Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. This generated RC4 key is used to encrypt the mappedAddress and write it back to the file.”

Encryption 98

Encryption Ransomware Cybercrime Engineering 98

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines.

Encryption 98

Encryption Ransomware Malware Healthcare 98

Hacker Combat

MAY 10, 2022

To breach a company, ransomware attackers utilize a variety of methods. A researcher has demonstrated how a vulnerability common to several ransomware families can help take control of the malware and stop it from encrypting files on infected devices. Suppose the new DLL is placed next to the ransomware executable.

Encryption 132

Encryption Ransomware Malware Cyber Attacks 132

Krebs on Security

DECEMBER 19, 2023

Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. BlackCat formed by recruiting operators from several competing or disbanded ransomware organizations — including REvil , BlackMatter and DarkSide.

Ransomware 280

Ransomware Cybercrime Advertising Encryption 280

Bleeping Computer

MARCH 12, 2021

One overriding concern has been when will ransomware actors use the vulnerabilities to compromise and encrypt mail servers. [.]. For the past two weeks, the cybersecurity news has been dominated by stories about the Microsoft Exchange ProxyLogon vulnerabilities.

Encryption 105

Encryption Ransomware Cybersecurity 105

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. Like other ransomware operations, LockBit 2.0

Encryption 145

Encryption Ransomware Malware Hacking 145

The Hacker News

JUNE 26, 2024

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023.

Ransomware 124

Ransomware Encryption Government 124

CyberSecurity Insiders

APRIL 18, 2022

Ireland Health Service (HSE) was cyber-attacked by CONTI Ransomware group in mid last year and news is now out that 80% of the data been stored on the servers of the healthcare services provider was encrypted by the said a gang of criminals. And the result on whether the information truly belonged to HSE is awaited! .

Encryption 111

Encryption Ransomware Healthcare Threat Detection 111

Bleeping Computer

JUNE 1, 2022

The duration of ransomware attacks in 2021 averaged 92.5 In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours, measured from initial network access to payload deployment. hours in 2019. [.].

Ransomware 143

Ransomware Encryption 143

SecureList

MAY 8, 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. As we approach International Anti-Ransomware Day, we have analyzed the major ransomware events and trends. Second was BlackCat/ALPHV , which first appeared in December 2021.

Ransomware 122

Ransomware Encryption Small Business Cybersecurity 122

Heimadal Security

FEBRUARY 25, 2022

Conti ransomware is an extremely damaging malicious actor due to the speed with which it encrypts data and spreads to other systems. To penetrate a victim’s systems Conti ransomware operators will employ a wide variety of tactics.

Ransomware 115

Ransomware Encryption 115

CyberSecurity Insiders

AUGUST 2, 2021

According to a report released by SonicWall, over 300 million ransomware attacks were observed in the first half of 2021, surpassing 2020s total of 302.73 And the highlight of the find is that the month June 2021 alone witnessed a record new high of 78.4 And this is said to have led to the rise in ransomware attacks.

Ransomware 119

Ransomware Encryption Malware Cybersecurity 119

Security Affairs

JUNE 6, 2024

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi environments using a custom shell script. A new variant of the TargetCompany ransomware group uses a custom shell script as a means of payload delivery and execution, this is the first time the technique was observed in the wild. The malware appends the “.locked”

Ransomware 131

Ransomware Encryption Backups Malware 131

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 145

Encryption Ransomware Backups VPN 145

Tech Republic Security

JULY 7, 2022

Since May of 2021, state-sponsored attackers have been deploying Maui ransomware in an attempt to encrypt sensitive records and disrupt services for vulnerable healthcare organizations. The post North Korean-sponsored ransomware attacks target US healthcare companies appeared first on TechRepublic.

Healthcare 164

Healthcare Ransomware Encryption 164

SecureList

MAY 12, 2021

As the world marks the second Anti-Ransomware Day, there’s no way to deny it: ransomware has become the buzzword in the security community. Yet, much of the media attention ransomware gets is focused on chronicling which companies fall prey to it. Part I: Three preconceived ideas about ransomware.

Ransomware 132

Ransomware Encryption Malware Cybercrime 132

eSecurity Planet

FEBRUARY 16, 2021

The internet is fraught with peril these days, but nothing strikes more fear into users and IT security pros than the threat of ransomware. A ransomware attack is about as bad as a cyber attack can get. Jump to: What is ransomware? How ransomware works. Preventing ransomware. Ransomware attacks and costs.

