laundering program or collect minimal Know Your Customer information or none at all, serve as important hubs in the cybercrime ecosystem and are operating in violation of Title 18 United States Code, Sections 1960 and 1956.”

Cybercrime

Cybercrime Cryptocurrency Advertising Education

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e. AgentTesla ). ” continues the analysis. ” concludes the report. Pierluigi Paganini. adrotate banner=”13″].

Healthcare

Healthcare Ransomware Phishing Government

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

Security Affairs

JUNE 10, 2022

The Vice Society group has claimed responsibility for the ransomware attack that hit the Italian city of Palermo forcing the IT admins to shut down its infrastructure. The Vice Society ransomware group has claimed responsibility for the recent cyber attack that hit the city of Palermo in the South of Italy.

Ransomware

Ransomware Data breaches Cyber Attacks Surveillance

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

billion rubles. Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Computers and Electronics

Computers and Electronics Backups Cybercrime Marketing

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are also massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. The user dfyz on Searchengines[.]ru

DDOS

DDOS Internet Internet Government

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime

Cybercrime Malware Hacking Accountability

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

APRIL 10, 2023

Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation. Threat actors masqueraded the attacks as a standard ransomware operation. ” DEV-1084 presented itself as cybercrime group likely as an attempt to hide its real motivation of a nation-state actor.

Ransomware

Ransomware Cybercrime VPN Education

FBI warns of ransomware gang – What you need to know about the OnePercent group

CyberSecurity Insiders

OCTOBER 14, 2021

This blog was written by an independent guest blogger. The FBI recently published a warning stating that ransomware gang OnePercent Group has been attacking companies in the US since November 2020. Ransomware is then downloaded and the breach is underway. How to spot their scam and protect yourself.

Social Engineering

Social Engineering Ransomware Engineering Phishing

LockBit leaks data stolen from the South Korean National Tax Service

Security Affairs

APRIL 1, 2023

The LockBit ransomware gang announced the publishing of data stolen from the South Korean National Tax Service. On March 29, 2023, The Lock Bit ransomware gang announced the hack of the South Korean National Tax Service.

Identity Theft

Identity Theft Ransomware Scams Education

UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attack

Security Affairs

JUNE 29, 2020

million to cybercriminals to recover data after a ransomware attack. million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1. Million ransom to decrypt files after Ransomware attack appeared first on Security Affairs. ” reported the website edscoop.com. .”

Ransomware

Ransomware Encryption Advertising Malware

Ransomware Trends Show Lockbit Most Active, New Tactics, Healthcare Hit Hard

Security Boulevard

JUNE 8, 2022

Ransomware Trends Show Lockbit Most Active, New Tactics, Healthcare Hit Hard. LockBit replaced Conti as the most active ransomware gang and continued to evolve its operations in the first quarter, according to a report (PDF) from KELA Cybercrime Intelligence. Another notable Ransomware trend: new methods of intimidation.

Healthcare

Healthcare Ransomware Encryption Cybercrime

What Is REvil Ransomware?

SiteLock

SEPTEMBER 29, 2021

REvil ransomware might look and sound strange, but it’s a common weapon used by cybercriminals to target unsuspecting businesses, steal sensitive data, and extort money from companies. Many businesses fear falling victim to a REvil ransomware attack—and for good reason. So, what is REvil ransomware, exactly? Let’s take a look.

Ransomware

Ransomware Computers and Electronics Backups Passwords

Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike

Security Affairs

APRIL 7, 2023

Threat actors, including ransomware groups and nation-state actors, use Cobalt Strike after obtaining initial access to a target network. This includes installing ransomware like Conti , LockBit , Quantum Locker, Royal, Cuba, BlackBasta , BlackCat and PlayCrypt, to arrest access to the systems. ” reads the court order.

Penetration Testing

Penetration Testing Ransomware Malware Hacking

Researchers found the first Linux variant of the RTM locker

Security Affairs

APRIL 27, 2023

RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems. The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider.

Encryption

Encryption Ransomware Malware Education

Protect From Cyberattacks With These 6 Steps For Cyber Resilience

Webroot

FEBRUARY 24, 2022

The pros behind Carbonite + Webroot joined forces with industry leading researchers at IDC to develop an easy-to-understand framework for fighting back against cybercrime. IDC researchers make an iron-clad case for cyber resilience by looking at the current state of cybercrime. Making the case. The results? But it’s not all bad news.

Cybercrime

Cybercrime Ransomware Backups Education

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

The Last Watchdog

DECEMBER 8, 2022

The gap between confidence in oneself when it comes to cybersecurity hygiene and actual implementation of protection against cybersecurity threats leaves much room for bad actors to execute successful malware and ransomware attacks. Blurred lines. The hybrid workforce is here to stay, along with the blurring of work and home.

Cybersecurity

Cybersecurity Passwords Password Management Ransomware

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

The Last Watchdog

OCTOBER 5, 2023

Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.) For the first expert interview on our blog, we welcomed Pulitzer-winning investigative reporter Byron V. He previously chronicled the emergence of cybercrime while covering Microsoft for USA TODAY.

Cyber threats

Cyber threats Cyber Insurance Cybersecurity Threat Detection

Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach

Security Affairs

APRIL 11, 2023

Brands, the company that owns the KFC, Pizza Hut, and Taco Bell brands, disclosed a data breach after the January ransomware attack. On January 13, 2023, Yum! Brands suffered a cyberattack that forced the company to take its systems offline closing roughly 300 restaurants in the UK for one day.

Data breaches

Data breaches Identity Theft Education Ransomware

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs

APRIL 16, 2023

Researchers warn that the LockBit ransomware gang has developed encryptors to target macOS devices. The LockBit group is the first ransomware gang of all time that has created encryptors to target macOS systems, MalwareHunterTeam team warn.

Encryption

Encryption Architecture Ransomware Education

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware

Spyware Ransomware Malware Data breaches

Western Digital took its services offline due to a security breach

Security Affairs

APRIL 3, 2023

The response to the incident put in place by WD suggests that the company was the victim of a ransomware attack, but at this time it is not included in any of Tor leak sites of ransomware groups.

Wireless

Wireless Education Ransomware Media

Educational Institutions, the Favorite Targets of Vice Society Ransomware in 2022

Cybercrime group exploits Windows zero-day in ransomware attacks

Trending Sources

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

FBI: Compromised US academic credentials available on various cybercrime forums

REvil Ransomware Gang Starts Auctioning Victim Data

‘Educational’ ransomware program may instead become a how-to guide for attackers

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Health insurer Point32Health suffered a ransomware attack

Pondurance Announces Partnership With E&I Cooperative Services

City of Dallas shut down IT services after ransomware attack

Money Message ransomware group claims to have hacked IT giant MSI

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Trigona Ransomware targets Microsoft SQL servers

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

MSI confirms security breach after Money Message ransomware attack

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Cyber News Rundown: Global Cybercrime Costs Surpass $1 Trillion

15 Best Cybersecurity Blogs To Read

Rorschach ransomware has the fastest file-encrypting routine to date

Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation

FakeSG campaign, Akira ransomware and AMOS macOS stealer

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Stark Industries Solutions: An Iron Hammer in the Cloud

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

FBI warns of ransomware gang – What you need to know about the OnePercent group

LockBit leaks data stolen from the South Korean National Tax Service

UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attack

Ransomware Trends Show Lockbit Most Active, New Tactics, Healthcare Hit Hard

What Is REvil Ransomware?

Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike

Researchers found the first Linux variant of the RTM locker

Protect From Cyberattacks With These 6 Steps For Cyber Resilience

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Western Digital took its services offline due to a security breach

Stay Connected