Cybercrime, Encryption, Information and Information Security

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions.

Cryptocurrency

Cryptocurrency Cybercrime Education Scams

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware. The HelloKitty gang has been active since January 2021.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption

Encryption Cryptocurrency Cybercrime Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network. This data may include usernames, passwords, credit card numbers, social security numbers, and other sensitive information.

Banking

Banking Cybercrime Malware Accountability

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Accountability Authentication

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. ” continue the experts.

Encryption

Encryption Cybercrime Hacking Malware

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. “Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. . ” continues the notice.

Backups

Backups Encryption Data breaches Passwords

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption

Encryption Malware Banking Ransomware

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server.

Encryption

Encryption Malware Cryptocurrency Software

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. Pierluigi Paganini.

Encryption

Encryption Ransomware VPN Malware

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption

Encryption Ransomware Malware Healthcare

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption

Encryption Ransomware Malware Backups

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Security Affairs

FEBRUARY 23, 2021

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11.

Cybercrime

Cybercrime Software Ransomware Cyber Attacks

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Gets connected network information. Record audio.

Encryption

Encryption Malware Media Authentication

Ransomware drama: Law enforcement seized Lockbit group’s website again

Security Affairs

MAY 5, 2024

The NCA also obtained the source code of the LockBit platform and a huge trove of information on the group’s operation, including information on affiliates and supporters. The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free.

Ransomware

Ransomware Cybercrime Cyber Attacks Encryption

US DoJ indicted the CEO of Sky Global encrypted chat platform

Security Affairs

MARCH 15, 2021

The CEO of the encrypted communications firm Sky Global has been indicted in the US on charges of facilitating international drug trafficking. The head of the Canada-based company Sky Global that provides encrypted communications, Jean-Francois Eap, has been indicted in the US on charges of facilitating international drug trafficking.

Encryption

Encryption Cybercrime Software Hacking

Expert warns of Turtle macOS ransomware

Security Affairs

DECEMBER 1, 2023

The Turtle ransomware reads files into memory, encrypt them with AES (in CTR mode), rename the files, then overwrites the original contents of the files with the encrypted data. The malware adds the extension “ TURTLERANSv0 ” to the filenames of encrypted files. The binary also lacks of obfuscation.

Ransomware

Ransomware Encryption Malware Cybercrime

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

The United Nations on Friday have approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. The United Nations on Friday has approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. It will only serve to stifle global efforts to combat cybercrime.”

Cybercrime

Cybercrime Surveillance Spyware Government

A database containing data of +8.9 million Zacks users was leaked online

Security Affairs

JUNE 13, 2023

A database containing the personal information of more than 8.9 million Zacks Investment Research users was leaked on a cybercrime forum. A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023.

Data breaches

Data breaches Passwords Cybercrime Encryption

Defending Against the Threats to Our Security

SecureWorld News

JULY 3, 2023

According to PurpleSec, 98% of cybercrime relies on social engineering to accomplish it. Ransomware is malware that encrypts the victim's data and demands a ransom for its decryption. Cybercrime is a highly profitable business. According to Cybersecurity Ventures, cybercrime will cost the world $10.5 million by 2022.

Cybercrime

Cybercrime Social Engineering Data breaches Education

Cyclops Ransomware group offers a multiplatform Info Stealer

Security Affairs

JUNE 6, 2023

Researchers from security firm Uptycs reported that threat actors linked to the Cyclops ransomware are offering a Go-based information stealer. In an unprecedented move, the group is also offering a separate information-stealer malware that can be used to steal sensitive data from infected systems. ” reads the report.

Ransomware

Ransomware Encryption Cybercrime Malware

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

As such, the data the ransomware is able to encrypt is limited to files owned by the confluence user. It will of course succeed in encrypting the datastore for the Confluence application, which can store important information.” ” continues the report. 0” at startup and “/tmp/log.1”

Ransomware

Ransomware Encryption Malware Accountability

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

Datacenter Proxies: Choosing the Right Option CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog Canada Gov plans to ban the Flipper Zero to curb car thefts ExpressVPN leaked DNS requests due to a bug in the split tunneling feature 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data US (..)

Cybercrime

Cybercrime Ransomware Malware Data breaches

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

“In addition, the attacker panel has been improved, some UI issues were fixed and the authors added an option to encrypt the builds right from the panel and downloaded it as a DLL.” The post Raccoon Malware, a success case in the cybercrime ecosystem appeared first on Security Affairs. ” concludes CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it. Earlier versions of the ransomware were written in C++ and the malware added the.akira extension to the encrypted files. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Antivirus VPN

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches

Data breaches VPN Hacking Banking

10 Mobile Encryption Apps for Digital Privacy Protection

Spinone

DECEMBER 24, 2018

According to Juniper Research , cybercrime is estimated to become a $2.1 Based on the “Key findings from the Global State of Information Security® Survey 2017” by PricewaterhouseCoopers , over 28 percent of respondents have become the victims of mobile hacking. Moreover, it supports TOR encryption over XMPP.