Ransomware 97

Ransomware Backups Software Encryption 97

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime 72

Cybercrime Ransomware Healthcare Education 72

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. The Cactus ransomware relies on multiple legitimate tools (e.g.

Retail 142

Retail Ransomware Encryption Hacking 142

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 126

Encryption Ransomware Backups VPN 126

SecureList

JUNE 17, 2021

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The ransomware family was DearCry. March 2021. Ransomware is written in Python.

Ransomware 141

Ransomware Encryption VPN System Administration 141

Security Affairs

AUGUST 28, 2024

BlackByte ransomware operators are exploiting a recently patched VMware ESXi hypervisors vulnerability in recent attacks. Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. The flaw CVE-2024-37085 (CVSS score of 6.8)

Ransomware 128

Ransomware Authentication Encryption VPN 128

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware 145

Ransomware Encryption Malware Education 145

Security Affairs

JANUARY 10, 2024

Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator. Cisco Talos researchers obtained a decryptor for the Babuk Tortilla ransomware variant. The experts were able to extract and share the private decryption key used by the ransomware operators.

Ransomware 134

Ransomware Encryption Engineering Malware 134

SecureList

OCTOBER 1, 2024

Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. Notably, on June 30, 2022, the creator of Chaos announced the launch of a RaaS (Ransomware-as-a-Service) partnership program.

Ransomware 83

Ransomware Encryption Accountability Malware 83

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Cybercrime 141

Cybercrime Ransomware DDOS Encryption 141

Security Affairs

SEPTEMBER 17, 2022

Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. Pierluigi Paganini.

Ransomware 138

Ransomware Encryption Backups Cybercrime 138

Thales Cloud Protection & Licensing

NOVEMBER 24, 2020

Mitigating Ransomware Attacks – Decoupling Encryption Keys From Encrypted Data. While ransomware attacks have been around for decades, their frequency has exponentially increased in the last few years, let alone the past several months during the pandemic. The ransomware threat landscape is no different in India.

Encryption 62

Encryption Ransomware Backups System Administration 62

CyberSecurity Insiders

MAY 19, 2023

By Aaron Sandeen, CEO and co-founder at Securin Since June 2021, Hive Ransomware has been dominating the ransomware scene. With all the buzz they have created, it’s no wonder they have earned the title of one of the most prolific ransomware groups. Since June 2021, Hive has targeted an average of three companies per day.

Ransomware 124

Ransomware Encryption Healthcare Education 124

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. The AvosLocker ransomware appends the .avoslinux

Ransomware 139

Ransomware Encryption Advertising Malware 139

Security Affairs

JULY 19, 2024

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation.

Ransomware 142

Ransomware Healthcare Encryption Government 142

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet. Ransomware Mitigation : Refer to available resources for ransomware mitigation techniques and strategies.

Phishing 133

Phishing Ransomware Security Awareness Authentication 133

Security Affairs

OCTOBER 15, 2021

A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year.

Ransomware 106

Ransomware Cyber threats Firmware Backups 106

CyberSecurity Insiders

NOVEMBER 18, 2021

Sophos, the multinational data security firm, has found a new variant of ransomware dubbed Memento that is exhibiting new traits rather than just locking down the files after stealing a portion of data. Researchers have found that Memento Ransomware does the usual encryption process after stealing a portion of data.

Ransomware 136

Ransomware Encryption Passwords Technology 136

Heimadal Security

JULY 29, 2021

In the context of the pandemic that flared up in 2020, 2021 has been a revolutionary year, with massive transformations in multiple sectors of our lives. Here’s a quick overview regarding the 2021 cybermarket movements and how Heimdal™ has responded to them so far.

Encryption 98

Encryption Ransomware 98

Bleeping Computer

JULY 3, 2021

Friday afternoon, we saw the largest ransomware attack ever conducted after the REvil ransomware gang used a zero-day vulnerability in the Kaseya VSA management software to encrypt MSPs and their customers worldwide. [.].

Ransomware 125

Ransomware Encryption Software 125

Security Affairs

JUNE 5, 2021

Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. ” concludes the report.

Ransomware 145

Ransomware Malware Encryption Financial Services 145