Document and Ransomware - Cyber Security Informer

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Malware

Malware Scams Identity Theft Antivirus

Ransomware Now Leaking Stolen Documents

Schneier on Security

APRIL 14, 2020

Originally, ransomware didn't involve any data theft. Now ransomware is increasingly involving both encryption and exfiltration. Recently, the aerospace company Visser Precision was hit by the DoppelPaymer ransomware. Recently, the aerospace company Visser Precision was hit by the DoppelPaymer ransomware.

Ransomware

Ransomware Encryption Malware

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack.

Ransomware

Ransomware Telecommunications Healthcare Insurance

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware

Ransomware Hacking Accountability Cyber Attacks

Rhysida Ransomware gang claims the hack of the Government of Peru

Security Affairs

MAY 3, 2025

The Rhysida Ransomware gang claims the hack of the Government of Peru, the gang breached Gob.pe, the Single Digital Platform of the Peruvian State. The Rhysida ransomware gang claims responsibility for hacking the Government of Peru, breaching Gob.pe, which is the country’s official digital platform.

Government

Government Ransomware Hacking Manufacturing

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

AUGUST 14, 2020

NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. R1 RCM Inc. Formerly known as Accretive Health Inc. billion in 2019.

Ransomware

Ransomware Healthcare Insurance Phishing

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Security Affairs

MAY 13, 2025

Interlock Ransomware ‘s attack on a defense contractor exposed global defense supply chain details, risking operations of top contractors and their clients. Resecurity envisions the cascading effects on the defense supply chain due to ransomware activity.

Ransomware

Ransomware Cyber Attacks Risk Hacking

Ransomware Gangs Don’t Need PR Help

Krebs on Security

JULY 1, 2020

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.

Ransomware

Ransomware Cybercrime Encryption Malware

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Mexico is investigating a ransomware attack targeting its legal affairs office, as confirmed by the president amidst growing cybersecurity concerns. Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Knight, also known as Cyclops 2.0,

Government

Government Hacking Ransomware Insurance

Conti’s Ransomware Toll on the Healthcare Industry

Krebs on Security

APRIL 18, 2022

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But according to Microsoft and an advisory from the U.S. National Security Agency (NSA).

Healthcare

Healthcare Ransomware Cybersecurity Malware

US authorities have indicted Black Kingdom ransomware admin

Security Affairs

MAY 4, 2025

A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. authorities have indicted Rami Khaled Ahmed (aka Black Kingdom, of Sanaa, Yemen), a 36-year-old Yemeni national, suspected of being the administrator of the Black Kingdom ransomware operation. for 1,500 attacks on Microsoft Exchange servers.

Ransomware

Ransomware Encryption VPN Malware

Ransomware attack hit Indian multinational Tata Technologies

Security Affairs

FEBRUARY 1, 2025

Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack. A few days later, the ransomware gang Hive leaked the alleged stolen files on its Tor leak site.

Technology

Technology Ransomware Engineering Manufacturing

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.

Ransomware

Ransomware Cybercrime Malware Encryption

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

AUGUST 19, 2021

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Abnormal Security documented how it tied the email back to a young man in Nigeria who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram. .”

Ransomware

Ransomware Social Engineering Cybercrime Scams

China-linked APTs’ tool employed in RA World Ransomware attack

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups.

Ransomware

Ransomware Software Cybercrime Encryption

Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters

Tech Republic Security

MARCH 19, 2025

FBI warns computer users to keep an eye out for malware, including ransomware, distributed through working document converters.

Malware

Malware Scams Ransomware Identity Theft

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. Russian news agency RIA Novosti, citing an anonymous source, confirmed that the arrested man is the “programmer” as Mikhail Matveev, as reported in court documents.

Ransomware

Ransomware Healthcare Hacking Malware

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

SEPTEMBER 23, 2020

The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents. Plano, Texas-based Tyler Technologies [ NYSE:TYL ] has some 5,300 employees and brought in revenues of more than $1 billion in 2019.

Technology

Technology Ransomware Software Government

Report Shows Ransomware Has Grown 41% for Construction Industry

Digital Shadows

NOVEMBER 12, 2024

Ransomware Activity Targeting the Construction Sector Ransomware remains the biggest threat to the sector, as demonstrated by the 41% rise in organizations appearing on data-leak sites over the past year.

