Security Affairs

MARCH 2, 2024

US CISA, the FBI, and MS-ISAC issued a joint CSA to warn of attacks involving Phobos ransomware variants observed as recently as February 2024 US CISA, the FBI, and MS-ISAC issued a joint cyber security advisory (CSA) to warn of attacks involving Phobos ransomware variants such as Backmydata , Devos, Eight, Elking, and Faust.

Ransomware 123

Ransomware Backups Healthcare Firewall 123

Adam Levin

JUNE 26, 2020

Phony contact-tracing apps meant to mitigate the spread of the Covid-19 pandemic are installing ransomware on mobile devices. The more Canadians who voluntarily download and use the app, the safer we’ll be, and the faster we can reopen the economy,” stated the scam website. “The

Malware 223

Malware Ransomware Mobile Scams 223

Bleeping Computer

FEBRUARY 23, 2022

Analysis of the recently-emerged Entropy ransomware reveals code-level similarities with the general purpose Dridex malware that started as a banking trojan. [.].

Malware 76

Malware Ransomware Banking 76

Adam Levin

AUGUST 21, 2020

Carnival Corporation, the largest cruise ship company in the world, announced that it had experienced a data breach following a ransomware attack on their systems. The post Carnival Announces Data Breach Following Ransomware Attack appeared first on Adam Levin. Read the 8-K filing here.

Data breaches 263

Data breaches Ransomware Encryption Technology 263

Malwarebytes

MAY 11, 2022

The sites vary in terms of style or general setup, but all focus on having you download Canon drivers. However, when someone attempts to download the driver, the download fails and the site displays a message with a phone number you can call for assistance. A very testing download. Except not really.

Scams 119

Scams Internet Internet Cryptocurrency 119

Malwarebytes

FEBRUARY 12, 2024

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 91

Ransomware Phishing Technology Scams 91

Security Affairs

DECEMBER 1, 2023

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. “Today we dove into a new ransomware sample, internally dubbed “Turtle”.

Ransomware 127

Ransomware Encryption Malware Cybercrime 127

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. ” Image: Chainalysis.

Ransomware 282

Ransomware Cybercrime Antivirus Encryption 282

Security Affairs

FEBRUARY 27, 2024

New threat actors have started exploiting ConnectWise ScreenConnect vulnerabilities, including the Black Basta and Bl00dy ransomware gangs. Trend Micro confirmed that Black Basta and Bl00dy ransomware groups are actively exploiting both flaws and shared details about their attack chains. ” Trend Micro concludes.

Ransomware 116

Ransomware Malware Software Authentication 116

Malwarebytes

APRIL 6, 2023

also contains two hard-coded download URLs, both served on the malicious domain infoamanewonliag[.]online. The same IP also hosts the illicit domain the payloads were downloaded from. These include "executing a command and sending its output back to the attackers or downloading additional files onto the computer."

Computers and Electronics 94

Computers and Electronics Malware Scams Encryption 94

Security Affairs

NOVEMBER 19, 2022

Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. The DEV-0569 group carries out malvertising campaigns to spread links to a signed malware downloader posing as software installers or fake updates embedded in spam messages, fake forum pages, and blog comments.

Ransomware 130

Ransomware Malware Antivirus Phishing 130

Malwarebytes

FEBRUARY 6, 2024

Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. The report reveals that, awash with money, the number of known Big Game attacks surged by 68% in 2023, thanks to Ransomware-as-a-Service groups like LockBit and ALPHV. READ THE REPORT

Ransomware 100

Ransomware Cybercrime Malware Social Engineering 100

Security Boulevard

JULY 28, 2023

Threat actors are using bogus advertisements for IT tools on sites like Google and Microsoft’s Bing in hopes of luring tech users to inadvertently download malware that kicks off an attack that eventually leads to ransomware like BlackCat.

Ransomware 98

Ransomware Advertising Malware Cybersecurity 98

Malwarebytes

DECEMBER 1, 2021

Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. Obviously, the attackers have adapted this method from the ransomware playbook. The post Have you downloaded that Android malware from the Play Store lately?

Malware 117

Malware Banking Authentication Cryptocurrency 117

CyberSecurity Insiders

OCTOBER 9, 2022

Nowadays, hacking groups are involved in ransomware distribution activities, distributing wiper malware in disguise of ransomware via noted gaming and adult websites. Intelligence experts from Cyble have confirmed the spread of ransomware through fake adult websites, but are yet to reach to a confirmation regarding gaming portals.

Ransomware 134

Ransomware Malware Hacking Cybersecurity 134

Bleeping Computer

FEBRUARY 25, 2023

A threat actor has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains. [.]

Malware 116

Malware Ransomware Government 116

Security Affairs

NOVEMBER 5, 2021

A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware.

Ransomware 125

Ransomware Backups Encryption DNS 125

SecureList

DECEMBER 13, 2023

In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns. In this article, we share excerpts from our reports on the FakeSG campaign, the Akira ransomware and the AMOS stealer. For an example, look at the image below.

Ransomware 90

Ransomware Passwords Malware Encryption 90

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. SecurityAffairs – hacking, ransomware).

