Cybercrime, Encryption, Hacking and Information Security

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions.

Cryptocurrency

Cryptocurrency Cybercrime Education Scams

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware. The HelloKitty gang has been active since January 2021.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Kroll researchers reported that the ransomware strain outstands for the use of encryption to protect the ransomware binary. Cactus uses the Rclone tool for data exfiltration and used a PowerShell script called TotalExec, which was used in the past by BlackBasta ransomware operators, to automate the deployment of the encryption process.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. ” continue the experts.

Encryption

Encryption Cybercrime Hacking Malware

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Hacking

Hacking Encryption Ransomware Insurance

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption

Encryption Cryptocurrency Cybercrime Advertising

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. Pierluigi Paganini.

Encryption

Encryption Ransomware VPN Malware

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption

Encryption Ransomware Malware Healthcare

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Accountability Authentication

REvil ransomware gang hacked gaming firm Gaming Partners International

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. SecurityAffairs – hacking, Gaming Partners International (GPI)).

Hacking

Hacking Ransomware Advertising Encryption

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption

Encryption Ransomware Malware Backups

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The hack of the FTA server took place in March, but the hacker had access to the data of Morgan Stanley customers in May. ” reads the letter.

Data breaches

Data breaches Hacking Banking Financial Services

Expert warns of Turtle macOS ransomware

Security Affairs

DECEMBER 1, 2023

The Turtle ransomware reads files into memory, encrypt them with AES (in CTR mode), rename the files, then overwrites the original contents of the files with the encrypted data. The malware adds the extension “ TURTLERANSv0 ” to the filenames of encrypted files. The binary also lacks of obfuscation. concludes the analysis.

Ransomware

Ransomware Encryption Malware Cybercrime

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Some info stealers may use encryption techniques to hide their communication with command-and-control servers, making it more challenging for security systems to detect malicious activities. Bank logs : These are sets of data containing sensitive information about a bank account.

Banking

Banking Cybercrime Malware Accountability

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. “Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. . ” continues the notice.

Backups

Backups Encryption Data breaches Passwords

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. SecurityAffairs – hacking, SOVA Android banking malware).

Encryption

Encryption Malware Banking Ransomware

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs.

Hacking

Hacking Firmware Encryption Manufacturing

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

Asian media firm E27 suffered a security breach and hackers asked for a “donation” to provide information on the flaws they exploited in the attack. If you use the legacy email and password login, your passwords are encrypted, but we highly encourage that you change it. SecurityAffairs – hacking, E27).

Media

Media Hacking Passwords Data breaches

Energy giant Shell discloses data breach caused by Accellion FTA hack

Security Affairs

MARCH 23, 2021

.” Since the disclosure of the vulnerabilities in Accellion FTA multiple cybercrime groups targeted organizations worldwide. In February, security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11.

Data breaches

Data breaches Hacking Cybercrime Cyber Attacks

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The ransomware encrypts files on the targeted systems using the “ cuba” extension. The FBI discourages paying the ransom because there is no guarantee to recover the encrypted files. SecurityAffairs – hacking, ransomware). Cuba ransomware has been active since at least January 2020. Pierluigi Paganini.

Ransomware

Ransomware Hacking Malware Encryption

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Security Affairs

JANUARY 8, 2024

“According to this and other leaked documents, the Department of Defence purchased technology for the Air Force’s encrypted communications. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Swiss Air Force) ” reported the SwissInfo website.

Hacking

Hacking Data breaches Ransomware Manufacturing

US DoJ indicted the CEO of Sky Global encrypted chat platform

Security Affairs

MARCH 15, 2021

The CEO of the encrypted communications firm Sky Global has been indicted in the US on charges of facilitating international drug trafficking. The head of the Canada-based company Sky Global that provides encrypted communications, Jean-Francois Eap, has been indicted in the US on charges of facilitating international drug trafficking.

Encryption

Encryption Cybercrime Software Hacking

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Security Affairs

FEBRUARY 23, 2021

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11.

Cybercrime

Cybercrime Software Ransomware Cyber Attacks

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Phorpiex botnet) com,” and “Jenny[@]gsd[.]com.”

Phishing

Phishing Ransomware Security Awareness Authentication

A database containing data of +8.9 million Zacks users was leaked online

Security Affairs

JUNE 13, 2023

A database containing the personal information of more than 8.9 million Zacks Investment Research users was leaked on a cybercrime forum. A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. ” reported HIBP.

Data breaches

Data breaches Passwords Cybercrime Encryption

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. SecurityAffairs – hacking, GravityRAT). Pierluigi Paganini.

