2020, Encryption and Ransomware - Cyber Security Informer

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin.

Ransomware

Ransomware Encryption Backups Manufacturing

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime

Cybercrime Ransomware Healthcare Education

Inside Ireland’s Public Healthcare Ransomware Scare

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware.

Healthcare

Healthcare Ransomware Antivirus Hacking

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

JANUARY 6, 2025

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an accidentally formatted hard drive. In October 2020, Westend Dental was attacked by the Medusa Locker ransomware group.

Data breaches

Data breaches Ransomware Passwords Insurance

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. 22, 2020, the U.S. On Sunday, Feb.

Ransomware

Ransomware Healthcare Cybercrime Government

On the Irish Health Services Executive Hack

Schneier on Security

FEBRUARY 11, 2022

It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event. The antivirus server was later encrypted in the attack). Over 30,000 machines were running Windows 7 (out of support since January 2020).

Antivirus

Antivirus Hacking Ransomware CISO

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch inch diskettes. inch diskettes. FBI spoofs 2012 – 2013.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Incident response analyst report 2020

SecureList

SEPTEMBER 13, 2021

The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. In 2020, the pandemic forced companies to restructure their information security practices, accommodating a work-from-home (WFH) approach. Geography of incident responses by region, 2020.

Social Engineering

Social Engineering Ransomware Healthcare Government

Why Paying to Delete Stolen Data is Bonkers

Krebs on Security

NOVEMBER 4, 2020

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. ” Image: Coveware Q3 2020 report.

Ransomware

Ransomware Backups Data breaches Encryption

Ransomware attacks need less than four days to encrypt systems

Bleeping Computer

JUNE 1, 2022

The duration of ransomware attacks in 2021 averaged 92.5 In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours, measured from initial network access to payload deployment. hours in 2019. [.].

Ransomware

Ransomware Encryption

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Medical testing company LifeLabs failed to protect customer data, report finds

Malwarebytes

NOVEMBER 27, 2024

In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 Reportedly , LifeLabs paid the ransomware group, which is why it’s still unknown which group was behind the attack.

Ransomware

Ransomware Healthcare Risk Encryption

Data of 540,000 Sports Referees, League Officials Compromised

Adam Levin

SEPTEMBER 22, 2020

The personal information of 540,000 sports referees, league officials, and school representatives has been compromised following a ransomware attack targeting a software vendor for the athletics industry.

Identity Theft

Identity Theft Passwords Backups Encryption

Bitdefender releases free decrypter for Darkside ransomware

Security Affairs

JANUARY 12, 2021

Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the ransom. Good news for the victims of the Darkside ransomware , they could recover their files for free using a tool that was released by the security firm Bitdefender. Pierluigi Paganini.

Ransomware

Ransomware Encryption Hacking Information Security

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. He declined to comment on the particulars of the extortion incident.

Hacking

Hacking Ransomware Banking Accountability

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Security experts reported that a second ransomware gang, named Black Kingdom , is targeting Microsoft Exchange servers. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. BlackKingdom ransomware on my personal servers. It does indeed encrypt files.

Ransomware

Ransomware Encryption VPN Malware

Ransomware in the CIS

SecureList

OCTOBER 7, 2021

These days, when speaking of cyberthreats, most people have in mind ransomware, specifically cryptomalware. This roundup spotlights the ransomware Trojan families that most actively attacked businesses in the CIS in H1 2021, and their technical characteristics. Ransomware families at a glance. Note left by the ransomware.

Ransomware

Ransomware Encryption Passwords Malware

Mount Locker ransomware operators demand multi-million dollar ransoms

Security Affairs

SEPTEMBER 28, 2020

The operators behind new ransomware dubbed Mount Locker have adopted the same tactic of other gangs threatening the victims to leak stolen data. A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. MountLocker #Ransomware claimed Makalot Industrial Co.

Ransomware

Ransomware Encryption Advertising Engineering

Fake mobile version of Cyberpunk 2077 spreads ransomware

Security Affairs

DECEMBER 18, 2020

A threat actor is spreading ransomware dubbed CoderWare that masquerades as Windows and Android versions of the recent Cyberpunk 2077. Crooks are spreading fake Windows and Android versions of installers for the new Cyberpunk 2077 video game that is delivering the CoderWare ransomware. SecurityAffairs – hacking, ransomware).

Mobile

Mobile Ransomware Encryption Malware

Black Kingdom ransomware

SecureList

JUNE 17, 2021

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The ransomware family was DearCry. Ransomware is written in Python. Background. Product affected.

Ransomware

Ransomware Encryption VPN System Administration

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Ransomware? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

Ransomware

Ransomware Risk Internet Internet

SentinelOne released free decryptor for ThiefQuest ransomware

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. sysopfb shows how we broke it.

Ransomware

Ransomware Encryption Malware Advertising

Chip maker Advantech hit by Conti ransomware gang

Security Affairs

NOVEMBER 28, 2020

The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The ransomware gang announced on November 21, 2020 the leak of stolen data if the chipmaker would not have paid the ransom within the next day. billion in 2019. billion in 2019. Pierluigi Paganini.

Ransomware

Ransomware Encryption IoT Malware

Victims of ThunderX ransomware can recover their files for free

Security Affairs

SEPTEMBER 26, 2020

Good news for the victims of the ThunderX ransomware, cybersecurity firm Tesorion has released a decryptor to recover their files for free. Cybersecurity firm Tesorion has released a free decryptor for the ThunderX ransomware that allows victims to recover their files. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Ransomware

Ransomware Advertising Encryption Hacking

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. The MU-000140-MW flash alert includes indicators of compromise to detect associated with this ransomware gang.

Ransomware

Ransomware Encryption VPN Backups

Evolution and rise of the Avaddon Ransomware-as-a-Service

Security Affairs

APRIL 3, 2021

The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020.

Ransomware

Ransomware Encryption Malware Cybercrime

Ransomware hits US Fertility the largest US fertility network

Security Affairs

NOVEMBER 26, 2020

discloses a ransomware attack that took place in September 2020. revealed that a ransomware attack hit its systems in September 2020. “On September 14, 2020, USF experienced an IT security event [.] “On September 14, 2020, USF experienced an IT security event [.] Pierluigi Paganini.

Ransomware

Ransomware Data breaches Encryption Malware

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020 , it was observed targeting only Windows systems. Recently, Rising captured the Linux platform variant of the ransomware.”

Ransomware

Ransomware Encryption Backups Malware

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. The flash alert also includes indicators of compromise for the Netwalker ransomware along with mitigations. ” reads the alert.

Ransomware

Ransomware VPN Advertising Government

OnePercent ransomware group hits companies via IceID banking Trojan

CSO Magazine

AUGUST 24, 2021

The FBI is warning companies that a ransomware group calling itself OnePercent or 1Percent is leveraging the IceID Trojan and the Cobalt Strike backdoor to gain a foothold inside networks. The ransomware group has been active since at least November 2020 and has hit companies in the United States.

Ransomware

Ransomware Banking Encryption

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. Pierluigi Paganini.

Ransomware

Ransomware Encryption Malware Cybercrime

Insider threat to Corporate Networks through LockBit Ransomware

CyberSecurity Insiders

AUGUST 6, 2021

Gangs spreading LockBit ransomware are reportedly bribing employees of corporate companies to enter their computer network and compromise it with file encrypting malware. ransomware spreading gang seems to go employing craze techniques to keep their money counters ringing. Yes, what you’ve read is right! As LockBit 2.0

Ransomware

Ransomware VPN Encryption Cryptocurrency

Cybersecurity ‘Vaccines’ Emerge as Ransomware, Vulnerability Defense

eSecurity Planet

DECEMBER 13, 2021

Cybersecurity vaccines are emerging as a new tool to defend against threats like ransomware and zero-day vulnerabilities. Cybersecurity firms have released “vaccines” in recent days to protect against the widely used STOP ransomware strain and the new Apache Log4Shell vulnerability. They also come with the same limitations.

Ransomware

Ransomware Cybersecurity Encryption Malware

New EvilQuest ransomware targets macOS users

Security Affairs

JULY 1, 2020

Experts discovered a new ransomware dubbed EvilQuest designed to target macOS systems, it also installs a keylogger and a reverse shell to take over them. macOS #ransomware impersonating as Google Software Update program with zero detection. The ransomware also checks for some common anti-virus solutions (e.g.

Ransomware

Ransomware Malware Encryption Software

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Source BleepingComputer.

Ransomware

Ransomware Hacking Encryption Malware

Maze Ransomware operators published data from LG and Xerox

Security Affairs

AUGUST 4, 2020

Maze ransomware operators published internal data from LG and Xerox after the company did not pay the ransom. Ransomware crews are very active during these months, Maze ransomware operators have published tens of GB of internal data allegedly stolen from IT giants LG and Xerox following failed extortion attempts. GB from Xerox.

Ransomware

Ransomware Encryption Advertising Hacking

Russian nationals plead guilty to participating in the LockBit ransomware group

Security Affairs

JULY 19, 2024

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation.

Ransomware

Ransomware Healthcare Encryption Government

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Malware in Encrypted Traffic. A surprising 91.5

Encryption

Encryption Malware Ransomware Firewall

Evolution of JSWorm ransomware

SecureList

MAY 25, 2021

Over the past few years, the ransomware threat landscape has been gradually changing. In some cases, this global trend is just a reflection of the continuous life cycle of threats: old ransomware families shut down and new ones appear and pursue new targets. We have been witness to a paradigm shift. Chronology. Distribution methods.

Ransomware

Ransomware Encryption Malware Energy and Utilities

Leading Law firm Seyfarth Shaw discloses ransomware attack

Security Affairs

OCTOBER 13, 2020

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw announced it was the victim of an “aggressive malware” attack, but the media immediately reported a ransomware infection later confirmed by the firm. Pierluigi Paganini.

Ransomware

Ransomware Advertising Malware Encryption

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . Experts identified Tor hidden services and clearnet URLs via various open-source reporting that could be associated with the activity of the Hades ransomware. ” concludes the report.

Ransomware

Ransomware Encryption Malware VPN

Toymaker giant Mattel disclosed a ransomware attack

Security Affairs

NOVEMBER 4, 2020

Toymaker giant Mattel disclosed a ransomware attack, the incident took place in July and impacted some of its business operations. Toy industry giant Mattel announced that it has suffered a ransomware attack that took place on July 28th, 2020, and impacted some of its business operations. Pierluigi Paganini.

Ransomware

Ransomware Advertising Retail Malware

HelloKitty ransomware gang also targets victims with DDoS attacks

Security Affairs

NOVEMBER 1, 2021

The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). ” reads the flash alert.

DDOS

DDOS Ransomware Cybercrime Encryption

Researchers Quietly Cracked Zeppelin Ransomware Keys

Russian Phobos ransomware operator faces cybercrime charges

Trending Sources

Inside Ireland’s Public Healthcare Ransomware Scare

Dental group lied through teeth about data breach, fined $350,000

Conti Ransomware Group Diaries, Part I: Evasion

On the Irish Health Services Executive Hack

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Incident response analyst report 2020

Why Paying to Delete Stolen Data is Bonkers

Ransomware attacks need less than four days to encrypt systems

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Medical testing company LifeLabs failed to protect customer data, report finds

Data of 540,000 Sports Referees, League Officials Compromised

Bitdefender releases free decrypter for Darkside ransomware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Black Kingdom ransomware is targeting Microsoft Exchange servers

Ransomware in the CIS

Mount Locker ransomware operators demand multi-million dollar ransoms

Fake mobile version of Cyberpunk 2077 spreads ransomware

Black Kingdom ransomware

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

SentinelOne released free decryptor for ThiefQuest ransomware

Chip maker Advantech hit by Conti ransomware gang

Victims of ThunderX ransomware can recover their files for free

FBI issued an alert on Ragnar Locker ransomware activity

Evolution and rise of the Avaddon Ransomware-as-a-Service

Ransomware hits US Fertility the largest US fertility network

Experts warn of attacks using a new Linux variant of SFile ransomware

Akira ransomware received $42M in ransom payments from over 250 victims

FBI issued a flash alert about Netwalker ransomware attacks

OnePercent ransomware group hits companies via IceID banking Trojan

Victims of FonixCrypter ransomware could decrypt their files for free

Insider threat to Corporate Networks through LockBit Ransomware

Cybersecurity ‘Vaccines’ Emerge as Ransomware, Vulnerability Defense

New EvilQuest ransomware targets macOS users

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Maze Ransomware operators published data from LG and Xerox

Russian nationals plead guilty to participating in the LockBit ransomware group

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

Evolution of JSWorm ransomware

Leading Law firm Seyfarth Shaw discloses ransomware attack

Hades ransomware gang targets big organizations in the US

Toymaker giant Mattel disclosed a ransomware attack

HelloKitty ransomware gang also targets victims with DDoS attacks

Stay Connected