Encryption, Hacking, Ransomware and VPN

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Antivirus VPN

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. The Cring ransomware appeared in the threat landscape in January, it was first reported by Amigo_A and the CSIRT team of Swisscom. ” reads the post published by Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption

Encryption Ransomware VPN Malware

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. SecurityAffairs – hacking, VPNLab).

VPN

VPN Cybercrime Ransomware Advertising

Currency Exchange Company Travelex Hit By Ransomware Attack

Adam Levin

JANUARY 9, 2020

Currency exchange giant Travelex has effectively been taken offline by a ransomware attack. . To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. “To The attack was first detected the night of December 31.

Ransomware

Ransomware Encryption Insurance VPN

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Security experts reported that a second ransomware gang, named Black Kingdom , is targeting Microsoft Exchange servers. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. BlackKingdom ransomware on my personal servers. It does indeed encrypt files.

Ransomware

Ransomware Encryption VPN Malware

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.

Ransomware

Ransomware VPN Antivirus Encryption

Korean cybersecurity agency released a free decryptor for Hive ransomware

Security Affairs

JUNE 30, 2022

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware , the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4.

Ransomware

Ransomware Cybersecurity Encryption VPN

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks.

Ransomware

Ransomware Encryption Passwords Malware

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Ransomware

Ransomware Encryption VPN Backups

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. The flash alert also includes indicators of compromise for the Netwalker ransomware along with mitigations. ” reads the alert.

Ransomware

Ransomware VPN Advertising Government

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

LockBit ransomware operators have compromised the systems at the helicopter maker Kopter and published them on their darkweb leak site. The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware VPN Encryption Authentication

US HHS warns healthcare orgs of Royal Ransomware attacks

Security Affairs

DECEMBER 10, 2022

The US Department of Health and Human Services (HHS) warns healthcare organizations of Royal ransomware attacks. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. The malware changes the extension of the encrypted files to ‘.royal’.

Healthcare

Healthcare Ransomware Encryption Malware

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. “A new ransomware known as Checkmate has recently been brought to our attention.

Ransomware

Ransomware Encryption Passwords Internet

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

Experts identified Tor hidden services and clearnet URLs via various open-source reporting that could be associated with the activity of the Hades ransomware. Researchers from Crowdstrike speculate that the new variant is a successor to WastedLocker ransomware and linked the operations to Evil Corp operations. Pierluigi Paganini.

Ransomware

Ransomware Encryption Malware VPN

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infrastructure. Pierluigi Paganini.

Ransomware

Ransomware DDOS Passwords Backups

Insurance firm CNA discloses data breach after March ransomware attack

Security Affairs

JULY 9, 2021

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. CNA is not able to confirm if data was viewed, stolen, or shared online by the ransomware gang.

Data breaches

Data breaches Insurance Ransomware Identity Theft

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

Healthcare and Public Health sector with ransomware. businesses, mainly in the Healthcare and Public Health (HPH) Sector, with ransomware operations. The Daixin Team is a ransomware and data extortion group that has been active since at least June 2022. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware

Ransomware VPN Cybercrime Accountability

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Security Affairs

SEPTEMBER 6, 2022

QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. Once encrypted the content of the device, the ransomware appends.

Ransomware

Ransomware Internet Internet Encryption

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

Ukrainian police arrested members of a ransomware gang that targeted at least 50 companies in the U.S. Ukrainian police arrested members of a ransomware affiliate group that is responsible for attacking at least 50 companies in the U.S. and Europe. and Europe. The operation was conducted by the SBU Cyber ??Department Source SSU.

Ransomware

Ransomware DDOS Telecommunications Malware

Hive ransomware gang starts leaking data allegedly stolen from Tata Power

Security Affairs

OCTOBER 25, 2022

The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. Now the ransomware gang Hive started leaking the alleged stolen files on its Tor leak site. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials.

Ransomware

Ransomware Data breaches Cyber Attacks Engineering

NVIDIA discloses data breach after the recent ransomware attack

Security Affairs

MARCH 2, 2022

The chipmaker giant Nvidia was recentty victim of a ransomware attack that impacted some of its systems for two days. The Lapsus$ ransomware gang is claiming responsibility for this attack, the group announced to have stolen 1 TB of data from Nvidia’s network. ” the LAPSU$ ransomware gang wrote on its Telegram change.

