2021 and Ransomware - Cyber Security Informer

2021 Cyber Review: The Year Ransomware Disrupted Infrastructure

Lohrman on Security

DECEMBER 19, 2021

2021 will be remembered as the most disruptive year so far when it came to cyber attacks, with ransomware impacting businesses and governments — including critical infrastructure — as never before.

Ransomware

Ransomware Cyber Attacks Government

Four REvil Ransomware members sentenced for hacking and money laundering

Security Affairs

OCTOBER 27, 2024

Russian authorities sentenced four members of the REvil ransomware operation to several years in prison in Russia. Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Vasinskyi was extradited to the U.S.

Ransomware

Ransomware Hacking Malware Cybercrime

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. All they need is one successful attempt to gain initial access."

Ransomware

Ransomware IoT Encryption Social Engineering

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Ransomware Payments Are Down

Schneier on Security

JANUARY 31, 2023

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 When we published last year’s version of this report, for example, we had only identified $602 million in ransomware payments in 2021. million from victims in 2022, down from $765.6

Ransomware

Ransomware Cryptocurrency Cybercrime

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? Considering the possible impact and the increased threat vector, deploying efficient ransomware protection must remain a priority for organizations of all sizes. During this session he will cover: Major attacks of 2021. Ransomware growth trends and stats.

Ransomware

Microsoft Patch Tuesday, August 2021 Edition

Krebs on Security

AUGUST 10, 2021

Microsoft said attackers have seized upon CVE-2021-36948 , which is a weakness in the Windows Update Medic service. Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. “In the case of ransomware attacks, they have also been used to ensure maximum damage.”

Software

Software Internet Internet Backups

Ransomware Attacks and Response: What You Need to Know Now

Lohrman on Security

NOVEMBER 7, 2021

Not only is ransomware the top cybersecurity story in 2021, but new twists, turns and countermeasures keep coming. Here are the latest headlines and what news you need.

Ransomware

Ransomware Cybersecurity

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

Patch Tuesday, October 2021 Edition

Krebs on Security

OCTOBER 12, 2021

to fix a zero-day vulnerability (CVE-2021-30883) that is being leveraged in active attacks targeting iPhone and iPad users. CVE-2021-38672 affects Windows 11 and Windows Server 2022; CVE-2021-40461 impacts both Windows 11 and Windows 10 systems, as well as Server versions. Firstly, Apple has released iOS 15.0.2

Engineering

Engineering Internet Internet Backups

Microsoft Patch Tuesday, November 2021 Edition

Krebs on Security

NOVEMBER 9, 2021

The other critical flaw patched today that’s already being exploited in the wild is CVE-2021-42321 , yet another zero-day in Microsoft Exchange Server. As Exchange zero-days go, CVE-2021-42321 appears somewhat mild by comparison. Microsoft has published a blog post/FAQ about the Exchange zero-day here.

Backups

Backups Passwords Authentication Internet

Decrypting Hive Ransomware Data

Schneier on Security

MARCH 1, 2022

Nice piece of research : Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. In this paper, we analyzed Hive ransomware, which appeared in June 2021.

Ransomware

Ransomware Encryption

Conti’s Ransomware Toll on the Healthcare Industry

Krebs on Security

APRIL 18, 2022

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But according to Microsoft and an advisory from the U.S. National Security Agency (NSA).

Healthcare

Healthcare Ransomware Cybersecurity Malware

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime

Cybercrime Ransomware Healthcare Education

A ransomware attack disrupted services at Pittsburgh Regional Transit

Security Affairs

DECEMBER 26, 2024

A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency’s service disruptions. On December 23, 2024, Pittsburgh Regional Transit (PRT) announced it was actively responding to a ransomware attack that was first detected on Thursday, December 19.

Ransomware

Ransomware Cyber Attacks Hacking Cybersecurity

Russia Charges Notorious Ransomware Developer in Rare Cybercrime Case

SecureWorld News

DECEMBER 3, 2024

In a surprising move related to international cybercrime, Russian authorities have charged Mikhail Matveev, also known as "Wazawaka," with creating ransomware to extort commercial organizations, according to Russian media outlet RIA. His alleged exploits include: The 2021 attack on Washington, D.C.'s Multiple attacks on critical U.S.

Cybercrime

Cybercrime Ransomware Healthcare Cryptocurrency

Ransomware Attacks against Water Treatment Plants

Schneier on Security

OCTOBER 19, 2021

According to a report from CISA last week, there were three ransomware attacks against water treatment plants last year. WWS Sector cyber intrusions from 2019 to early 2021 include: In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility.

Ransomware

Ransomware Backups

Russian Hacker “Wazawaka” Indicted for Ransomware

Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware against the Metropolitan Police Department in Washington, D.C.

Ransomware

Ransomware Cybercrime VPN Healthcare

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev for his alleged role in multiple ransomware attacks. The Treasury Department sanctioned the ransomware actor.

