Security Affairs

APRIL 26, 2022

The Stormous ransomware gang claims to have hacked the multinational beverage corporation Coca-Cola Company. The Stormous ransomware gang announced with a post on its leak site to have hacked the multinational beverage corporation Coca-Cola Company. we hacked some of their servers and went over (161G) !

Hacking 94

Hacking Ransomware Cybercrime Cybersecurity 94

Krebs on Security

JUNE 14, 2022

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web.

Ransomware 258

Ransomware Internet Internet Cybercrime 258

Security Affairs

APRIL 6, 2023

Ransomware gang Money Message claims to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). MSI is headquartered in Taipei, Taiwan.

Hacking 79

Hacking Ransomware Manufacturing Education 79

Heimadal Security

MAY 17, 2021

After the XSS Russian-speaking hacking forum announced last week it had completely banned ransomware sales, ransomware rental, and ransomware affiliate programs on their platform, it’s now Exploit’s turn to make the same decision. Source Exploit stated that the […].

Cybercrime 56

Cybercrime Ransomware Advertising Hacking 56

Heimadal Security

NOVEMBER 9, 2021

The REvil/Sodinokibi ransomware (AKA Sodin) is a great example of Ransomware-as-a-Service, a type of cybercrime where two parties collaborate on the hack: the code writers who create the ransomware, and the affiliates who distribute it and collect the payment. malicious software owner and/or creator) […].

Ransomware 110

Ransomware Architecture Cybercrime Software 110

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. SecurityAffairs – hacking, FBI). To nominate, please visit:?.

Cybercrime 132

Cybercrime Education Accountability Phishing 132

Krebs on Security

MAY 31, 2022

Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti.

Ransomware 267

Ransomware Government Hacking Media 267

Security Affairs

JUNE 7, 2022

Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. SecurityAffairs – hacking, Evil Corp).

Ransomware 131

Ransomware Cybercrime Malware Hacking 131

Security Affairs

MAY 8, 2022

Conti Ransomware gang claims to have hacked the Peru MOF – Dirección General de Inteligencia (DIGIMIN) and stolen 9.41 The Conti ransomware gang added the Peru MOF – Dirección General de Inteligencia (DIGIMIN) to the list of its victims on its Tor leak site. The ransomware gang claimed to have stolen 9.41

Ransomware 90

Ransomware Hacking Risk Cybersecurity 90

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. I am tracking it over the past few weeks. in, and Xss[.]is,

Hacking 104

Hacking Cybercrime Ransomware Antivirus 104

Security Affairs

JULY 1, 2020

Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. Blog Link) [link] — Cyble (@AuCyble) June 30, 2020.

Ransomware 101

Ransomware Hacking Encryption Banking 101

Security Affairs

MAY 31, 2022

Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. The experts warn of ransomware attacks against government organizations. They observed a total of 48 government organizations from 21 countries that were hit by 13 ransomware attacks in 2022.

Government 139

Government Ransomware Cybercrime Banking 139

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. Pierluigi Paganini.

Ransomware 134

Ransomware Encryption Malware Cybercrime 134

Security Affairs

APRIL 24, 2023

. “While the ultimate goal of the current activity leveraging PaperCut’s software is unknown, these links (albeit somewhat circumstantial) to a known ransomware entity are concerning. ” concludes the report published by Huntress.

Cybercrime 76

Cybercrime Software Education Ransomware 76

Security Affairs

NOVEMBER 1, 2022

Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. KELA identified around 600 victims by analyzing ransomware actors’ blogs and negotiation portals, data leak sites and public reports. SecurityAffairs – hacking, cybercrime).

Ransomware 95

Ransomware Cybercrime Hacking Information Security 95

Krebs on Security

DECEMBER 16, 2019

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. The message displayed at the top of the Maze Ransomware public shaming site. Follow the news!”

Ransomware 224

Ransomware Data breaches Healthcare Cybercrime 224

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. It continues: “Prior to deploying the ransomware, Snatch threat actors were observed spending up to three months on a victim’s system.

Ransomware 224

Ransomware Accountability Cybercrime Backups 224

Security Affairs

SEPTEMBER 12, 2021

Recently we observed that part of the REvil ransomware infrastructure was up and running again, now we can confirm that they hit new victims. On September 7, the servers of the REvil ransomware gang were back online after around two months since their shutdown. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Ransomware 115

Ransomware Cybercrime Media Hacking 115

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware).

Ransomware 94

Ransomware Cybercrime Malware Hacking 94

Security Affairs

APRIL 20, 2023

Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware. Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. _locked” extension to the filename of encrypted files.

