Malwarebytes

FEBRUARY 6, 2024

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world.

Ransomware 109

Ransomware Cybercrime Malware Social Engineering 109

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. ” Image: Chainalysis.

Ransomware 274

Ransomware Cybercrime Antivirus Encryption 274

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines.

Encryption 97

Encryption Ransomware Malware Healthcare 97

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . key files.

Encryption 118

Encryption Ransomware Cybercrime Malware 118

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware 108

Ransomware Encryption Antivirus VPN 108

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 127

Ransomware Encryption Backups Manufacturing 127

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The experts pointed out that the Rorschach ransomware appears to be unique. The experts pointed out that the Rorschach ransomware appears to be unique. ” continues the analysis.

Encryption 92

Encryption Ransomware Malware Backups 92

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption 98

Encryption Malware Banking Ransomware 98

Malwarebytes

SEPTEMBER 15, 2023

The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the last 24 months. Ransomware is named as the most prominent threat with a broad reach and a significant financial impact on industry.

Cybercrime 110

Cybercrime Ransomware DDOS Backups 110

Security Affairs

DECEMBER 10, 2021

BlackCat is the first professional ransomware strain that was written in the Rust programming language, researchers reported. Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language.

Ransomware 100

Ransomware Malware Cybercrime Encryption 100

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.

Ransomware 313

Ransomware Cybercrime Malware Encryption 313

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The cybercrime group behind the attack leaked the data stolen from the victim on January 5, 2022.

Encryption 89

Encryption Ransomware Cybercrime Engineering 89

CyberSecurity Insiders

JUNE 26, 2023

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti. Babuk is a ransomware that was first discovered in early 2021.

Cybercrime 100

Cybercrime Social Engineering Ransomware Phishing 100

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption 91

Encryption Ransomware VPN Malware 91

SecureWorld News

MARCH 29, 2024

Malvertising acts as a vessel for malware propagation. Some of the unearthed hoaxes delivered infostealers such as Aurora Stealer, Batloader, and IceID, with the latter having gained notoriety for facilitating Quantum ransomware distribution. A stepping stone to impactful cybercrime This tactic has tangible real-world implications.

Cybercrime 79

Cybercrime Advertising Engineering Antivirus 79

Krebs on Security

JULY 1, 2020

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.

Ransomware 301

Ransomware Cybercrime Encryption Malware 301

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware 128

Ransomware Hacking Data breaches Digital transformation 128

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The experts noticed that the offset differs per sample.

Ransomware 94

Ransomware Malware Antivirus Encryption 94

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. Experts from Sophos analyzed the code of Entropy ransomware employed in two distinct attacks.

Ransomware 97

Ransomware Malware Cybercrime Banking 97

Malwarebytes

SEPTEMBER 19, 2023

The German police in cooperation with the US Secret Service have executed search warrants against suspected members of the DoppelPaymer ransomware group in Germany and Ukraine. Over the last years, DoppelPaymer claimed responsibility for a high-profile ransomware attack on Kia Motors America. Prevent intrusions.

Ransomware 122

Ransomware Backups Cryptocurrency Cybercrime 122

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. The Cactus ransomware relies on multiple legitimate tools (e.g.

Retail 127

Retail Ransomware Encryption Hacking 127

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware 129

Ransomware Encryption Malware Education 129

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 143

Encryption Ransomware Backups VPN 143

The Hacker News

DECEMBER 24, 2021

Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. "Be

Ransomware 113

Ransomware Cybercrime Encryption Malware 113

Security Affairs

JUNE 6, 2023

Researchers from security firm Uptycs reported that threat actors linked to the Cyclops ransomware are offering a Go-based information stealer. The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. ” reads the report. ” reads the report.

Ransomware 74

Ransomware Encryption Cybercrime Malware 74

Security Affairs

SEPTEMBER 1, 2023

Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption tool for the Key Group ransomware (aka keygroup777) that allows victims to recover their data without paying a ransom.

Ransomware 114

Ransomware Encryption Backups Malware 114

Security Affairs

DECEMBER 6, 2022

Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption window, turning it as a wiper.

Ransomware 127

Ransomware Encryption Malware Architecture 127

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. Pierluigi Paganini.

Ransomware 135

Ransomware Encryption Malware Cybercrime 135

Hacker Combat

JULY 7, 2022

According to cybersecurity researchers, the bumblebee loader is now a darling in the ransomware ecosystem. A new malware is now an important component when it comes to engineering ransomware attacks. The malware, which goes by the name Bumblebee, was recently analyzed by Symantec researchers.

Malware 98

Malware Ransomware Phishing Engineering 98

Security Affairs

JULY 29, 2021

The cyber threat landscape change continuously, recently two new ransomware-as-service (RaaS) operations named BlackMatter and Haron made the headlines. Recently, two new ransomware gangs, named BlackMatter and Haron, announced the beginning of the operations. “Haron ransomware was first discovered in July 2021. .

Ransomware 137

Ransomware Cybercrime Encryption Architecture 137

Heimadal Security

OCTOBER 21, 2022

It is not often that ransomware groups attack Russian corporate networks, however OldGremlin, also known as TinyScouts, is one of the few cybercrime gangs that primarily focuses on Russian companies. The post OldGremlin Attacks Russian Organizations via Linux Ransomware appeared first on Heimdal Security Blog.

Ransomware 85

Ransomware Cybercrime Encryption Malware 85

CyberSecurity Insiders

NOVEMBER 29, 2022

First is the news related to Southampton County of Virginia, as information is out that personal information of many county populaces was stolen in a ransomware attack that occurred in September 2022. Lorenz Ransomware spreading gang focused more on public sector companies from February 2021 to October 2022.

Ransomware 109

Ransomware Healthcare Encryption Cybercrime 109

Security Affairs

SEPTEMBER 2, 2022

Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path. Figure 1: DarkAngels ransomware README.

Ransomware 143

Ransomware Encryption Malware Hacking 143

Penetration Testing

DECEMBER 15, 2023

In the shadowy world of cybercrime, alliances are formed not in boardrooms, but in the encrypted corners of the dark web.

Penetration Testing 83

Penetration Testing Ransomware Cybercrime Encryption 83

Malwarebytes

JANUARY 25, 2024

The British National Cyber Security Centre (NCSC) says it expects Artificial Intelligence (AI) to heighten the global ransomware threat. In how far new moves on the front of a United Nations Cybercrime Treaty will have a short-term effect on the behavior of state-sponsored groups is very hard to predict. Stop malicious encryption.

Ransomware 85

Ransomware Government Social Engineering Spyware 85

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. macaw extension to the file name of the encrypted files.

Ransomware 118

Ransomware Cybercrime Banking Encryption 118

Security Affairs

NOVEMBER 24, 2022

RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming language. The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language.

Ransomware 99

Ransomware Encryption Malware Manufacturing 99