Data breaches

Data breaches Ransomware Hacking VPN

A Comprehensive Answer to the Frequently Asked Question “What is WannaCry Ransomware?’

Hacker Combat

JUNE 1, 2021

Ransomware is a prevalent form of malware or malicious software used by criminals. Ransomware is a form of malware that encrypts your sensitive data, meaning you cannot access your computer or the data. This form of encryption is called crypto-ransomware. This form of encryption is called crypto-ransomware.

Ransomware

Ransomware Encryption VPN Cybercrime

Meet the Karakurt hacking group that is into data exfiltration and extortion

CyberSecurity Insiders

DECEMBER 14, 2021

Cybersecurity Researchers from Accenture Security have found that a new hacking group is on the prowl and is into the method of data exfiltration and extortion. Modus operandi of Karakurt is simple, to buy credentials related to VPN networks from dark web or by launching phishing attacks and then compromise a corporate computer network.

Hacking

Hacking Ransomware VPN Malware

Wazawaka Goes Waka Waka

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. The other handle that appeared tied to Wazawaka was “Orange,” the founder of the RAMP ransomware forum. This post is an attempt to remedy that.

VPN

VPN Ransomware Cybercrime Accountability

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs

APRIL 24, 2020

The popular SeaChange video platform is the latest victim of the Sodinokibi Ransomware gang, which is threatening to leak the stolen data. SeaChange International, the multinational supplier of video delivery software solutions, was the victim of the Sodinokibi Ransomware gang. SecurityAffairs – Sodinokibi Ransomware, hacking).

Software

Software Ransomware VPN Advertising

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

Security Affairs

SEPTEMBER 9, 2020

K-Electric, the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services. K-Electric, the electricity provider for Karachi (Pakistan) is another victim of the Netwalker ransomware gang, the infection disrupted billing and online services.

Ransomware

Ransomware Energy and Utilities VPN Advertising

How One Company Survived a Ransomware Attack Without Paying the Ransom

eSecurity Planet

JULY 12, 2022

The first signs of the ransomware attack at data storage vendor Spectra Logic were reports from a number of IT staffers about little things going wrong at the beginning of the day. Screens then started to display a ransom demand, which said files had been encrypted by the NetWalker ransomware virus. The ransom demand was $3.6

Ransomware

Ransomware Cyber Insurance Backups Insurance

Netwalker ransomware operators leaked files stolen from K-Electric

Security Affairs

OCTOBER 1, 2020

K-Electric, Pakistan’s largest private power company, did not pay the ransom and the Netwalker ransomware operators have leaked the stolen data. In early September, K-Electric (KE), the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services.

Ransomware

Ransomware Advertising Engineering VPN

Chilean bank BancoEstado hit by REVil ransomware

Security Affairs

SEPTEMBER 7, 2020

Chilean bank BancoEstado, one of the country’s biggest banks, was forced to shut down all branches following a ransomware attack. Chilean bank BancoEstado, one of the country’s biggest banks, was hit with a ransomware attack that forced its branches to remain closed since September 7. SecurityAffairs – hacking, Norway).

Banking

Banking Ransomware Advertising VPN

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 12, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches VPN Hacking Banking

North Korea-Linked Lazarus APT is behind the VHD ransomware

Security Affairs

JULY 28, 2020

Security experts from Kaspersky Lab reported that North Korea-linked hackers are attempting to spread a new ransomware strain known as VHD. North Korean-linked Lazarus APT Group continues to be very active, the state-sponsored hackers are actively employing new ransomware, tracked as VHD, in attacks aimed at enterprises.

Ransomware

Ransomware Malware Advertising VPN

Trusted relationship attacks: trust, but verify

SecureList

MAY 28, 2024

in their infrastructure, while the rest discovered they had been infiltrated via a third party only after data leakage or encryption. Most often, communication between the service provider and the client takes place via VPN connections and Remote Desktop Protocol (RDP) services.