Ransomware 85

Ransomware Malware Encryption Hacking 85

Krebs on Security

JANUARY 24, 2023

First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device. Kloster’s blog enthused. “We A copy of the passport for Denis Emelyantsev, a.k.a.

Cybercrime 226

Cybercrime Advertising IoT Malware 226

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. This week the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). MSI is headquartered in Taipei, Taiwan.

Ransomware 88

Ransomware Firmware Hacking Manufacturing 88

Security Affairs

APRIL 23, 2023

Non-profit health insurer Point32Health suffered a ransomware attack and has taken systems offline in response to the incident. Non-profit health insurer Point32Health has taken systems offline in response to a ransomware attack that took place on April 17.

Insurance 81

Insurance Ransomware Education Accountability 81

Security Affairs

MAY 15, 2023

DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023.

Ransomware 79

Ransomware Cybercrime Cybersecurity Hacking 79

Security Affairs

JANUARY 9, 2023

The cybersecurity blog inSicurezzaDigitale has launched the Italian Dashboard Ransomware Monitor to analyze the principal RaaSs’ activities. Here it comes, inSicurezzaDigitale announced the Dashboard Ransomware Monitor, it is the second project after the recent presentation of the project Mastodon. Pierluigi Paganini.

Ransomware 90

Ransomware Data collection Hacking Cybersecurity 90

Security Affairs

MAY 17, 2022

Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling the Thanos ransomware. Thanos ransomware (a.k.a.

Ransomware 89

Ransomware Cybercrime VPN Malware 89

Security Affairs

JUNE 1, 2023

The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI. The cybersecurity researcher Dominic Alvieri first noticed that the BlackCat ransomware gang added the company Casepoint to the list of victims on its Tor Dark Web site.

Technology 82

Technology Hacking Ransomware Manufacturing 82

Security Affairs

JUNE 16, 2022

The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide.

Ransomware 103

Ransomware Cybercrime Malware Advertising 103

Security Affairs

APRIL 25, 2022

At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November.

Ransomware 106

Ransomware Antivirus Passwords Malware 106

Security Affairs

JUNE 16, 2022

ALPHV/BlackCat ransomware group began publishing victims’ data on the clear web to increase the pressure on them and force them to pay the ransom. ALPHV/BlackCat ransomware group has adopted a new strategy to force victims into paying the ransom, the gang began publishing victims’ data on the clear web to increase the pressure.

Ransomware 84

Ransomware Cybercrime Malware Advertising 84

Security Affairs

JUNE 7, 2022

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. SecurityAffairs – hacking, Black Basta ransomware).

Ransomware 141

Ransomware Backups Malware Firewall 141

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 128

Ransomware Encryption Malware Hacking 128

Security Affairs

APRIL 27, 2023

Microsoft revealed that recent attacks against PaperCut servers aimed at distributing Cl0p and LockBit ransomware. The group is known to be an affiliate of the Clop ransomware RaaS affiliate, it has been linked to GoAnywhere attacks and Raspberry Robin infection. The group used the file-sharing app MegaSync for data exfiltration.

Ransomware 85

Ransomware Education Media Malware 85

Heimadal Security

JUNE 3, 2022

Industrial Spy ransomware gang has devised a new extortion strategy: it compromises corporate websites in order to publicly display ransom notifications. The new technique is being employed by Industrial Spy, which is a data extortion organization that recently started using ransomware as part of its attacks.

Cybercrime 105

Cybercrime Ransomware Hacking Cybersecurity 105

Security Affairs

MAY 12, 2023

The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021.

Ransomware 96

Ransomware Encryption Hacking Cybersecurity 96

Security Affairs

APRIL 27, 2022

Conti ransomware gang continues to target organizations worldwide despite the massive data leak has shed light on its operations. Researchers from Secureworks state that the Conti ransomware gang, tracked as a Russia-based threat actor Gold Ulrick, continues to operate despite the recent data leak on its internal activities.

Ransomware 80

Ransomware Cybercrime Hacking Cybersecurity 80

Krebs on Security

FEBRUARY 29, 2024

The ransomware group LockBit told officials with Fulton County, Ga. ’s National Crime Agency (NCA) took over LockBit’s online infrastructure , replacing the group’s homepage with a seizure notice and links to LockBit ransomware decryption tools. But on Feb. 19, investigators with the FBI and the U.K.’s

Ransomware 267

Ransomware Healthcare Cybercrime Hacking 267