eSecurity Planet

SEPTEMBER 22, 2022

To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

Encryption 121

Encryption Ransomware Backups Advertising 121

Security Affairs

JUNE 8, 2022

Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. SecurityAffairs – hacking, Black Basta ransomware).

Encryption 139

Encryption Ransomware Malware Hacking 139

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines.

Encryption 98

Encryption Ransomware Malware Healthcare 98

Bleeping Computer

OCTOBER 29, 2021

The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms. [.].

Encryption 145

Encryption Ransomware Malware 145

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware 95

Ransomware Encryption Antivirus VPN 95

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin.

Ransomware 300

Ransomware Encryption Backups Healthcare 300

The Hacker News

MARCH 3, 2024

cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware.

Ransomware 129

Ransomware Encryption Government Malware 129

Tech Republic Security

MARCH 25, 2022

Security researchers tested 10 malware variants and found speeds ranging from four minutes to more than three hours to encrypt 53GB. The post LockBit beats REvil and Ryuk in Splunk’s ransomware encryption speed test appeared first on TechRepublic.

Encryption 127

Encryption Ransomware Malware 127

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 125

Ransomware Encryption Backups Manufacturing 125

CSO Magazine

AUGUST 30, 2021

A new ransomware threat called LockFile has been victimizing enterprises worldwide since July. Key to its success are a few new tricks that make it harder for anti-ransomware solutions to detect it. Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. |

Encryption 125

Encryption Ransomware CSO Antivirus 125

Bleeping Computer

AUGUST 13, 2022

The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices. [.].

Encryption 99

Encryption Ransomware Mobile Banking 99

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The experts pointed out that the Rorschach ransomware appears to be unique. The experts pointed out that the Rorschach ransomware appears to be unique. ” continues the analysis.

Encryption 94

Encryption Ransomware Malware Backups 94

Heimadal Security

JULY 28, 2021

The LockBit ransomware was launched in September 2019 as a ransomware-as-a-service. The RaaS concept is similar to SaaS (Software as a Service) and PaaS (Platform as a Service) concepts since the malicious actors do not need to create malware kits from scratch, as they can rent or purchase them from a RaaS provider.

Encryption 124

Encryption Ransomware Malware Software 124

Security Affairs

DECEMBER 1, 2023

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. In some cases, the anti-virus solution flagged the binary as Windows malware (“Win32.Troj.Undef”).

Ransomware 126

Ransomware Encryption Malware Cybercrime 126

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption 98

Encryption Malware Banking Ransomware 98

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption 117

Encryption Ransomware Cybercrime Malware 117

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Malware in Encrypted Traffic.

Encryption 130

Encryption Malware Ransomware Firewall 130

Heimadal Security

NOVEMBER 1, 2021

The double-extortion ransomware group dubbed Hive also encrypts Linux and FreeBSD with new malware versions designed specifically for these operating systems. The post Hive Ransomware Now Encrypts Linux and FreeBSD Operating Systems appeared first on Heimdal Security Blog.

Encryption 117

Encryption Ransomware Firewall Internet 117

Bleeping Computer

FEBRUARY 22, 2024

LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. [.]

Ransomware 136

Ransomware Encryption Malware 136

eSecurity Planet

OCTOBER 6, 2021

Ransomware attacks are a huge concern these days, especially for corporate networks. Indeed, when the ransomware reaches its target, it’s practically game over. The malware encrypts files and spreads to the entire system to maximize damage, which forces companies to lock down the whole network to stop the propagation.

Encryption 85

Encryption Ransomware Backups Malware 85

Dark Reading

APRIL 4, 2023

The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime.

Ransomware 133

Ransomware Encryption Cybercrime Malware 133

The Hacker News

AUGUST 28, 2021

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption."

Encryption 105

Encryption Ransomware Malware 105

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption 93

Encryption Ransomware VPN Malware 93

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 117

Ransomware Encryption Insurance Malware 117

SecureList

APRIL 15, 2024

They generated a custom version of the ransomware, which used the aforementioned account credential to spread across the network and perform malicious activities, such as killing Windows Defender and erasing Windows Event Logs in order to encrypt the data and cover its tracks. In this article, we revisit the LockBit 3.0

Ransomware 93

Ransomware Encryption Passwords Accountability 93

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.

Encryption 143

Encryption Ransomware Malware Hacking 143

CSO Magazine

NOVEMBER 8, 2021

Cyber criminals, always a clever lot, have found a new way to evade detection when deploying malware. It’s known as “intermittent encryption” and researchers from Sophos recently discovered Lockfile encrypts alternate bundles of 16 bytes in a document to stay hidden. To read this article in full, please click here

Encryption 115

Encryption Ransomware Engineering Technology 115

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The experts noticed that the offset differs per sample.

Ransomware 96

Ransomware Malware Antivirus Encryption 96

Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. ESETresearch has identified Linux and FreeBSD variants of the #Hive #Ransomware.

Encryption 110

Encryption Ransomware Spyware Malware 110

Heimadal Security

JANUARY 30, 2023

Cybersecurity researchers uncovered a new strain of ransomware named Mimic. Mimic uses Everything API, a file search tool for Windows, to search for files to encrypt. As a sophisticated malware, […] The post New Mimic Ransomware Uses Windows Search Engine to Find and Encrypt Files appeared first on Heimdal Security Blog.

Encryption 87

Encryption Engineering Ransomware Malware 87

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware 126

Ransomware Hacking Data breaches Digital transformation 126

CyberSecurity Insiders

APRIL 18, 2022

Ireland Health Service (HSE) was cyber-attacked by CONTI Ransomware group in mid last year and news is now out that 80% of the data been stored on the servers of the healthcare services provider was encrypted by the said a gang of criminals. And the result on whether the information truly belonged to HSE is awaited! .

Encryption 111

Encryption Ransomware Healthcare Threat Detection 111

Malwarebytes

APRIL 4, 2023

Fake it till you make it ransomware groups are trying to get rich off the backs of genuine ransomware authors. Because they don’t actually create ransomware or compromise networks in any way. The battle plan of a fake ransomware group The general approach is as follows: Claim to be a different, genuine ransomware group.

Encryption 88

Encryption Ransomware Backups Scams 88

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. LockFile ransomware gang started its operations last month, recently it was spotted targeting Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

Encryption 108

Encryption Ransomware Financial Services Antivirus 108

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. This generated RC4 key is used to encrypt the mappedAddress and write it back to the file.”

Encryption 92

Encryption Ransomware Cybercrime Engineering 92

Security Affairs

JUNE 5, 2021

Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. The Cyble Research team discovered that the company was the victim of the BlackCocaine Ransomware gang. BlackCocaine ” to the filenames of encrypted files. BlackCocaine ” to the filenames of encrypted files.

Ransomware 129

Ransomware Malware Encryption Financial Services 129

Malwarebytes

FEBRUARY 6, 2024

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world.

Ransomware 106

Ransomware Cybercrime Malware Social Engineering 106