Security Affairs

OCTOBER 26, 2021

The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. SecurityAffairs – hacking, Ranzy Locker ransomware).

Ransomware 145

Ransomware Firmware Antivirus Accountability 145

Security Affairs

OCTOBER 25, 2021

An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware. An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258 , in the popular billing software suite BillQuick Web Suite time to deploy ransomware.

Ransomware 141

Ransomware Engineering Software Encryption 141

Security Affairs

OCTOBER 27, 2024

Russian authorities sentenced four members of the REvil ransomware operation to several years in prison in Russia. Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Vasinskyi was extradited to the U.S.

Ransomware 144

Ransomware Hacking Malware Cybercrime 144

Security Affairs

DECEMBER 1, 2021

Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. ” reads the post published by Mandiant.

Ransomware 145

Ransomware Hacking Education Encryption 145

Security Affairs

NOVEMBER 1, 2021

The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). ” reads the flash alert.

DDOS 145

DDOS Ransomware Cybercrime Encryption 145

Security Affairs

JUNE 5, 2021

Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. ” concludes the report.

Ransomware 145

Ransomware Malware Encryption Financial Services 145

Daniel Miessler

MAY 19, 2021

Top actions in breaches were: phishing (social), use of stolen credentials (hacking), other, ransomware (malware), pretexting (social), misconfiguration (error), misdelivery (error), brute force (hacking), C2 (malware), and backdoor (malware). So phishing and ransomware are the categories most shared among incidents and breaches.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware 141

Ransomware Hacking Internet Internet 141

Security Affairs

JUNE 4, 2021

Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. The CVE-2021-21985 flaw is caused by the lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server.

Internet 145

Internet Internet Ransomware Encryption 145

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev for his alleged role in multiple ransomware attacks. The Treasury Department sanctioned the ransomware actor.

Ransomware 127

Ransomware Healthcare Hacking Malware 127

Security Affairs

AUGUST 21, 2021

A new ransomware gang named LockFile targets Microsoft Exchange servers exploiting the recently disclosed ProxyShell vulnerabilities. A new ransomware gang named LockFile targets Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. “The LockFile ransomware was first observed on the network of a U.S.

Ransomware 145

Ransomware Hacking Financial Services Encryption 145

Security Affairs

OCTOBER 4, 2021

ransomware, operators will leak files on 07 Oct, 2021. ransomware operators hit the Israeli aerospace and defense firm E.M.I.T. At the time of this writing, the ransomware gang has yet to share any files as proof of the attack, the countdown will end on 07 October 2021. Like other ransomware operations, LockBit 2.0

Ransomware 143

Ransomware Hacking Advertising Mobile 143

Security Affairs

SEPTEMBER 3, 2021

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. . US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend.

Authentication 140

Authentication Cryptocurrency Hacking Government 140

Security Affairs

JULY 15, 2021

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. Once the virtual machines are shut down, the ransomware will encrypt .vmdk ” reported BleepingComputer.

Ransomware 145

Ransomware Encryption Malware Hacking 145

Security Affairs

DECEMBER 26, 2021

The IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday. French IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday, but according to the company the security breach had a limited impact on its operations.

Ransomware 145

Ransomware Cybercrime Advertising Information Security 145

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime 124

Cybercrime Ransomware Healthcare Education 124

Security Affairs

DECEMBER 19, 2021

The TellYouThePass ransomware resurged and exploits the Apache Log4j flaw (Log4Shell) to target both Linux and Windows systems. “On December 13, Sangfor’s terminal security team and Anfu’s emergency response center jointly monitored a ransomware called Tellyouthepass, which has attacked both platforms. .

Ransomware 145

Ransomware Internet Internet Hacking 145

Security Affairs

JANUARY 10, 2024

Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator. Cisco Talos researchers obtained a decryptor for the Babuk Tortilla ransomware variant. The experts were able to extract and share the private decryption key used by the ransomware operators.

Ransomware 140

Ransomware Encryption Engineering Malware 140

Security Affairs

SEPTEMBER 17, 2022

Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. ” continues the announcement.

Ransomware 142

Ransomware Encryption Backups Cybercrime 142

Security Affairs

OCTOBER 15, 2021

IT and consulting giant Accenture confirmed a data breach after the ransomware attack conducted by LockBit operators in August 2021. Global IT consultancy giant Accenture discloses a data breach after the LockBit ransomware attack that hit the company in August 2021. SecurityAffairs – hacking, ransomware).

Data breaches 138

Data breaches Ransomware Backups Hacking 138

Security Affairs

AUGUST 13, 2021

The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow victims to decrypt their files for free. Pierluigi Paganini.