Ransomware

Ransomware Phishing Cyber threats Malware

Malicious office documents: The latest trend in cybercriminal exploitation

Tech Republic Security

SEPTEMBER 9, 2021

Cyberattacks have surged during the coronavirus pandemic as criminals rake in bountiful ransomware payouts. Malicious office docs have been on the rise for months, per a new report.

Ransomware

OneNote documents spread malware in several countries

Tech Republic Security

FEBRUARY 1, 2023

A new phishing campaign abuses OneNote documents to infect computers with the infamous AsyncRAT malware, targeting users in the U.K., The post OneNote documents spread malware in several countries appeared first on TechRepublic. Canada and the U.S.

Malware

Malware Phishing Ransomware

Ransomware Bites Dental Data Backup Firm

Krebs on Security

AUGUST 29, 2019

PerCSoft , a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. The ransomware attack hit PerCSoft on the morning of Monday, Aug. West Allis, Wis.-based

Backups

Backups Ransomware Insurance Encryption

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

In February, he and Ermakov were arrested on charges of operating a short-lived ransomware affiliate program in 2021 called Sugar (a.k.a. Shefel claims his Sugar ransomware affiliate program was a bust, and never generated any profits. Sugar Locker), which targeted single computers and end-users instead of corporations.

Retail

Retail Advertising Cryptocurrency Marketing

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

Krebs on Security

DECEMBER 16, 2019

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. The message displayed at the top of the Maze Ransomware public shaming site. Follow the news!”

Ransomware

Ransomware Data breaches Healthcare Cybercrime

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. A now-deleted Tweet from Synoptek on Dec. When the site was first set up on Dec.

Ransomware

Ransomware Media Financial Services Retail

Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

Security Affairs

MARCH 2, 2025

The Qilin ransomware group claims responsibility for attacking the newspaper Lee Enterprises, stealing 350GB of data. The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises , Inc. is a publicly traded American media company.

Ransomware

Ransomware Cybercrime Encryption Healthcare

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. Reached by phone today, Jansson said he quit the company in August, right around the time Gunnebo disclosed the thwarted ransomware attack.

Hacking

Hacking Ransomware Banking Accountability

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Security Affairs

FEBRUARY 11, 2025

Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The ransomware component is then decrypted and loaded into the SmokeLoader process memory.

Ransomware

Ransomware Encryption Backups Malware

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

Security Affairs

FEBRUARY 12, 2025

The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no ransom is paid by Tuesday, February 20, 2025.

Computers and Electronics

Computers and Electronics Ransomware Manufacturing Data breaches

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

JANUARY 6, 2025

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an accidentally formatted hard drive. In October 2020, Westend Dental was attacked by the Medusa Locker ransomware group.

Data breaches

Data breaches Ransomware Passwords Insurance

Big Game Ransomware: the myths experts tell board members

DoublePulsar

MAY 4, 2025

Theres a piece in The Sunday Times today about the DragonForce ransomware incident at Marks and Spencer which caught my eye. Travelex tried saying the ransomware incident was a technical issue at first. When I covered the Capita ransomware, they paid quietly paid Black Basta early on. This iswrong. Travelex arent alone.

Ransomware

Ransomware Backups Government VPN

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

Members of Scattered Spider have been tied to the 2023 ransomware attacks against MGM and Caesars casinos in Las Vegas, but it remains unclear whether Buchanan was implicated in that incident. The Justice Department’s complaint against Buchanan makes no mention of the 2023 ransomware attack. Documents from the U.S.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

CryWiper Data Wiper Targeting Russian Sites

Schneier on Security

DECEMBER 6, 2022

Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The malware focuses on databases, archives, and user documents. The malware focuses on databases, archives, and user documents. Nothing leading to an attribution. News article. Slashdot thread.

Ransomware

Ransomware Government Malware

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. TB of stolen data. The group claims the theft of 1.4

Technology

Technology Ransomware Engineering Manufacturing

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

With the help of these documents, even inexperienced operators with limited hacking skills can quickly acquire the necessary expertise to successfully forward counterfeit EDRs.