VPN

VPN Accountability Passwords Antivirus

SeaChange video delivery provider discloses REVIL ransomware attack

Security Affairs

SEPTEMBER 10, 2020

US-based supplier of video delivery software solutions, SeaChange International, revealed that a ransomware attack disrupted its operations in Q1 2020. SeaChange International, a US-based supplier of video delivery software solutions, revealed that a ransomware attack has disrupted its operations during the first quarter of 2020.

Ransomware

Ransomware VPN Banking Data breaches

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

FBI warns ransomware gangs are actively targeting organizations in the food and agriculture sector. Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. Consider installing and using a VPN. ransomware and phishing scams).

Ransomware

Ransomware Passwords Backups Firmware

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020.

Ransomware

Ransomware VPN Cybercrime Advertising

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

Bronze Starlight is a nation-state group that was observed using ransomware as means for distraction or misattribution. “The [HUI] loader is executed through sideloading by legitimate executables vulnerable to DLL hijacking and stages a payload stored in an encrypted file.” IP-based geolocation service.

VPN

VPN Malware Encryption Passwords

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The group provides Ransomware-as-a-Service (RaaS) to a network of affiliates.

Ransomware

Ransomware Healthcare Phishing Risk

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

JUNE 20, 2022

Related: ‘IABs’ spread ransomware. Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety. Data collections released after ransomware attacks. There are many facets to what I’ll call “The Underground.”

Ransomware

Ransomware Marketing Data collection VPN

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN

VPN Ransomware DNS Malware

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. A list of the user IDs permitted to use the firewall for SSL VPN and accounts that were permitted to use a “clientless” VPN connection. SecurityAffairs – Sophos XG firewall, hacking).

Firewall

Firewall Ransomware Passwords VPN

Security Affairs newsletter Round 396

Security Affairs

DECEMBER 3, 2022

SecurityAffairs – hacking, newsletter). Follow me on Twitter: @securityaffairs and Facebook and Mastodon. Pierluigi Paganini. The post Security Affairs newsletter Round 396 appeared first on Security Affairs.

Spyware

Spyware Data breaches VPN Hacking

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Akira ransomware received $42M in ransom payments from over 250 victims

Trending Sources

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

New Hive ransomware variant is written in Rust and use improved encryption method

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Currency Exchange Company Travelex Hit By Ransomware Attack

Black Kingdom ransomware is targeting Microsoft Exchange servers

New CACTUS ransomware appeared in the threat landscape

Korean cybersecurity agency released a free decryptor for Hive ransomware

FBI published a flash alert on Mamba Ransomware attacks

FBI issued an alert on Ragnar Locker ransomware activity

FBI issued a flash alert about Netwalker ransomware attacks

LockBit Ransomware operators hit Swiss helicopter maker Kopter

US HHS warns healthcare orgs of Royal Ransomware attacks

New Checkmate ransomware target QNAP NAS devices

Hades ransomware gang targets big organizations in the US

Avoslocker ransomware gang targets US critical infrastructure

Insurance firm CNA discloses data breach after March ransomware attack

Daixin Team targets health organizations with ransomware, US agencies warn

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Hive ransomware gang starts leaking data allegedly stolen from Tata Power

NVIDIA discloses data breach after the recent ransomware attack

A Comprehensive Answer to the Frequently Asked Question “What is WannaCry Ransomware?’

Meet the Karakurt hacking group that is into data exfiltration and extortion

Wazawaka Goes Waka Waka

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

How One Company Survived a Ransomware Attack Without Paying the Ransom

Netwalker ransomware operators leaked files stolen from K-Electric

Chilean bank BancoEstado hit by REVil ransomware

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

North Korea-Linked Lazarus APT is behind the VHD ransomware

Trusted relationship attacks: trust, but verify

SeaChange video delivery provider discloses REVIL ransomware attack

FBI warns of ransomware attacks targeting the food and agriculture sector

NetWalker ransomware operators have made $25 million since March 2020

Bronze Starlight targets the Southeast Asian gambling sector

US CISA and FBI publish joint alert on DarkSide ransomware

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

FIN8-linked actor targets Citrix NetScaler systems

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs newsletter Round 396

Stay Connected