Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime 87

Cybercrime Malware Hacking Accountability 87

Security Affairs

MAY 15, 2023

Once encrypted the victims files RA Group, the gang drops customized ransom notes (“How To Restore Your Files.txt.”), which include the victim’s name and a unique link to download the exfiltration proofs. The ransomware supports intermittent encryption to speed up the encryption process. ” continues the report.

Ransomware 82

Ransomware Encryption Cybercrime Insurance 82

Security Affairs

APRIL 27, 2023

The encryptor uses a combination of ECDH on Curve25519 (asymmetric encryption) and Chacha20 (symmetric encryption) to encrypt files. The researchers discovered that the samples contain a self-delete mechanism which is invoked once the victim’s device is encrypted. ” reads the analysis published by Uptycs.

Encryption 84

Encryption Ransomware Malware Education 84

Security Affairs

APRIL 9, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Computers and Electronics 79

Computers and Electronics Backups Cybercrime Marketing 79

Security Affairs

JUNE 12, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 111

Ransomware DNS Cybercrime Hacking 111

Security Affairs

APRIL 16, 2023

One of the encryptors developed by Lockbit, named ‘locker_Apple_M1_64’, can encrypt files of Mac systems running on the Apple silicon M1. The thesis is supported also by the presence in the encryptor of a list of sixty-five Windows file extensions and filenames that will be excluded from encryption.

Encryption 96

Encryption Architecture Ransomware Education 96

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. It’s just some kind of sabotage.”

Ransomware 276

Ransomware Healthcare Cybercrime Government 276

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches 86

Data breaches Cybercrime Ransomware Passwords 86

Security Affairs

APRIL 20, 2023

Trigona is written in Delphi language, it encrypts files without distinguishing their extensions and appends the “._locked” _locked” extension to the filename of encrypted files. The svchost.bat also deletes volume shadow copies and disables the system recovery feature to prevent victims from recovering the encrypted files.

Ransomware 81

Ransomware Malware Encryption Hacking 81

Security Affairs

JULY 20, 2022

The encryption scheme is unusual because it combines x25519 and AES. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of VMWare ESXi servers. Starting Windows system in safe mode allows Black Basta to bypass detection from multiple endpoint security solutions.

Ransomware 130

Ransomware Encryption Malware Advertising 130

Security Affairs

APRIL 19, 2022

Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for free. Researchers from Kaspersky discovered a vulnerability in the encryption process of the Yanluowang ransomware that can be exploited to recover the files encrypted by the malware without paying the ransom.

Ransomware 85

Ransomware Encryption DDOS Malware 85

Security Affairs

MAY 4, 2023

FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.”

Ransomware 91

Ransomware Healthcare Education Encryption 91

CyberSecurity Insiders

APRIL 7, 2023

Rorschach Ransomware: One of the Fastest and Most Sophisticated Strains Yet Cybersecurity researchers have found a new ransomware strain called Rorschach that is extraordinarily sophisticated and faster at encrypting data than any other documented strain.

Encryption 52

Encryption Ransomware Marketing Cybercrime 52

The Last Watchdog

OCTOBER 24, 2022

. • Create security awareness for employees. One of the most important ways to protect against data breaches is to increase employee security awareness. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. Use a corporate VPN.

Passwords 214

Passwords Security Awareness Data breaches Cybersecurity 214

Security Affairs

MAY 4, 2022

The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption. “Conti looks for and executes DLLs in its current directory. . Pierluigi Paganini.

Ransomware 100

Ransomware Antivirus Malware Encryption 100

Security Affairs

APRIL 19, 2022

The SolarMarker backdoor communicates with the C2 server through the encrypted channel. The malware used HTTP POST requests and encrypts data using RSA encryption with Advanced Encryption Standard (AES) symmetric encryption. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

Encryption 85

Encryption Malware Engineering Passwords 85

Security Affairs

JUNE 16, 2022

The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December.

Ransomware 98

Ransomware Cybercrime Malware Advertising 98

Security Affairs

JUNE 12, 2022

Below is data shared by ID-Ransomware creator Michael Gillespie ( @demonslay335 ) with BleepingComputert that shows submissions of CerberImposter including encrypted Confluence configuration files. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Ransomware 125

Ransomware Encryption Malware Hacking 125

Security Affairs

MAY 13, 2023

After gaining access to SMB shares, threat actors encrypt all files and leave a ransom note demanding payment in exchange for the decryption key. Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README”

Ransomware 89

Ransomware Encryption Passwords Internet 89

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches 87

Data breaches DDOS Artificial Intelligence Ransomware 87

Security Affairs

APRIL 28, 2022

It is used by multiple cybercrime threat actors.” Proofpoint reported significant changes to Bumblebee functionality in the latest version of the loader employed in the April campaigns, such as the support for multiple C2s and the addition of an encryption layer to the network communications. To nominate, please visit:?