Cybercrime

Cybercrime Social Engineering Accountability Government

INC RANSOM ransomware gang claims to have breached Xerox Corp

Security Affairs

DECEMBER 30, 2023

The INC RANSOM ransomware group claims to have hacked the American multinational corporation Xerox Corp. Xerox Corp provides document management solutions worldwide. The INC RANSOM ransomware group claims responsibility for hacking the American multinational corporation Xerox Corp and threatens to disclose the alleged stolen data.

Ransomware

Ransomware InfoSec Data breaches Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs

MAY 11, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components Stealthy Linux backdoor leveraging (..)

Malware

Malware eCommerce Hacking Ransomware

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Security Affairs

DECEMBER 8, 2024

Anna Jaques Hospital revealed thatthe ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients. On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients.

Data breaches

Data breaches Insurance Healthcare Ransomware

Low-Drama ‘Dark Angels’ Reap Record Ransoms

Krebs on Security

AUGUST 5, 2024

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. ThreatLabz found Dark Angels has conducted some of the largest ransomware attacks to date, and yet little is known about the group.

Ransomware

Ransomware Insurance Healthcare Education

Police Have Disrupted the Emotet Botnet

Schneier on Security

JANUARY 28, 2021

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware.

Malware

Malware Phishing Ransomware Cybercrime

October ransomware attack on Dallas County impacted over 200,000 people

Security Affairs

JULY 11, 2024

The ransomware attack that hit Dallas County in October 2023 has impacted more than 200,000 individuals exposing their personal information. In October 2023 the Play ransomware group hit Dallas County, Texas, and added the city to its Tor leak site claiming the theft of sensitive documents from multiple departments.

Ransomware

Ransomware Identity Theft Data breaches Insurance

Hacking gang leaks documents stolen from Pentagon IT provider

Graham Cluley

JULY 29, 2024

Hackers have released internal documents stolen from one of America's largest IT services providers, which counts various US government agencies, including the Department of Defense, amongst its customers. Read more in my article on the Hot for Security blog.

Hacking

Hacking Government Data breaches Ransomware

Ransomware groups target Veeam Backup & Replication bug

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The initial access to the target network was via Secure Shell (SSH) protocol and attackers exfiltrated critical data before deploying Akira ransomware the following day.

Backups

Backups Ransomware Antivirus DNS

Legal Threats Make Powerful Phishing Lures

Krebs on Security

MAY 22, 2019

Our {legal team | legal council | legal departement} has prepared a document explaining the {litigation | legal dispute | legal contset}. Please download and read the attached encrypted document carefully. Note: The password for the document is 123456. Yes, the spelling/grammar is poor and awkward (e.g.,

Phishing

Phishing Antivirus Scams Malware

FBI warns of malicious free online document converters spreading malware

Ransomware Now Leaking Stolen Documents

Trending Sources

Black Basta ransomware gang hit BT Group

8Base ransomware group hacked Croatia’s Port of Rijeka

Rhysida Ransomware gang claims the hack of the Government of Peru

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Ransomware Gangs Don’t Need PR Help

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Conti’s Ransomware Toll on the Healthcare Industry

US authorities have indicted Black Kingdom ransomware admin

Ransomware attack hit Indian multinational Tata Technologies

Ukrainian Police Nab Six Tied to CLOP Ransomware

Wanted: Disgruntled Employees to Deploy Ransomware

China-linked APTs’ tool employed in RA World Ransomware attack

Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Report Shows Ransomware Has Grown 41% for Construction Industry

Malicious office documents: The latest trend in cybercriminal exploitation

OneNote documents spread malware in several countries

Ransomware Bites Dental Data Backup Firm

An Interview With the Target & Home Depot Hacker

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

Ransomware at IT Services Provider Synoptek

Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

Dental group lied through teeth about data breach, fined $350,000

Big Game Ransomware: the myths experts tell board members

Alleged ‘Scattered Spider’ Member Extradited to U.S.

CryWiper Data Wiper Targeting Russian Sites

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

EDR-as-a-Service makes the headlines in the cybercrime landscape

INC RANSOM ransomware gang claims to have breached Xerox Corp

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Low-Drama ‘Dark Angels’ Reap Record Ransoms

Police Have Disrupted the Emotet Botnet

October ransomware attack on Dallas County impacted over 200,000 people

Hacking gang leaks documents stolen from Pentagon IT provider

Ransomware groups target Veeam Backup & Replication bug

Legal Threats Make Powerful Phishing Lures

Stay Connected