Cybercrime, Hacking, Malware and Ransomware

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023.

Hacking

Hacking Malware Ransomware Government

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. Compromised websites and malware are often at the root of these types of attacks.

Cryptocurrency

Cryptocurrency Cybercrime Education Scams

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Black Basta ransomware gang hacked Hyundai Motor Europe

Security Affairs

FEBRUARY 9, 2024

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company.

Hacking

Hacking Ransomware Data breaches Manufacturing

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking

Hacking Cybercrime Ransomware Government

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime

Cybercrime Malware Backups Manufacturing

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks. The group was spotted deploying the Clop ransomware in opportunistic attacks in April 2023. Then they use OpenSSH and Impacket to move laterally and deploy the Clop ransomware payload.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Hacking for Dollars: North Korean Cybercrime

Security Boulevard

FEBRUARY 24, 2021

In mid-February 2021, the Department of Justice shared the content of what had been a sealed indictment charging three North Korean (DPRK) hacking “operatives” with a plethora of cybercrimes, including “cyber heists and extortion schemes, targeting both traditional and cryptocurrencies.” Assistant Attorney General John C.

Cybercrime

Cybercrime Hacking Cryptocurrency Ransomware

Expert warns of Turtle macOS ransomware

Security Affairs

DECEMBER 1, 2023

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. In some cases, the anti-virus solution flagged the binary as Windows malware (“Win32.Troj.Undef”).

Ransomware

Ransomware Encryption Malware Cybercrime

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. is cybercrime forum.

Malware

Malware Cybercrime Ransomware Marketing

Understanding Malware-as-a-Service

SecureList

JUNE 15, 2023

Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community.

Malware

Malware Ransomware Cybercrime Hacking

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

Microsoft has addressed a zero-day in the Windows Common Log File System (CLFS) actively exploited in ransomware attacks. Microsoft has addressed a zero-day vulnerability, tracked as CVE-2023-28252 , in the Windows Common Log File System (CLFS), which is actively exploited in ransomware attacks.

Cybercrime

Cybercrime Ransomware Education Media

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Security Affairs

JUNE 6, 2022

LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. ransomware to evade sanctions. Pierluigi Paganini.

Hacking

Hacking Ransomware Cybersecurity Cybercrime

The DarkSide Ransomware Gang

Schneier on Security

JUNE 2, 2021

The New York Times has a long story on the DarkSide ransomware gang. DarkSide’s services include providing technical support for hackers, negotiating with targets like the publishing company, processing payments, and devising tailored pressure campaigns through blackmail and other means, such as secondary hacks to crash websites.

Ransomware

Ransomware Malware Hacking Cybercrime

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Security Affairs

DECEMBER 15, 2023

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. The Snatch ransomware group claims to have hacked Kraft Heinz in August and on December 14, it added the company to the list of victims on its leak site. ” reads the alert.

Hacking

Hacking Ransomware Computers and Electronics Marketing

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. Cado Security Labs recently became aware that Cerber ransomware is being deployed into Confluence servers via the CVE-2023-22518 exploit. ” states Cado Security. ” continues the report.

Ransomware

Ransomware Encryption Malware Accountability

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta ‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. SecurityAffairs – hacking, FIN7).

Cybercrime

Cybercrime Ransomware Antivirus Malware

Medusa ransomware gang claims the hack of Toyota Financial Services

Security Affairs

NOVEMBER 17, 2023

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Today, the Medusa ransomware gang claimed responsibility for the attack and threatened to leak the purportedly stolen data if the company doesn’t pay the ransom.

Financial Services

Financial Services Hacking Ransomware Data breaches

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. concludes the alert.

Ransomware

Ransomware Backups VPN Authentication

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. It was this first time that the operators adopted this tactic.

Ransomware

Ransomware Encryption Antivirus VPN

BlackCat ransomware, a very sophisticated malware written in Rust

Security Affairs

DECEMBER 10, 2021

BlackCat is the first professional ransomware strain that was written in the Rust programming language, researchers reported. Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language.

Ransomware

Ransomware Malware Cybercrime Encryption

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. ” states the alert.

Ransomware

Ransomware Hacking Malware Encryption

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

Security Affairs

SEPTEMBER 30, 2023

The ALPHV/BlackCat ransomware gang added the hotel chain Motel One to the list of victims on its Tor leak site. The ALPHV/BlackCat ransomware gang added Motel One to the list of victims on its Tor leak site. ” The ransomware group threatens to leak the stolen data if the company does not pay the ransom within five days.

Hacking

Hacking Ransomware Manufacturing Media

Rhysida Ransomware gang claims to have hacked three more US hospitals

Security Affairs

SEPTEMBER 10, 2023

Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization.

Hacking

Hacking Ransomware Healthcare Cyber Attacks

Cybercrime Statistics in 2019

Security Affairs

JANUARY 18, 2020

I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020. Cybercrime will cost as much as $6 trillion annually by 2021. The global expense for organizations to protect their systems from cybercrime attacks will continue to grow.