Ransomware 145

Ransomware Authentication Malware Hacking 145

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Cybercrime 143

Cybercrime Ransomware DDOS Encryption 143

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. “While we couldn’t find what targets were attacked using this AvosLocker ransomware Linux variant , BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.”

Ransomware 143

Ransomware Encryption Advertising Malware 143

Security Affairs

NOVEMBER 6, 2021

The FBI issued a private industry notification (PIN) to warn of ransomware attacks that hit several tribal-owned casinos last year. A private industry notification issued by the FBI’s Cyber Division revealed that ransomware attacks hit several tribal-owned casinos causing millions of dollar losses. Pierluigi Paganini.

Ransomware 145

Ransomware Hacking Cybersecurity Cybercrime 145

Security Affairs

AUGUST 13, 2021

Another ransomware gang, the Vice Society ransomware operators, is using Windows print spooler PrintNightmare exploits in its attacks. The Vice Society ransomware operators are actively exploiting Windows print spooler PrintNightmare vulnerability in their attacks against Windows servers.

Ransomware 140

Ransomware Backups Education Malware 140

Security Affairs

JULY 18, 2021

BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. SonicWall this week has issued an urgent security alert to warn companies of “ an imminent ransomware campaing ” targeting some of its equipment that reached end-of-life (EoL).

Ransomware 142

Ransomware Firmware Mobile InfoSec 142

Security Affairs

JUNE 9, 2023

Researchers discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. Kroll security experts discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. ” reads the analysis published by the security firm.

Ransomware 98

Ransomware Hacking Retail Internet 98

Security Affairs

JUNE 29, 2021

The REvil ransomware operators added a Linux encryptor to their arsenal to encrypt Vmware ESXi virtual machines. The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises. Then the REvil ransomware will encrypt the files. 2ubuntu1~14.04.4)

Ransomware 144

Ransomware Encryption Malware Hacking 144

Security Affairs

JANUARY 16, 2022

QNAP NAS devices are under attack, experts warn of a new Qlocker ransomware campaign that hit devices worldwide. A new wave of Qlocker ransomware it targeting QNAP NAS devices worldwide, the new campaign started on January 6 and it drops ransom notes named !!!READ_ME.txt reads the security advisory published by the vendor.

Ransomware 143

Ransomware Encryption Backups Firmware 143

Security Affairs

SEPTEMBER 28, 2023

Johnson Controls International suffered a ransomware attack that impacted the operations of the company and its subsidiaries. The company provides HVAC (heating, ventilation, and air conditioning), solutions for building automation, fire and security systems, and components for energy management. ” reported Bleeping Computer. .”

Ransomware 142

Ransomware Insurance Technology Encryption 142

Security Affairs

DECEMBER 25, 2021

Recently launched ransomware operation, named Rook, made headlines for its announcement claiming a desperate need a lot of money. New ransomware variant, "Rook Ransomware", found on VT practicing searches/hunting on my day off. “The ransomware attempts to terminate any process that may interfere with encryption.

Ransomware 143

Ransomware Malware Encryption Backups 143

Security Affairs

OCTOBER 30, 2022

The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. The BlackByte ransomware group claims to have stolen gigabytes of documents from Asahi Group Holdings, including financial and sales reports. Asahi Group Holdings, Ltd. Asahi Group Holdings, Ltd.

Manufacturing 144

Manufacturing Ransomware Hacking Data breaches 144

Security Affairs

AUGUST 11, 2021

Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 — Cyble (@AuCyble) August 11, 2021. SecurityAffairs – hacking, ransomware).

Ransomware 145

Ransomware Hacking Backups Data breaches 145

Security Affairs

AUGUST 5, 2021

ERG SPA, an Italian energy company, reports a minor impact on its operations after the recent ransomware attack conducted by LockBit 2.0 ransomware gang, now the company reported “only a few minor disruptions” for its ICT infrastructure. The crooks will start leaking the stolen data on August 14, 2021, at 00:00:00.

Ransomware 145

Ransomware Media Cyber Attacks Cybersecurity 145

Security Affairs

NOVEMBER 5, 2021

A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware.

Ransomware 145

Ransomware Backups Encryption DNS 145

Security Affairs

OCTOBER 27, 2021

Security firm Avast released today decryptors for AtomSilo and LockFile ransomware that allow victims to recover their files for free. Cyber security firm Avast has released today decryption utilities for AtomSilo and LockFile ransomware that allow the victims to recover their files for free. Stay Tuned. — Ji?í

Ransomware 135

Ransomware Hacking Accountability Cybercrime 135

Security Affairs

JULY 15, 2022

Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. ” concludes Microsoft.

Ransomware 145

Ransomware Cryptocurrency Government Small Business 145