2021, Encryption and Information Security

On the Irish Health Services Executive Hack

Schneier on Security

FEBRUARY 11, 2022

Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. The antivirus server was later encrypted in the attack).

Antivirus

Antivirus Hacking Ransomware CISO

FBI training document shows lawful access to multiple encrypted messaging apps

Security Affairs

DECEMBER 1, 2021

Which are the most secure encrypted messaging apps? The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. FOIA [link] — PropertyOfThePeople (@PropOTP) November 29, 2021. Pierluigi Paganini.

Encryption

Encryption Surveillance Hacking Information Security

Flaws in DataVault encryption software impact multiple storage devices

Security Affairs

DECEMBER 30, 2021

Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used by multiple vendors is affected by a couple of key derivation function issues.

Encryption

Encryption Software Passwords Engineering

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Antivirus

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

The Last Watchdog

DECEMBER 2, 2021

As we’ve seen with major attacks like Kaseya and Colonial Pipeline, cybercriminals have continued to innovate, developing new tools and tactics to encrypt and exfiltrate data. In fact, Gartner forecasts that global spending on information security and risk management services will reach $150.4 billion this year.

Ransomware

Ransomware Technology Cybersecurity Backups

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. 1/6 pic.twitter.com/dBw0E5pj6r — ESET research (@ESETresearch) October 29, 2021.

Encryption

Encryption Ransomware Spyware Malware

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. According to a report published by blockchain analytics company Chainalysis, the Hive ransomware is one of the top 10 ransomware strains by revenue in 2021. key files.

Encryption

Encryption Ransomware Cybercrime Malware

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g.,

Encryption

Encryption Government Artificial Intelligence Surveillance

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Security Affairs

MARCH 10, 2025

@chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o — Dominic Alvieri (@AlvieriD) March 10, 2025 RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Victims include AMD and Keralty.

Hacking

Hacking Healthcare Backups Ransomware

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. pic.twitter.com/GYJOddEPxl — Filippo Valsorda (@FiloSottile) January 29, 2021. pic.twitter.com/LYC9PsURqn — Filippo Valsorda (@FiloSottile) January 29, 2021.

Encryption

Encryption Engineering Hacking Software

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. " @demonslay335 @VK_Intel pic.twitter.com/fYxFbVQ6gX — MalwareHunterTeam (@malwrhunterteam) July 17, 2021. A new variant of the LockBit 2.0

Encryption

Encryption Ransomware Malware Hacking

Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE

Security Affairs

JUNE 4, 2021

Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. The CVE-2021-21985 flaw is caused by the lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server.

Internet

Internet Internet Ransomware Encryption

China-linked spies target Asian Telcos since at least 2021

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021.

DNS

DNS Malware Media Encryption

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Security Affairs

JULY 20, 2021

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. The vulnerability, tracked as CVE-2021-3438 , is a buffer overflow that resides in the SSPORT.SYS driver which is used by some printer models. Pierluigi Paganini.

Encryption

Encryption Accountability Software Hacking

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

To ensure that their ability to restore encrypted files would never be questioned, they cultivated an online presence, wrote press releases and generally made sure their name would be known to all potential victims. For a more detailed overview we chose two of the most noteworthy Big Game Hunting ransomware in 2021. Technical details.

Ransomware

Ransomware Encryption Malware Cybercrime

CVE-2021-3711 in OpenSSL can allow to change an application’s behavior

Security Affairs

AUGUST 24, 2021

The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711 , that can allow an attacker to change an application’s behavior or cause the app to crash. The vulnerability ties the decryption of SM2 encrypted data, the changes depend on the targeted application and data it maintains (i.e. and 1.0.2za.

Encryption

Encryption Hacking Information Security

Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day

Security Affairs

DECEMBER 15, 2021

Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. One of the vulnerabilities fixed by Microsoft, tracked as CVE-2021-43890 , is under active exploitation. Yes No EoP CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability Important 7.1

IoT

IoT Mobile Media Encryption

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root.