Ransomware

Ransomware Healthcare Hacking Malware

GUEST ESSAY: Here’s why EDR and XDR systems failed to curtail the ransomware wave of 2021

The Last Watchdog

JANUARY 20, 2022

Looking back, 2021 was a breakout year for ransomware around the globe, with ransoms spiking to unprecedented multi-million dollar amounts. Related: Colonial Pipeline attack ups ransomware ante. EDR systems are supposed to protect IT system endpoints against these very malware, ransomware, and other types of malicious code.

Ransomware

Ransomware Malware Data breaches Technology

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

JUNE 14, 2022

The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. ” Emerging in November 2021, ALPHV is perhaps most notable for its programming language ( it is written in Rust ). “Cl0p emailed my wife last year.

Ransomware

Ransomware Internet Internet Cybercrime

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

SEPTEMBER 15, 2021

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. ET: TTEC confirmed a ransomware attack. Update, 6:20 p.m.

Ransomware

Ransomware Banking Cryptocurrency Media

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

The Last Watchdog

DECEMBER 2, 2021

Ransomware attacks have reached a record high this year, with nearly 250 attacks recorded to date and months to go. The ongoing battle to secure data from highly sophisticated ransomware gangs like REvil and others continues to rage on, despite recent news that these groups have disbanded in response to pressure from law enforcement.

Ransomware

Ransomware Technology Cybersecurity Backups

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Krebs on Security

JANUARY 28, 2022

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. Image: Varonis. ” Meanwhile, the U.S.

Ransomware

Ransomware Accountability Cybercrime Malware

12 Online Resolutions for 2021

Adam Levin

DECEMBER 16, 2020

Here are 12 New Year Resolutions for a safer and more secure digital you in 2021: Think before you click that email link: 2020 was a record-breaking year for ransomware, malware, and phishing , and many, if not most of these attacks were launched with the click on a link in an email.

VPN

VPN Antivirus Passwords Backups

BlackCat Ransomware Raises Ante After FBI Disruption

Krebs on Security

DECEMBER 19, 2023

Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. BlackCat formed by recruiting operators from several competing or disbanded ransomware organizations — including REvil , BlackMatter and DarkSide.

Ransomware

Ransomware Cybercrime Advertising Encryption

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. “There will be panic. 428 hospitals.”

Ransomware

Ransomware Healthcare Cybercrime Government

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Security Affairs

DECEMBER 21, 2024

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June. Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in NetWalker ransomware attacks. In January 2021, law enforcement authorities in the U.S.

Ransomware

Ransomware Healthcare Government Cryptocurrency

Looking Back at the Colonial Pipeline Ransomware Incident

Lohrman on Security

MAY 8, 2022

In early May 2021, the world was shocked into attention by a ransomware attack that brought down gas lines. What have we learned — or not — one year later?

Ransomware

Ransomware threats to watch for in 2021 include crimeware-as-a-service

Tech Republic Security

FEBRUARY 24, 2021

BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.

Ransomware

Ransomware Healthcare

Everest ransomware group’s Tor leak site offline after a defacement

Security Affairs

APRIL 8, 2025

The Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend. The Everest ransomware gangs darknet site went offline after being hacked and defaced, with victim listings replaced by the following message. In August 2024, the U.S.

Ransomware

Ransomware Healthcare Hacking Scams

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

The Last Watchdog

DECEMBER 16, 2021

In 2021, law enforcement continued making a tremendous effort to track down, capture and arrest ransomware operators, to take down ransomware infrastructure, and to claw back ransomware payments. These transformations for ransomware groups will become the source of new attacks. Before BlackMatter it was DarkSide.

CISO

CISO Ransomware Risk Authentication

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. penned a two-part analysis on why smart contracts will make ransomware more profitable. ” Stern wrote. ” DISTRIBUTED DENIAL OF DISCORD?

Ransomware

Ransomware Cryptocurrency DDOS Scams

Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

Security Affairs

NOVEMBER 26, 2024

Blue Yonder, a supply chain software provider, suffered a ransomware attack, impacting operations for clients like Starbucks and grocery stores. A ransomware attack on Blue Yonder disrupted operations for several customers, including Starbucks and U.K. Blue Yonder confirmed it was the victim of a ransomware attack.

Software

Software Ransomware Retail Manufacturing

MY TAKE: lastwatchdog.com receives recognition as a Top 10 cybersecurity webzine in 2021

The Last Watchdog

NOVEMBER 3, 2021

We’ve been named one of the Top 10 cybersecurity webzines in 2021. Expect content that is always accurate and fair, with recent posts exploring the monitoring of complex modern networks, telecom data breaches that expose vast numbers of mobile users, efforts to make software products safer and ransomware attacks on global supply chains.

Cybersecurity

Cybersecurity Data breaches Mobile Internet

Microsoft, Apple and Google top the list of the most spoofed brands in 2021

Tech Republic Security

FEBRUARY 23, 2022

IBM’s 2022 X-Force Threat Intelligence Index also revealed that ransomware was again the top attack type last year and that manufacturing supply chains were most vulnerable to exploitation. The post Microsoft, Apple and Google top the list of the most spoofed brands in 2021 appeared first on TechRepublic.