Cybercrime

Cybercrime Small Business Data breaches Mobile

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Security Affairs

NOVEMBER 9, 2022

Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned.

Malware

Malware Ransomware Cybercrime Phishing

Lockbit ransomware gang hacked California Department of Finance

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24.

Hacking

Hacking Ransomware Cybersecurity Technology

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center

Security Affairs

DECEMBER 16, 2023

The Hunters International ransomware gang claims to have hacked the Fred Hutchinson Cancer Center (Fred Hutch). Another healthcare organization suffered a ransomware attack, the Hunters International ransomware gang claims to have hacked the Fred Hutchinson Cancer Center (Fred Hutch). Who is Hunters International?

Ransomware

Ransomware Hacking Insurance Healthcare

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. Experts from Sophos analyzed the code of Entropy ransomware employed in two distinct attacks.

Ransomware

Ransomware Malware Cybercrime Banking

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. SecurityAffairs – hacking, cyber security).

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

The newer cybercrime triad: TrickBot-Emotet-Conti

Security Affairs

NOVEMBER 20, 2021

Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang. The FBI collected millions of email addresses used by Emotet operators in their malware campaigns as part of the cleanup operation. “This created a major interruption within the ransomware supply chains.

Cybercrime

Cybercrime Ransomware Banking Malware

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Security Affairs

MARCH 11, 2024

BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains TeamCity software in recent attacks. Researchers from GuidePoint Security noticed, while investigating a recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target by exploiting flaws in a TeamCity server.

Ransomware

Ransomware Malware Healthcare Manufacturing

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. concludes the alert.

Ransomware

Ransomware Backups VPN Authentication

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. The stores are co-owned by 3.5

Retail

Retail Ransomware Encryption Hacking

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

SecureWorld News

MARCH 29, 2024

Malvertising acts as a vessel for malware propagation. Some of the unearthed hoaxes delivered infostealers such as Aurora Stealer, Batloader, and IceID, with the latter having gained notoriety for facilitating Quantum ransomware distribution. A stepping stone to impactful cybercrime This tactic has tangible real-world implications.

Cybercrime

Cybercrime Advertising Engineering Antivirus

REvil ransomware gang hacked gaming firm Gaming Partners International

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. ” reads the message published by the ransomware operators.

Hacking

Hacking Ransomware Advertising Encryption

BlackCat ransomware group claims the hack of Seiko network

Security Affairs

AUGUST 21, 2023

The BlackCat/ALPHV ransomware group claims to have hacked the Japanese maker of watches Seiko and added the company to its data leak site. Now the BlackCat/ALPHV ransomware gang has added Seiko to the list of victims published on its data leak site.

Hacking

Hacking Ransomware Data breaches Cyber Attacks

Daixin Team group claimed the hack of North Texas Municipal Water District

Security Affairs

NOVEMBER 28, 2023

The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. The ransomware gang claims the theft of board meeting minutes, internal project documentation, personnel details, audit reports, and more.

Hacking

Hacking VPN Ransomware Cybercrime

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware

Ransomware Encryption Backups Manufacturing

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware

Malware Cryptocurrency Accountability Cybercrime

UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed

Security Affairs

APRIL 30, 2021

UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. The UNC2447 gang targeted organizations in Europe and North America using a broad range of malware over the past months. ” reads the analysis published by FireEye.

Cybercrime

Cybercrime Ransomware Malware Mobile

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Cryptocurrencies and cybercrime: A critical intermingling

Trending Sources

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Carbanak malware returned in ransomware attacks

Cactus ransomware gang claims the Schneider Electric hack

Black Basta ransomware gang hacked Hyundai Motor Europe

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Hacking for Dollars: North Korean Cybercrime

Expert warns of Turtle macOS ransomware

Why Malware Crypting Services Deserve More Scrutiny

This Service Helps Malware Authors Fix Flaws in their Code

Understanding Malware-as-a-Service

Cybercrime group exploits Windows zero-day in ransomware attacks

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

The DarkSide Ransomware Gang

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Linux variant of Cerber ransomware targets Atlassian servers

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Medusa ransomware gang claims the hack of Toyota Financial Services

Akira ransomware targets Finnish organizations

Akira ransomware received $42M in ransom payments from over 250 victims

BlackCat ransomware, a very sophisticated malware written in Rust

Cuba ransomware gang hacked 49 US critical infrastructure organizations

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

Rhysida Ransomware gang claims to have hacked three more US hospitals

Cybercrime Statistics in 2019

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Lockbit ransomware gang hacked California Department of Finance

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

The newer cybercrime triad: TrickBot-Emotet-Conti

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Akira ransomware targets Finnish organizations

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

REvil ransomware gang hacked gaming firm Gaming Partners International

BlackCat ransomware group claims the hack of Seiko network

Daixin Team group claimed the hack of North Texas Municipal Water District

8Base ransomware operators use a new variant of the Phobos ransomware

DarkGate malware campaign abuses Skype and Teams

UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed

Stay Connected