Ransomware 142

Ransomware Encryption Engineering Malware 142

CyberSecurity Insiders

JUNE 27, 2023

One such threat is smartphone ransomware, a malicious software that can wreak havoc on our digital lives. In this article, we will explore the concept of smartphone ransomware, its potential consequences, and most importantly, the measures you can take to protect yourself from this growing menace.

Ransomware 107

Ransomware Antivirus Backups Encryption 107

Security Affairs

DECEMBER 4, 2021

The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. ” states the alert.

Ransomware 138

Ransomware Hacking Malware Encryption 138

CyberSecurity Insiders

NOVEMBER 1, 2022

A new ransomware named ‘Azov Ransomware’ is found framing cybersecurity researchers as it doesn’t demand any ransom from its victims, instead it is asking them to contact forensic experts from a firm in the vicinity and do as per their instructions. And is being downloaded after the purchase of SmokeLoader dropper.

Ransomware 127

Ransomware Cybersecurity Software Malware 127

Bleeping Computer

DECEMBER 14, 2021

The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers. [.].

Ransomware 145

Ransomware 145

SecureList

OCTOBER 24, 2023

In this article, we share excerpts from our reports on malware that has been active for less than a year: the GoPIX stealer targeting the PIX payment system, which is gaining popularity in Brazil; the Lumar multipurpose stealer advertised on the dark web; and the Rhysida ransomware supporting old Windows versions.

Ransomware 92

Ransomware Malware Advertising Passwords 92

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware). ” concludes the report.

Ransomware 92

Ransomware Cybercrime Malware Hacking 92

Security Affairs

OCTOBER 24, 2022

The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. SecurityAffairs – hacking, Cuba ransomware).

Ransomware 94

Ransomware Phishing Hacking Software 94

Malwarebytes

OCTOBER 11, 2023

The Philippine Health Insurance Corporation (PhilHealth), has confirmed that it was unprotected by antivirus software when it was attacked by the Medusa ransomware group in September. EDR can detect an intruder's suspicious activity in advance of them running ransomware, as well as being able to identify the ransomware itself.

Antivirus 99

Antivirus Insurance Ransomware Healthcare 99

Security Boulevard

JULY 28, 2022

The key observations are: Obfuscated Excel macros used to download and run the Emotet loader. Emotet infections are high risk, having led to ransomware deployments in the past ( 7 ). Macro Downloads and Executes Emotet Loader. It then tries to execute the downloaded Emotet loader using regsvr32.exe Download URLs: [link].

Encryption 59

Encryption Malware Phishing Cybercrime 59

Malwarebytes

DECEMBER 1, 2022

In the latest #StopRansomware effort of publicizing ransomware information for network defenders, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint Cybersecurity Advisory (CSA) on the ransomware known as "Cuba." Cuba ransomware 101.

Ransomware 85

Ransomware Financial Services Accountability Malware 85

Heimadal Security

OCTOBER 14, 2022

Magniber Ransomware finds its way again into Windows home users’ computers, this time through false security updates, as shown in a recent report released by HP’s threat intelligence team. The malicious files that were downloaded (ZIP archives) contained […].

Ransomware 108

Ransomware Antivirus Advertising Cybersecurity 108

Security Affairs

JUNE 10, 2022

The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. The ransomware encrypts files on the targeted systems using the “.cuba” The ransomware encrypts files on the targeted systems using the “.cuba” cuba” extension.

Ransomware 124

Ransomware Malware Encryption Hacking 124

Security Affairs

JULY 1, 2023

Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. The first step is to download the decryptor binary.

Ransomware 98

Ransomware Encryption Malware Hacking 98

Security Affairs

MARCH 9, 2023

The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. to deploy the ransomware.

Ransomware 89

Ransomware Encryption Media Phishing 89

Bleeping Computer

JUNE 21, 2021

The Ragnar Locker ransomware gang have published download links for more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. [.].

Ransomware 145

Ransomware 145

Heimadal Security

JULY 3, 2023

The BlackCat ransomware group launched a malvertising campaign to push Cobalt Strike. Instead of the application, the victims download malware. It is free and open-source […] The post BlackCat Ransomware Gang to Launch Malicious WinSCP Ads appeared first on Heimdal Security Blog.

Ransomware 77

Ransomware Advertising Malware Cybersecurity 77

CyberSecurity Insiders

OCTOBER 27, 2022

Microsoft, the technology giant of America, has linked Clop Ransomware gang’s whereabouts to a corporate network that was previously hit by Raspberry Robin worm. BlackCat Ransomware aka ALPHV Ransomware is claiming to have a hands-on the information belonging to soldiers of Ecuadorian Joint Command of the Armed Forces.

Ransomware 109

Ransomware Manufacturing Retail Encryption 109

Bleeping Computer

NOVEMBER 29, 2022

Wazuh is a free, open source SIEM/XDR solution with more than 10 million annual downloads. Learn more about how Wazuh can help protect your organization against the ever-evolving tactics of ransomware. [.].

Ransomware 94

Ransomware 94