Manufacturing

Manufacturing Ransomware

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

Among the zero-days are: – CVE-2021-33742 , a remote code execution bug in a Windows HTML component. – CVE-2021-31955 , an information disclosure bug in the Windows Kernel. – CVE-2021-31956 , an elevation of privilege flaw in Windows NTFS.

Backups

Backups Ransomware Cyber threats Phishing

Ransomware now accounts for 69% of all attacks that use malware

Tech Republic Security

SEPTEMBER 22, 2021

The most common targets of ransomware in the second quarter of 2021 were governmental, medical and industrial companies along with scientific and educational institutions, says Positive Technologies.

Ransomware

Ransomware Accountability Education Malware

Ransomware demands and payments skyrocket

Tech Republic Security

AUGUST 27, 2021

According to a ransomware report, the average ransom payment in the first half of 2021 jumped to $570,000. Learn more in TechRepublic's Karen Roby interview with writer Lance Whitney.

Ransomware

Conti Ransomware Group Diaries, Part II: The Office

Krebs on Security

MARCH 2, 2022

Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti , one of the more rapacious and ruthless ransomware gangs in operation today. – Penetration Testers/Hackers: Those on the front lines battling against corporate security teams to steal data, and plant ransomware.

Ransomware

Ransomware Antivirus Malware Cybercrime

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

eSecurity Planet

MARCH 17, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware.

Ransomware

Ransomware Backups Firmware Insurance

Massive ransomware operation targets VMware ESXi: How to protect from this security threat

Tech Republic Security

FEBRUARY 7, 2023

These ransomware infections on VMware ESXi software are due to a vulnerability that has existed since 2021. The post Massive ransomware operation targets VMware ESXi: How to protect from this security threat appeared first on TechRepublic. Find out the most targeted countries and how to secure your organization.

Ransomware

Ransomware Software Cybersecurity Network Security

Fireside chat: New ‘SASE’ weapon chokes off ransomware before attack spreads laterally

The Last Watchdog

JUNE 21, 2022

It’s stunning that the ransomware plague persists. Verizon’s Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past years combined; Sophos’ State of Ransomware survey shows victims routinely paying $1 million ransoms. Related: ‘SASE’ blends connectivity and security.

Ransomware

Ransomware Data breaches Network Security Internet

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. But Sanders said every ransomware expert Kaseya consulted so far has advised against negotiating for one ransom to unlock all victims.

Software

Software Ransomware System Administration Authentication

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

The Last Watchdog

JUNE 20, 2022

Or the payload might be a data exfiltration routine — or a full-blown ransomware attack. IABs contributed to threat actors dwelling longer before detection: the median attacker dwell time was 15 days in 2021, up from 11 days in 2020. Speaking of ransomware, cyber extortion continues to persist at a plague level.

Ransomware

Ransomware Digital transformation Marketing Software

2021 Cyber Review: The Year Ransomware Disrupted Infrastructure

Four REvil Ransomware members sentenced for hacking and money laundering

Webinars

Trending Sources

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Webinars

Ransomware Payments Are Down

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Microsoft Patch Tuesday, August 2021 Edition

Ransomware Attacks and Response: What You Need to Know Now

U.S. Offered $10M for Hacker Just Arrested by Russia

Patch Tuesday, October 2021 Edition

Microsoft Patch Tuesday, November 2021 Edition

Decrypting Hive Ransomware Data

Conti’s Ransomware Toll on the Healthcare Industry

Russian Phobos ransomware operator faces cybercrime charges

A ransomware attack disrupted services at Pittsburgh Regional Transit

Russia Charges Notorious Ransomware Developer in Rare Cybercrime Case

Ransomware Attacks against Water Treatment Plants

Russian Hacker “Wazawaka” Indicted for Ransomware

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

GUEST ESSAY: Here’s why EDR and XDR systems failed to curtail the ransomware wave of 2021

Ransomware Group Debuts Searchable Victim Data

Customer Care Giant TTEC Hit By Ransomware

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

Who Wrote the ALPHV/BlackCat Ransomware Strain?

12 Online Resolutions for 2021

BlackCat Ransomware Raises Ante After FBI Disruption

Conti Ransomware Group Diaries, Part I: Evasion

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Looking Back at the Colonial Pipeline Ransomware Incident

Ransomware threats to watch for in 2021 include crimeware-as-a-service

Everest ransomware group’s Tor leak site offline after a defacement

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

MY TAKE: lastwatchdog.com receives recognition as a Top 10 cybersecurity webzine in 2021

Microsoft, Apple and Google top the list of the most spoofed brands in 2021

Microsoft Patches Six Zero-Day Security Holes

Ransomware now accounts for 69% of all attacks that use malware

Ransomware demands and payments skyrocket

Conti Ransomware Group Diaries, Part II: The Office

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

Massive ransomware operation targets VMware ESXi: How to protect from this security threat

Fireside chat: New ‘SASE’ weapon chokes off ransomware before attack spreads laterally

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

Stay Connected