Encryption

Encryption Mobile Computers and Electronics Government

Researchers released a free decryptor for the Key Group ransomware

Security Affairs

SEPTEMBER 1, 2023

The group is a low-sophisticated threat actor that focuses on financial gain by selling Personal Identifying Information (PII) or initial access to compromised devices and obtaining ransom money. “Key Group ransomware uses a base64 encoded static key N0dQM0I1JCM= to encrypt victims’ data.

Ransomware

Ransomware Encryption Backups Malware

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet. The new variant, dubbed “Twizt,” could operate without active C2 servers in peer-to-peer mode.

Phishing

Phishing Ransomware Security Awareness Authentication

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. SocksEscort[.]com SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

JANUARY 23, 2024

The gang published some screenshots as proof of the attack, including passports, ID cards, and personal information of some employees. In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Hacking

Hacking Encryption Ransomware Insurance

Data leak exposes users of car-sharing service Blink Mobility

Security Affairs

DECEMBER 21, 2023

The database included the personally identifiable information of Blink Mobility customers and administrators, including: Phone number Email address Encrypted password Registration date Device info and device token Details on subscription and rented vehicles (license plate, VIN, booking start and end location, etc.)

Mobile

Mobile Identity Theft Passwords Phishing

A ransomware attack took 100 Romanian hospitals down

Security Affairs

FEBRUARY 13, 2024

Authorities in Romania confirmed that a ransomware attack that targeted the Hipocrate Information System (HIS) has disrupted operations for at least 100 hospitals. Hipocrate Information System (HIS) is a software suite designed to manage the medical and administrative activities of hospitals and other healthcare institutions.

Ransomware

Ransomware Backups Encryption Healthcare

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. Most of the attacks targeted non-standard ports and experts observed a spike in the number of encrypted malware. million encrypted malware attacks, +27% over the previous year. .”

IoT

IoT Encryption Malware Advertising

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Security Affairs

MARCH 3, 2024

The Bifrost RAT has been active since 2004, it allows its operators to gather sensitive information, including hostname and IP address. By leveraging this deceptive domain, the threat actors behind Bifrost aim to bypass security measures, evade detection, and ultimately compromise targeted systems.”

DNS

DNS Malware Encryption Hacking

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. In 2019, the U.S.

Ransomware

Ransomware Cybercrime Banking Encryption

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches

Data breaches Cybercrime Firewall Artificial Intelligence

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

Security Affairs

DECEMBER 28, 2023

The ransomware gang hit the KHO on Christmas Eve and gained access to specifically encrypted data, the organization revealed in a statement published on its website. “Unknown persons gained access to the hospitals’ IT infrastructure systems and specifically encrypted data. Our security work is in full swing.

Ransomware

Ransomware Encryption Cyber Attacks Hacking

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

Guidehouse provides account maintenance services to Morgan Stanley’s StockPlan Connect business, hackers breached its Accellion FTA server and stole information belonging to Morgan Stanley stock plan participants. “The incident involves files which were in Guidehouse’s possession, including encrypted files from Morgan Stanley.”

Data breaches

Data breaches Hacking Banking Financial Services

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

“Ransomware is malicious software designed to encrypt data on victim computers, allowing bad actors the ability to demand a ransom payment in exchange for the decryption key.” victims, and we are disrupting the broader cybercrime ecosystem.” ” reads the press release published by DoJ.

Ransomware

Ransomware Cryptocurrency Cybercrime Encryption

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. ” GAP #1. It’s just some kind of sabotage.”

Ransomware

Ransomware Healthcare Cybercrime Government

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ” continues the report. . Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Scams

Cryptocurrencies and cybercrime: A critical intermingling

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Webinars

Trending Sources

Trojan Shield, the biggest ever police operation against encrypted communications

Webinars

Info stealers and how to protect against them

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

New Hive ransomware variant is written in Rust and use improved encryption method

TeamTNT is back and targets servers to run Bitcoin encryption solvers

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

SOVA Android malware now also encrypts victims’ files

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Rorschach ransomware has the fastest file-encrypting routine to date

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

GravityRAT returns disguised as an end-to-end encrypted chat app

Ransomware drama: Law enforcement seized Lockbit group’s website again

US DoJ indicted the CEO of Sky Global encrypted chat platform

Expert warns of Turtle macOS ransomware

UN approves Russia-Cina sponsored resolution on new cybercrime convention

A database containing data of +8.9 million Zacks users was leaked online

Defending Against the Threats to Our Security

Cyclops Ransomware group offers a multiplatform Info Stealer

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Raccoon Malware, a success case in the cybercrime ecosystem

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

10 Mobile Encryption Apps for Digital Privacy Protection

Researchers released a free decryptor for the Key Group ransomware

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Who and What is Behind the Malware Proxy Service SocksEscort?

Black Basta gang claims the hack of the UK water utility Southern Water

Data leak exposes users of car-sharing service Blink Mobility

A ransomware attack took 100 Romanian hospitals down

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

Morgan Stanley discloses data breach after the hack of a third-party vendor

Ukrainian REvil gang member sentenced to 13 years in prison

Conti Ransomware Group Diaries, Part I: Evasion

DeathRansom ransomware evolves encrypting files, but experts identified its author

Stay Connected