DNS

DNS Firmware VPN Risk

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords

Passwords Authentication Architecture Risk

‘Trojan Source’ Bug Threatens the Security of All Code

Krebs on Security

OCTOBER 31, 2021

. “Such code copying is a significant source of real-world security exploits.” ” Rust has released a security advisory for this security weakness, which is being tracked as CVE-2021-42574 and CVE-2021-42694. ” Image: XKCD.com/2347/.

Software

Software Information Security Encryption Government

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption

Encryption Ransomware Malware Healthcare

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Security Affairs

MARCH 13, 2025

“Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. Medusa operators leverage legitimate remote access tools like AnyDesk, Atera, and Splashtop, alongside RDP and PsExec, to move laterally and locate files for exfiltration and encryption. ” reads the joint advisory.

Ransomware

Ransomware Encryption Cryptocurrency Insurance

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

As every computer security professional knows, if anything is on the Internet, it’s subject to increasingly sophisticated attacks. According to the IBM Data Breach Report 2021 , data breaches in the United States reached $4.24 percent of CMS users worry about the security of their CMS—while 46.4 What can you do about it?

Data breaches

Data breaches Encryption Mobile Technology

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024.

Cybercrime

Cybercrime Ransomware Healthcare Education

ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year

Security Affairs

NOVEMBER 30, 2022

CyberNews experts discovered that ENC Security, a Netherlands software company, had been leaking critical business data since May 2021. When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. SecurityAffairs – hacking, ENC Security).

Encryption

Encryption Phishing Marketing Software

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021. It does indeed encrypt files.

Ransomware

Ransomware Encryption VPN Malware

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI). . Pierluigi Paganini.

Ransomware

Ransomware Malware Encryption Financial Services

AvosLocker ransomware now targets Linux systems, including ESXi servers

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. ” reported BleepingComputer. . Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Malware

Two flaws could allow bypassing AMD SEV protection system

Security Affairs

MAY 16, 2021

The chipmaker AMD published guidance for two new attacks against its SEV ( Secure Encrypted Virtualization ) protection technology. The second vulnerability, tracked as CVE-2021-26311 , resides in the AMD SEV/SEV-ES feature. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Encryption

Encryption Technology Hacking Information Security

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

SEPTEMBER 15, 2021

A phone call placed to the media contact number listed on an August 2021 TTEC earnings release produced a message saying it was a non-working number. TTEC has not responded to requests for comment. Update, 6:20 p.m. ET: TTEC confirmed a ransomware attack. See the update at the end of this piece for their statement].

Ransomware

Ransomware Banking Cryptocurrency Media

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

27, a new Twitter account “ Contileaks ” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. Plus, he somehow encrypted the config, i.e. he had an encoder and a private key, plus uploaded it all to the admin panel.

Ransomware

Ransomware Healthcare Cybercrime Government

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

The Last Watchdog

MARCH 21, 2022

As just one measure, the number of data breaches in the first nine months of 2021 exceeded all those in 2020, a new record. You almost certainly need a chief information security officer (CISO). The solution is data encryption, which uses mathematical algorithms to scramble data, replacing plaintext with ciphertext.

Encryption

Encryption Data privacy Cloud Migration Risk

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Below is the list of flaws discovered by the researchers: CVE-2021-20173 : Post Authentication Command Injection via SOAP Interface. CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Firmware

Firmware Encryption Passwords Authentication

HelloKitty ransomware gang also targets victims with DDoS attacks

Security Affairs

NOVEMBER 1, 2021

The HelloKitty ransomware group, like other ransomware gangs, implements a double extortion model, stealing sensitive documents from victims before encrypting them. CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. ” continues the alert. .