Malware 79

Malware Cybercrime Encryption Hacking 79

Security Affairs

MAY 17, 2023

From Russia and hiding behind multiple aliases, Matveev is alleged to have used these ransomware strains to encrypt and hold hostage for ransom the data of numerous victims, including hospitals, schools, nonprofits, and law enforcement agencies, like the Metropolitan Police Department in Washington, D.C.,”

Ransomware 74

Ransomware Healthcare Cybercrime Encryption 74

Malwarebytes

MAY 28, 2021

In this blog, we’ll home in on Conti, the strain identified by some as the successor, cousin or relative of Ryuk ransomware , due to similarities in code use and distribution tactics. The files are then held for ransom and the victim is threatened by data loss, because of the encryption, and leaking of the exfiltrated data.

Healthcare 109

Healthcare Ransomware Encryption Passwords 109

Security Affairs

DECEMBER 10, 2022

The ransomware encrypts the network shares, that are found on the local network and the local drives, with the AES algorithm. The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. The malware changes the extension of the encrypted files to ‘.royal’.

Healthcare 87

Healthcare Ransomware Encryption Malware 87

Security Affairs

APRIL 3, 2023

“Like most Mirai variants, it has an encrypted data section with a botnet configuration.” . “The script file to further download Moobot is shown below. It executes the Moobot with the parameter realtek.<Filename>.” <Filename>.” ” reads the report published by FortiGuard Labs.

DDOS 81

DDOS Malware Hacking Education 81

Security Affairs

MAY 9, 2023

The new ransomware strain outstands for the use of encryption to protect the ransomware binary. CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer. We are in the final!

Ransomware 73

Ransomware VPN Antivirus Encryption 73

Security Affairs

APRIL 14, 2023

The researchers discovered that the samples contain a self-delete mechanism which is invoked once the victim’s device is encrypted. antivirus products), deleting shadow copies, and finally encrypting the files on the targeted systems. The group threatens to ban every affiliate who does leak samples. reads the screenshot.

Encryption 66

Encryption Antivirus Malware Education 66

Security Affairs

JULY 11, 2022

0mega extension to the encrypted file’s names and creates for each victim a customized ransom note named DECRYPT-FILES.txt. The researchers Andrew Ivanov, who worked with Lawrence Abrams, published a blog post that includes details about the ransomware. Victims of the ransomware reported that the malware adds the .0mega

Ransomware 103

Ransomware Encryption Malware Hacking 103

Security Affairs

MAY 2, 2022

The expert noticed that the sample does not encrypt files, it only adds a random extension to the victim’s files. Funny thing… it does not encrypt files; only adds a random extension 42 BTC [link] pic.twitter.com/A8p5SLjcZr — Jakub Kroustek (@JakubKroustek) April 29, 2022. To nominate, please visit:?

Ransomware 84

Ransomware Encryption Cryptocurrency Malware 84

Security Affairs

MAY 4, 2023

The Chrome browser encrypts the user’s information before storing it, the encrypted_key is stored in the “Local State” file and Base64 encoded. This sample is around 46 MB in size, but experts discovered files with a size between 46 and 51 MB. NodeStealer maintains persistence using the auto-launch module on Node.js.

Malware 91

Malware Accountability Advertising Education 91

BH Consulting

JUNE 20, 2023

Consequently, the need to know and understand information security at this level is an increasing requirement for privacy professionals. The idea of this series is to present some of the key concepts and frameworks in information security and highlight areas of intersection with privacy and data protection.

Cybersecurity 52

Cybersecurity Information Security VPN Authentication 52

Security Affairs

JUNE 29, 2020

million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1. While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible,” reads a statement published by the UCSF.

Ransomware 124

Ransomware Encryption Advertising Malware 124

SC Magazine

MARCH 5, 2021

A developer published via GitHub a proof-of-concept (POC) ransomware program featuring strong compatibility with the post-exploitation tool Cobalt Strike, open-source coding, and extensionless encryption. Another interesting feature: the ransomware doesn’t append extensions to the files it encrypts.

Education 82

Education Ransomware Malware Cybercrime 82

Security Affairs

FEBRUARY 25, 2024

The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. The NCA will reach out to victims based in the UK in the coming days and weeks, providing support to help them recover encrypted data.

Government 111

Government Hacking Cryptocurrency Penetration Testing 111

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Dave Kennedy | @hackingdave.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Affairs

MAY 7, 2022

The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. Last stagers use two communication mechanisms, over HTTP with RC4 encryption and unencrypted with named pipes. ” reads the analysis published by Kaspersky researcher Denis Legezo.

Malware 84

Malware Encryption Hacking Cybersecurity 84

Security Affairs

MAY 7, 2023

Despite the FBI and law enforcement bodies always recommend not paying ransom in these attacks, in this case, the department opted to pay likely because they had no other way to recover the encrypted systems or to avoid the disclosure of sensitive data. “If ransom appeared first on Security Affairs.

Ransomware 95

Ransomware Insurance Cryptocurrency Encryption 95