Encryption

Encryption Malware Media Authentication

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware

Ransomware Encryption Antivirus VPN

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. SecurityAffairs – hacking, Macaw Locker).

Ransomware

Ransomware Cybercrime Banking Encryption

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The Raccoon stealer is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. SecurityAffairs – hacking, malware).

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

10 Mobile Encryption Apps for Digital Privacy Protection

Spinone

DECEMBER 24, 2018

Cyber hacking is a billion-dollar industry and will only get larger. According to Juniper Research , cybercrime is estimated to become a $2.1 This is why you need to install one of the below encrypted messaging apps and encrypted calling apps. Signal This is an end-to-end encrypted voice calling iPhone encryption app.

Encryption

Encryption Mobile Computers and Electronics Government

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

Datacenter Proxies: Choosing the Right Option CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog Canada Gov plans to ban the Flipper Zero to curb car thefts ExpressVPN leaked DNS requests due to a bug in the split tunneling feature 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data US (..)

Cybercrime

Cybercrime Ransomware Malware Data breaches

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

“Ransomware is malicious software designed to encrypt data on victim computers, allowing bad actors the ability to demand a ransom payment in exchange for the decryption key.” victims, and we are disrupting the broader cybercrime ecosystem.” ” reads the press release published by DoJ.

Ransomware

Ransomware Cryptocurrency Cybercrime Encryption

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

As such, the data the ransomware is able to encrypt is limited to files owned by the confluence user. It will of course succeed in encrypting the datastore for the Confluence application, which can store important information.” ” continues the report. 0” at startup and “/tmp/log.1”

Ransomware

Ransomware Encryption Malware Accountability

Telegram is becoming the paradise of cyber criminals

Security Affairs

SEPTEMBER 27, 2021

Telegram is becoming an essential platform for cybercriminal activities, crooks use it but and sell any kind of stolen data and hacking tools. Researchers from vpnMentor recently published a report that sheds the light on the use of Telegram in the cybercrime ecosystem. Some channels have 10,000s of followers.”

Cybercrime

Cybercrime Hacking Mobile DDOS

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Hacking Advertising Malware

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches

Data breaches Cybercrime Firewall Artificial Intelligence

Source code for the Babuk is available on a hacking forum

Security Affairs

SEPTEMBER 4, 2021

The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. Metropolitan Police Department, encrypted its files and demanded a $4 million ransom. Pierluigi Paganini.

Hacking

Hacking Ransomware Encryption Cybercrime

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

JANUARY 30, 2021

The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground. The availability of the master decryption key allows the victims to recover their encrypted files for free. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Ransomware

Ransomware Encryption Malware Cybercrime

Ransomware drama: Law enforcement seized Lockbit group’s website again

Security Affairs

MAY 5, 2024

The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. The NCA will reach out to victims based in the UK in the coming days and weeks, providing support to help them recover encrypted data.

Ransomware

Ransomware Cybercrime Cyber Attacks Encryption

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 12, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches VPN Hacking Banking

Cryptocurrencies and cybercrime: A critical intermingling

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Webinars

Trending Sources

Cactus ransomware gang claims the Schneider Electric hack

Webinars

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Black Basta gang claims the hack of the UK water utility Southern Water

New Hive ransomware variant is written in Rust and use improved encryption method

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Trojan Shield, the biggest ever police operation against encrypted communications

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

REvil ransomware gang hacked gaming firm Gaming Partners International

Rorschach ransomware has the fastest file-encrypting routine to date

Morgan Stanley discloses data breach after the hack of a third-party vendor

Expert warns of Turtle macOS ransomware

Info stealers and how to protect against them

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

SOVA Android malware now also encrypts victims’ files

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Asian media firm E27 hacked, attackers asked for a “donation”

Energy giant Shell discloses data breach caused by Accellion FTA hack

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

US DoJ indicted the CEO of Sky Global encrypted chat platform

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

A database containing data of +8.9 million Zacks users was leaked online

GravityRAT returns disguised as an end-to-end encrypted chat app

Akira ransomware received $42M in ransom payments from over 250 victims

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Raccoon Malware, a success case in the cybercrime ecosystem

10 Mobile Encryption Apps for Digital Privacy Protection

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukrainian REvil gang member sentenced to 13 years in prison

Linux variant of Cerber ransomware targets Atlassian servers

Telegram is becoming the paradise of cyber criminals

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Source code for the Babuk is available on a hacking forum

Victims of FonixCrypter ransomware could decrypt their files for free

Ransomware drama: Law enforcement seized Lockbit group’s website again

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected