Encryption, Information Security, Ransomware and VPN

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Antivirus VPN

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. The Cring ransomware appeared in the threat landscape in January, it was first reported by Amigo_A and the CSIRT team of Swisscom. ” reads the post published by Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption

Encryption Ransomware VPN Malware

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.

Ransomware

Ransomware VPN Antivirus Encryption

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. ” continues the EUROPOL. Europol said.

VPN

VPN Cybercrime Ransomware Advertising

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Security experts reported that a second ransomware gang, named Black Kingdom , is targeting Microsoft Exchange servers. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. BlackKingdom ransomware on my personal servers. It does indeed encrypt files.

Ransomware

Ransomware Encryption VPN Malware

Korean cybersecurity agency released a free decryptor for Hive ransomware

Security Affairs

JUNE 30, 2022

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware , the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4.

Ransomware

Ransomware Cybersecurity Encryption VPN

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks.

Ransomware

Ransomware Encryption Passwords Malware

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Ransomware

Ransomware Encryption VPN Backups

US HHS warns healthcare orgs of Royal Ransomware attacks

Security Affairs

DECEMBER 10, 2022

The US Department of Health and Human Services (HHS) warns healthcare organizations of Royal ransomware attacks. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. The malware changes the extension of the encrypted files to ‘.royal’.

Healthcare

Healthcare Ransomware Encryption Malware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infrastructure. Pierluigi Paganini.

Ransomware

Ransomware DDOS Passwords Backups

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

LockBit ransomware operators have compromised the systems at the helicopter maker Kopter and published them on their darkweb leak site. The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware VPN Encryption Authentication

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. “A new ransomware known as Checkmate has recently been brought to our attention.

Ransomware

Ransomware Encryption Passwords Internet

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

Experts identified Tor hidden services and clearnet URLs via various open-source reporting that could be associated with the activity of the Hades ransomware. Researchers from Crowdstrike speculate that the new variant is a successor to WastedLocker ransomware and linked the operations to Evil Corp operations. Pierluigi Paganini.

Ransomware

Ransomware Encryption Malware VPN

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

Healthcare and Public Health sector with ransomware. businesses, mainly in the Healthcare and Public Health (HPH) Sector, with ransomware operations. The Daixin Team is a ransomware and data extortion group that has been active since at least June 2022. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware

Ransomware VPN Cybercrime Accountability

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Security Affairs

SEPTEMBER 6, 2022

QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. This is to enhance the security of your QNAP NAS.

Ransomware

Ransomware Internet Internet Encryption

Hive ransomware gang starts leaking data allegedly stolen from Tata Power

Security Affairs

OCTOBER 25, 2022

The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of its IT systems.”. “All key files. key files.

Ransomware

Ransomware Data breaches Cyber Attacks Engineering

Insurance firm CNA discloses data breach after March ransomware attack

Security Affairs

JULY 9, 2021

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. Bloomberg was informed about the payment by two people familiar with the attack.

Data breaches

Data breaches Insurance Ransomware Identity Theft

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

On March 16, the Federal Bureau of Investigation (FBI) issued a “Flash” alert on PYSA ransomware after an uptick on attacks this month against institutions in the education sector, particularly higher ed, K-12, and seminaries. And this isn’t just limited to ransomware attacks.

Education

Education Ransomware Phishing Passwords

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs

APRIL 24, 2020

The popular SeaChange video platform is the latest victim of the Sodinokibi Ransomware gang, which is threatening to leak the stolen data. SeaChange International, the multinational supplier of video delivery software solutions, was the victim of the Sodinokibi Ransomware gang. SecurityAffairs – Sodinokibi Ransomware, hacking).

Software

Software Ransomware VPN Advertising

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

On the 14th of May, the Health Service Executive (HSE) , Ireland’s publicly funded healthcare system, fell victim to a Conti ransomware attack, forcing the organization to shut down more than 80,000 affected endpoints and plunging them back to the age of pen and paper. Threat profile: Conti ransomware.

Healthcare

Healthcare Ransomware Encryption Passwords

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

FBI warns ransomware gangs are actively targeting organizations in the food and agriculture sector. Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords Backups Firmware

Netwalker ransomware operators leaked files stolen from K-Electric

Security Affairs

OCTOBER 1, 2020

K-Electric, Pakistan’s largest private power company, did not pay the ransom and the Netwalker ransomware operators have leaked the stolen data. In early September, K-Electric (KE), the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services.

Ransomware

Ransomware Advertising Engineering VPN

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches

Data breaches VPN Hacking Banking

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

Ukrainian police arrested members of a ransomware gang that targeted at least 50 companies in the U.S. Ukrainian police arrested members of a ransomware affiliate group that is responsible for attacking at least 50 companies in the U.S. The gang was distributing the LockerGoga and MegaCortex ransomware families. and Europe.

Ransomware

Ransomware DDOS Telecommunications Malware

Chilean bank BancoEstado hit by REVil ransomware

Security Affairs

SEPTEMBER 7, 2020

Chilean bank BancoEstado, one of the country’s biggest banks, was forced to shut down all branches following a ransomware attack. Chilean bank BancoEstado, one of the country’s biggest banks, was hit with a ransomware attack that forced its branches to remain closed since September 7. ” reported ZDNet.

Banking

Banking Ransomware Advertising VPN

What shifting ransomware strategies mean for defenders

SC Magazine

JUNE 24, 2021

Babuk, the ransomware group behind the Washington, D.C. Metropolitan Police Department attack in April, has shifted its strategy from data encryption to data theft. Today’s columnist, Jane Adams of Secureworks, offers insights on what these changing strategies mean to security teams. Cordel11 CreativeCommons CC BY-NC-SA 2.0.

Ransomware

Ransomware Encryption VPN Software

NVIDIA discloses data breach after the recent ransomware attack

Security Affairs

MARCH 2, 2022

Chipmaker giant Nvidia confirmed a data breach after the recently disclosed security incident, proprietary information stolen. The chipmaker giant Nvidia was recentty victim of a ransomware attack that impacted some of its systems for two days. ” the LAPSU$ ransomware gang wrote on its Telegram change.

Data breaches

Data breaches Ransomware Hacking VPN

SeaChange video delivery provider discloses REVIL ransomware attack

Security Affairs

SEPTEMBER 10, 2020

US-based supplier of video delivery software solutions, SeaChange International, revealed that a ransomware attack disrupted its operations in Q1 2020. SeaChange International, a US-based supplier of video delivery software solutions, revealed that a ransomware attack has disrupted its operations during the first quarter of 2020.

Ransomware

Ransomware VPN Banking Data breaches

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

Coronavirus -themed attacks continue to increase, experts observed new Coronavirus ransomware that acts as a cover for Kpot Infostealer. In this campaign, crooks are exploiting the interest in the Coronavirus (COVID-19) outbreak to deliver a couple of malware, the CoronaVirus Ransomware and the Kpot information-stealing Trojan.

Ransomware

Ransomware Cryptocurrency Advertising Passwords

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The group provides Ransomware-as-a-Service (RaaS) to a network of affiliates.

Ransomware

Ransomware Healthcare Phishing Risk

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020.

Ransomware

Ransomware VPN Cybercrime Advertising

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN

VPN Ransomware DNS Malware

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

Bronze Starlight is a nation-state group that was observed using ransomware as means for distraction or misattribution. “The [HUI] loader is executed through sideloading by legitimate executables vulnerable to DLL hijacking and stages a payload stored in an encrypted file.” IP-based geolocation service.

VPN

VPN Malware Encryption Passwords

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

On March 21, the Maze ransomware operators published some of the stolen files on their “leak site,” after the refusal of the research firm of paying the ransom. Stolen data included the personal information for volunteers who surnames begin with D, G, I, or J. “We have no intention of paying. Source BleepingComputer.