DDOS

DDOS Ransomware Cybercrime Encryption

Linux version of REvil ransomware targets ESXi VM

Security Affairs

JUNE 29, 2021

The REvil ransomware operators added a Linux encryptor to their arsenal to encrypt Vmware ESXi virtual machines. The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises. Then the REvil ransomware will encrypt the files. 2ubuntu1~14.04.4)

Ransomware

Ransomware Encryption Malware Hacking

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability ( CVE-2021-44228 ) to deliver the new Khonsari ransomware on Windows machines. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES. you wish to decrypt , call (225) 287-1309 or email karenkhonsari@gmail.com.If

Ransomware

Ransomware Encryption Engineering Malware

HelloKitty ransomware now targets VMware ESXi servers

Security Affairs

JULY 15, 2021

Targeting VMware ESXi systems, threat actors could encrypt as many virtual machines as possible with a significant impact on the victims. Researchers from MalwareHunterTeam spotted multiple Linux ELF64 versions of the HelloKitty ransomware designed to target VMware ESXi servers and encrypt virtual machines hosted on them.

Ransomware

Ransomware Encryption Malware Hacking

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

JANUARY 30, 2021

The availability of the master decryption key allows the victims to recover their encrypted files for free. Fonix Ransomware Master RSA Key (Spub.key & Spriv.key) and Sample Decryptor : #Fonix #ransomware #XINOF #FonixCrypter #close_project #hack #Malware #raas #ransomware_as_a_service [link] — fnx (@fnx67482837) January 29, 2021.

Ransomware

Ransomware Encryption Malware Cybercrime

North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

Security Affairs

JULY 7, 2022

The attacks against Healthcare and Public Health (HPH) Sector organizations started in May 2021 and government experts observed multiple cases that involved the use of the Maui ransomware. This ransomware uses a combination of Advanced Encryption Standard (AES), RSA, and XOR encryption to encrypt the files on the infected systems.

Healthcare

Healthcare Ransomware Encryption Government

Evolution and rise of the Avaddon Ransomware-as-a-Service

Security Affairs

APRIL 3, 2021

The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. In February, the Spanish student Javier Yuste released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free.

Ransomware

Ransomware Encryption Malware Cybercrime

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

Security Affairs

NOVEMBER 5, 2021

The attacks spotted by Cisco Talos were carried out by a Babuk ransomware affiliate tracked as Tortilla that has been active since at least July 2021. 229 @58_158_177_102 @sugimu_sec pic.twitter.com/LcuNw88fOo — TG Soft (@VirITeXplorer) October 14, 2021. The ransomware maybe born from the leaked #Babuk code.

Ransomware

Ransomware Backups Encryption DNS

Vice Society ransomware gang is using a custom locker

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware

Ransomware Encryption Malware Education

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

VPN

VPN Government Malware Manufacturing

On the Irish Health Services Executive Hack

FBI training document shows lawful access to multiple encrypted messaging apps

Trending Sources

Flaws in DataVault encryption software impact multiple storage devices

LockFile Ransomware uses a new intermittent encryption technique

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

New Hive ransomware variant is written in Rust and use improved encryption method

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Google discloses a severe flaw in widely used Libgcrypt encryption library

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE

China-linked spies target Asian Telcos since at least 2021

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Ransomware world in 2021: who, how and why

CVE-2021-3711 in OpenSSL can allow to change an application’s behavior

Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Top 10 web application vulnerabilities in 2021–2023

‘Trojan Source’ Bug Threatens the Security of All Code

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

Russian Phobos ransomware operator faces cybercrime charges

ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year

Black Kingdom ransomware is targeting Microsoft Exchange servers

BlackCocaine Ransomware, a new malware in the threat landscape

AvosLocker ransomware now targets Linux systems, including ESXi servers

Two flaws could allow bypassing AMD SEV protection system

Customer Care Giant TTEC Hit By Ransomware

Conti Ransomware Group Diaries, Part I: Evasion

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

HelloKitty ransomware gang also targets victims with DDoS attacks

Linux version of REvil ransomware targets ESXi VM

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

HelloKitty ransomware now targets VMware ESXi servers

Victims of FonixCrypter ransomware could decrypt their files for free

North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

Evolution and rise of the Avaddon Ransomware-as-a-Service

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

Vice Society ransomware gang is using a custom locker

China’s Volt Typhoon botnet has re-emerged

Stay Connected