Cybercrime, Encryption and Information Security

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions.

Cryptocurrency

Cryptocurrency Cybercrime Education Scams

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware. The HelloKitty gang has been active since January 2021.

Cybercrime

Cybercrime Ransomware DDOS Encryption

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. ” continue the experts.

Encryption

Encryption Cybercrime Hacking Malware

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption

Encryption Cryptocurrency Cybercrime Advertising

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. Pierluigi Paganini.

Encryption

Encryption Ransomware VPN Malware

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption

Encryption Ransomware Malware Healthcare

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Accountability Authentication

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption

Encryption Ransomware Malware Backups

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption

Encryption Malware Banking Ransomware

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. “Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. . ” continues the notice.

Backups

Backups Encryption Data breaches Passwords

US DoJ indicted the CEO of Sky Global encrypted chat platform

Security Affairs

MARCH 15, 2021

The CEO of the encrypted communications firm Sky Global has been indicted in the US on charges of facilitating international drug trafficking. The head of the Canada-based company Sky Global that provides encrypted communications, Jean-Francois Eap, has been indicted in the US on charges of facilitating international drug trafficking.

Encryption

Encryption Cybercrime Software Hacking

Expert warns of Turtle macOS ransomware

Security Affairs

DECEMBER 1, 2023

The Turtle ransomware reads files into memory, encrypt them with AES (in CTR mode), rename the files, then overwrites the original contents of the files with the encrypted data. The malware adds the extension “ TURTLERANSv0 ” to the filenames of encrypted files. The binary also lacks of obfuscation.

Ransomware

Ransomware Encryption Malware Cybercrime

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Security Affairs

FEBRUARY 23, 2021

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11.

Cybercrime

Cybercrime Software Ransomware Cyber Attacks

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Some info stealers may use encryption techniques to hide their communication with command-and-control servers, making it more challenging for security systems to detect malicious activities. Illegal activities : Accessing someone else’s bank account information without authorization is illegal and considered a form of cybercrime.

Banking

Banking Cybercrime Malware Accountability

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

The United Nations on Friday have approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. The United Nations on Friday has approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. It will only serve to stifle global efforts to combat cybercrime.”

Cybercrime

Cybercrime Surveillance Spyware Government

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. ” Follow me on Twitter: @securityaffairs and Facebook.

Encryption

Encryption Malware Media Authentication

10 Mobile Encryption Apps for Digital Privacy Protection

Spinone

DECEMBER 24, 2018

According to Juniper Research , cybercrime is estimated to become a $2.1 Based on the “Key findings from the Global State of Information Security® Survey 2017” by PricewaterhouseCoopers , over 28 percent of respondents have become the victims of mobile hacking. Moreover, it supports TOR encryption over XMPP.

Encryption

Encryption Mobile Computers and Electronics Government

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. Most of the attacks targeted non-standard ports and experts observed a spike in the number of encrypted malware. million encrypted malware attacks, +27% over the previous year. .”

IoT

IoT Encryption Malware Advertising

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

As such, the data the ransomware is able to encrypt is limited to files owned by the confluence user. It will of course succeed in encrypting the datastore for the Confluence application, which can store important information.” ” continues the report. 0” at startup and “/tmp/log.1”

Ransomware

Ransomware Encryption Malware Accountability

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. In 2019, the U.S.

Ransomware

Ransomware Cybercrime Banking Encryption

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

“In addition, the attacker panel has been improved, some UI issues were fixed and the authors added an option to encrypt the builds right from the panel and downloaded it as a DLL.” The post Raccoon Malware, a success case in the cybercrime ecosystem appeared first on Security Affairs. Pierluigi Paganini.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

A database containing data of +8.9 million Zacks users was leaked online

Security Affairs

JUNE 13, 2023

A database containing the personal information of more than 8.9 million Zacks Investment Research users was leaked on a cybercrime forum. A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023.

Data breaches

Data breaches Passwords Cybercrime Encryption

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

OCTOBER 26, 2019

Even though encryption should be taken seriously by businesses of all sizes, only a small fraction of the corporate sector puts their back on it. According to Juniper Research , up to 13% of the cybercrime market thrives because of the small business. Why is Encryption a Feasible Option against Digital Threats? Final Thoughts.

Encryption

Encryption Cyber threats Ransomware Cybercrime

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it. Earlier versions of the ransomware were written in C++ and the malware added the.akira extension to the encrypted files. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Antivirus VPN

Defending Against the Threats to Our Security

SecureWorld News

JULY 3, 2023

According to PurpleSec, 98% of cybercrime relies on social engineering to accomplish it. Ransomware is malware that encrypts the victim's data and demands a ransom for its decryption. Cybercrime is a highly profitable business. According to Cybersecurity Ventures, cybercrime will cost the world $10.5 million by 2022.

Cybercrime

Cybercrime Social Engineering Data breaches Cyber threats

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

Datacenter Proxies: Choosing the Right Option CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog Canada Gov plans to ban the Flipper Zero to curb car thefts ExpressVPN leaked DNS requests due to a bug in the split tunneling feature 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data US (..)

Cybercrime

Cybercrime Ransomware Malware Data breaches

Cyclops Ransomware group offers a multiplatform Info Stealer

Security Affairs

JUNE 6, 2023

The Cyclops group is advertising the ransomware on multiple cybercrime forums, the gang requests a share of profits from those using its malware in financially motivated attacks. “After encryption in both Windows and Linux using the public key, CRC32 and a file marker are appended to the end of the file. .”

Ransomware

Ransomware Encryption Cybercrime Malware

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware

Ransomware Encryption Backups Manufacturing

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

JANUARY 23, 2024

In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor. Depending on the file size, the ransomware encrypts the initial 5000 bytes. continues the researchers.