Ransomware

Ransomware Data breaches Healthcare Advertising

Some Synology products impacted by recently disclosed OpenSSL flaws

Security Affairs

AUGUST 29, 2021

. “Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), VPN Plus Server or VPN Server.” ” reads the advisory published by the company.

VPN

VPN Encryption Authentication Hacking

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

OCTOBER 26, 2019

Even though encryption should be taken seriously by businesses of all sizes, only a small fraction of the corporate sector puts their back on it. Impact of Privacy & Security Issues in Business Communication. The ransomware attack was labeled as WannaCry, which in reality made the victims wanted to cry.

Encryption

Encryption Cyber threats Ransomware Cybercrime

Security Affairs newsletter Round 286

Security Affairs

OCTOBER 18, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Surveillance Advertising Ransomware

DepositFiles exposed config file, jeopardizing user security

Security Affairs

JULY 27, 2023

The recent tsunami of Cl0p-driven ransomware attacks via the MOVEit Transfer exploit is a painful reminder of the general idea behind the pessimistic “the cloud is just someone else’s computer” analogy. DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. researchers said.

Data breaches

Data breaches VPN Media Passwords

QNAP users are recommended to disable UPnP port forwarding on routers

Security Affairs

APRIL 19, 2022

UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication. ” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. Only use encrypted HTTPS or other types of secure connections (SSH, etc.).

VPN

VPN Internet Internet Firewall

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

2/2) Please be assured that there is no compromise of customer payment details which are encrypted and tokenized. Please be assured that there is no compromise of customer payment details, which are encrypted and tokenized.” 1/2 — NOOK (@nookBN) October 14, 2020. (2/2) Thank you for your patience.

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

Security Affairs newsletter Round 396

Security Affairs

DECEMBER 3, 2022

Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Spyware

Spyware Data breaches VPN Hacking

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Akira ransomware received $42M in ransom payments from over 250 victims

Webinars

Trending Sources

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Webinars

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

New Hive ransomware variant is written in Rust and use improved encryption method

New CACTUS ransomware appeared in the threat landscape

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Black Kingdom ransomware is targeting Microsoft Exchange servers

Korean cybersecurity agency released a free decryptor for Hive ransomware

FBI published a flash alert on Mamba Ransomware attacks

FBI issued an alert on Ragnar Locker ransomware activity

US HHS warns healthcare orgs of Royal Ransomware attacks

Avoslocker ransomware gang targets US critical infrastructure

LockBit Ransomware operators hit Swiss helicopter maker Kopter

New Checkmate ransomware target QNAP NAS devices

Hades ransomware gang targets big organizations in the US

Daixin Team targets health organizations with ransomware, US agencies warn

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Hive ransomware gang starts leaking data allegedly stolen from Tata Power

Insurance firm CNA discloses data breach after March ransomware attack

FBI warns of increase in PYSA ransomware attacks targeting education

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

FBI warns of ransomware attacks targeting the food and agriculture sector

Netwalker ransomware operators leaked files stolen from K-Electric

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Chilean bank BancoEstado hit by REVil ransomware

What shifting ransomware strategies mean for defenders

NVIDIA discloses data breach after the recent ransomware attack

SeaChange video delivery provider discloses REVIL ransomware attack

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

US CISA and FBI publish joint alert on DarkSide ransomware

NetWalker ransomware operators have made $25 million since March 2020

FIN8-linked actor targets Citrix NetScaler systems

Bronze Starlight targets the Southeast Asian gambling sector

Maze ransomware gang discloses data from drug testing firm HMR

Some Synology products impacted by recently disclosed OpenSSL flaws

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs newsletter Round 286

DepositFiles exposed config file, jeopardizing user security

QNAP users are recommended to disable UPnP port forwarding on routers

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs newsletter Round 396

Stay Connected