Hacking

Hacking Encryption Ransomware Insurance

Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang?

Security Affairs

JULY 2, 2021

Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. Researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider , the cybercrime gang behind the TrickBot botnet.

Ransomware

Ransomware Cybercrime Encryption Malware

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Scams

New RA Group ransomware gang is the latest group using leaked Babuk source code

Security Affairs

MAY 15, 2023

Once encrypted the victims files RA Group, the gang drops customized ransom notes (“How To Restore Your Files.txt.”), which include the victim’s name and a unique link to download the exfiltration proofs. The ransomware supports intermittent encryption to speed up the encryption process. ” continues the report.

Ransomware

Ransomware Encryption Cybercrime Insurance

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

JANUARY 30, 2021

The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground. The availability of the master decryption key allows the victims to recover their encrypted files for free. Unfortunately, at the time of writing the RAR archive is not available.

Ransomware

Ransomware Encryption Malware Cybercrime

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. SocksEscort began in 2009 as “ super-socks[.]com com , segate[.]org

Malware

Malware VPN Internet Internet

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot.

Phishing

Phishing Cybercrime Ransomware Encryption

Telegram is becoming the paradise of cyber criminals

Security Affairs

SEPTEMBER 27, 2021

Researchers from vpnMentor recently published a report that sheds the light on the use of Telegram in the cybercrime ecosystem. vpnMentor researchers joined several cybercrime-focused Telegram groups and discovered a vast network of more 1,000s individuals sharing data leaks and dumps and discussing how to exploit them in illegal activities.

Cybercrime

Cybercrime Hacking Mobile DDOS

BlackCat ransomware, a very sophisticated malware written in Rust

Security Affairs

DECEMBER 10, 2021

Another one used to encrypt companies' networks. Unlike other malware, ALPHV (BlackCat) is the first Rust ransomware that was used in attacks in the wild by a cybercrime organization. Filemarker 19 47 B7 4D at EOF and before the encrypted key, which is JSON with some settings. Also look at that UI. Back to '80s?

Ransomware

Ransomware Malware Cybercrime Encryption

HelloKitty ransomware gang also targets victims with DDoS attacks

Security Affairs

NOVEMBER 1, 2021

The HelloKitty ransomware group, like other ransomware gangs, implements a double extortion model, stealing sensitive documents from victims before encrypting them. SecurityAffairs – hacking, cybercrime). The post HelloKitty ransomware gang also targets victims with DDoS attacks appeared first on Security Affairs.

DDOS

DDOS Ransomware Cybercrime Encryption

BlackMatter ransomware group claims to be Darkside and REvil succesor

Security Affairs

JULY 28, 2021

Lile other ransomware operations, BlackMatter also set up its leak site where it will publish data exfiltrated from the victims before encrypting their system. “The group boasted about having the ability to encrypt different operating system versions and architectures. ” reported The Record.

Ransomware

Ransomware Architecture Healthcare Encryption

Emsisoft releases free decryptor for the victims of the Diavol ransomware

Security Affairs

MARCH 19, 2022

In July, researchers from Fortinet first spotted the new ransomware family, tracked as Diavol, and speculated it might have been developed by Wizard Spider , the cybercrime gang behind the TrickBot botnet. The TrickBot Gang is also behind the development of the BazarBackdoor and Anchor backdoors. ” reads the guide for the decryptor.

Ransomware

Ransomware Encryption Banking Malware

Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

Hot for Security

APRIL 19, 2021

Notorious FIN7 gang stole payment card details from retailers around the world Cybercrime gang posed as penetration testing firm to recruit hackers. A key member of the FIN7 cybercrime gang – which is said to have caused over one billion dollars worth of damage around the world – has been sentenced to 10 years in jail.

Penetration Testing

Penetration Testing Retail Social Engineering Cybersecurity

Cryptocurrencies and cybercrime: A critical intermingling

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Trending Sources

New Hive ransomware variant is written in Rust and use improved encryption method

TeamTNT is back and targets servers to run Bitcoin encryption solvers

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Trojan Shield, the biggest ever police operation against encrypted communications

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Rorschach ransomware has the fastest file-encrypting routine to date

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

SOVA Android malware now also encrypts victims’ files

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

US DoJ indicted the CEO of Sky Global encrypted chat platform

Expert warns of Turtle macOS ransomware

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Info stealers and how to protect against them

UN approves Russia-Cina sponsored resolution on new cybercrime convention

GravityRAT returns disguised as an end-to-end encrypted chat app

10 Mobile Encryption Apps for Digital Privacy Protection

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Linux variant of Cerber ransomware targets Atlassian servers

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Raccoon Malware, a success case in the cybercrime ecosystem

A database containing data of +8.9 million Zacks users was leaked online

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Akira ransomware received $42M in ransom payments from over 250 victims

Defending Against the Threats to Our Security

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Cyclops Ransomware group offers a multiplatform Info Stealer

8Base ransomware operators use a new variant of the Phobos ransomware

Black Basta gang claims the hack of the UK water utility Southern Water

Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang?

DeathRansom ransomware evolves encrypting files, but experts identified its author

New RA Group ransomware gang is the latest group using leaked Babuk source code

Victims of FonixCrypter ransomware could decrypt their files for free

Who and What is Behind the Malware Proxy Service SocksEscort?

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Telegram is becoming the paradise of cyber criminals

BlackCat ransomware, a very sophisticated malware written in Rust

HelloKitty ransomware gang also targets victims with DDoS attacks

BlackMatter ransomware group claims to be Darkside and REvil succesor

Emsisoft releases free decryptor for the victims of the Diavol ransomware

Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

Stay Connected