Malwarebytes

NOVEMBER 15, 2023

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 133

Ransomware Education Backups Cyber Insurance 133

Krebs on Security

SEPTEMBER 18, 2023

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The 8Base ransomware group’s victim shaming website on the darknet.

Ransomware 281

Ransomware Accountability Encryption Internet 281

Security Affairs

NOVEMBER 2, 2023

Rapid7 researchers warn of the suspected exploitation of a recently disclosed critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity researchers at Rapid7 are warning of the suspected exploitation of the recently disclosed critical vulnerability CVE-2023-46604 in the Apache ActiveMQ. before 5.18.3 before 5.17.6

Ransomware 138

Ransomware Cybercrime Software Encryption 138

SecureList

MAY 8, 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. As we approach International Anti-Ransomware Day, we have analyzed the major ransomware events and trends. The group itself also has a large affiliate network.

Ransomware 138

Ransomware Encryption Small Business Cybersecurity 138

The Last Watchdog

DECEMBER 14, 2023

Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? ai Antani Many speculated that the ransomware attack on a Toyota supply chain player in Kojima, Japan was in retaliation for Japan’s aid to Ukraine. Their guidance: Snehal Antani , CEO, Horizon3.ai

Cybersecurity 234

Cybersecurity Marketing Encryption CISO 234

Security Affairs

FEBRUARY 12, 2024

Researchers discovered a vulnerability in the code of the Rhysida ransomware that allowed them to develop a decryption tool. Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware.

Ransomware 137

Ransomware Encryption VPN Manufacturing 137

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 143

Ransomware Encryption Antivirus VPN 143

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) The vulnerability was addressed in March 2023, and shortly after a PoC exploit code for this issue was released publicly.

Backups 143

Backups Ransomware Antivirus DNS 143

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server.

Ransomware 145

Ransomware Encryption Malware Accountability 145

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 143

Ransomware Encryption Backups Manufacturing 143

The Hacker News

JUNE 5, 2024

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims' data for financial gain.

Ransomware 139

Ransomware Healthcare Encryption 139

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 140

Ransomware Encryption Insurance Malware 140

Malwarebytes

FEBRUARY 9, 2024

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. 2023 was an explosive year for ransomware.

Ransomware 101

Ransomware Education Social Engineering Manufacturing 101

Malwarebytes

DECEMBER 29, 2023

Ransomware gangs care about one thing: Stealing money. Worst of all, they show no sign of slowing down, and their extortion attempts—which no longer focus on ransomware delivery alone—are getting bolder, meaner, and uglier. Considering all this, it’s pretty damn nice to see ransomware gangs lose.

Ransomware 119

Ransomware Malware Backups Encryption 119

Krebs on Security

AUGUST 5, 2024

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. ThreatLabz found Dark Angels has conducted some of the largest ransomware attacks to date, and yet little is known about the group.

Ransomware 248

Ransomware Insurance Healthcare Education 248

Malwarebytes

JUNE 9, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. MalasLocker: The Robin Hood of ransomware?

Ransomware 98

Ransomware Education Encryption Software 98

Security Affairs

SEPTEMBER 1, 2023

Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption tool for the Key Group ransomware (aka keygroup777) that allows victims to recover their data without paying a ransom.

Ransomware 136

Ransomware Encryption Backups Malware 136

Malwarebytes

JULY 13, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 98

Ransomware Manufacturing Data breaches Encryption 98

Security Affairs

JANUARY 10, 2024

Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator. Cisco Talos researchers obtained a decryptor for the Babuk Tortilla ransomware variant. The experts were able to extract and share the private decryption key used by the ransomware operators.

Ransomware 139

Ransomware Encryption Engineering Malware 139

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware 144

Ransomware Hacking Data breaches Digital transformation 144

Malwarebytes

JANUARY 11, 2024

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 131

Ransomware Healthcare Encryption Technology 131

The Hacker News

JUNE 26, 2024

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023.

Ransomware 138

Ransomware Encryption Government 138

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. The Cactus ransomware relies on multiple legitimate tools (e.g.

Retail 144

Retail Ransomware Encryption Hacking 144

The Hacker News

OCTOBER 12, 2023

Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant's threat intelligence team is tracking the operator as Storm-1567.

Ransomware 144

Ransomware Encryption 144

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang are jointly conducting a ransomware campaign targeting various organizations in multiple countries, Cisco Talos reported. The GhostLocker 2.0 GhostLocker 2.0 GhostLocker 2.0

Ransomware 144

Ransomware Encryption Cybercrime Hacking 144

Graham Cluley

JULY 6, 2023

There's good news for any business that has fallen victim to the Akira ransomware. Security researchers have developed a free decryption tool for files that have been encrypted since the Akira ransomware first emerged in March 2023. Read more in my article on the Tripwire State of Security blog.

Ransomware 140

Ransomware Encryption Malware 140

Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware 136

Ransomware Backups Small Business Malware 136

Krebs on Security

JUNE 8, 2023

On May 19, Barracuda identified that the malicious traffic was taking advantage of a previously unknown vulnerability in its ESG appliances, and on May 20 the company pushed a patch for the flaw to all affected appliances ( CVE-2023-2868 ). Because a ransomware actor doesn’t care about that level of access.

Firmware 347

Firmware Malware Software Ransomware 347

Security Affairs

JUNE 22, 2024

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments. RansomHub ransomware operation relies on a new Linux version of the encrypted to target VMware ESXi environments. appeared in the threat landscape in May 2023. Knight, also known as Cyclops 2.0,

Ransomware 143

Ransomware Encryption Backups Malware 143

Malwarebytes

OCTOBER 20, 2023

Even though it had a long run for a ransomware group, it seems the bell might be tolling for Ragnar Locker. On October 19, 2023, the group’s leak site was seized by an international group of law enforcement agencies. Most ransomware groups do not survive that long, mostly due to internal struggles or a takedown such as this one.

Ransomware 140

Ransomware Backups Encryption Software 140

Security Affairs

NOVEMBER 8, 2023

The FBI published a PIN alert warning of ransomware operators compromising third-party vendors and services for initial access to target environments. The FBI continues to observe ransomware operators abusing third-party vendors and services as an attack vector. ” reported the PIN.

Ransomware 142

Ransomware Backups Encryption Phishing 142

Security Affairs

FEBRUARY 19, 2024

The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric. The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric.

Ransomware 143

Ransomware Digital transformation Retail Antivirus 143

Security Affairs

SEPTEMBER 23, 2023

The City of Dallas revealed that the Royal ransomware gang that hit the city system in May used a stolen account. In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. CBS News Texas obtained an image the ransomware note dropped by the malware on the infected systems.

Ransomware 140

Ransomware Surveillance Healthcare Accountability 140

Security Affairs

SEPTEMBER 28, 2023

Johnson Controls International suffered a ransomware attack that impacted the operations of the company and its subsidiaries. Johnson Controls International announced it has suffered a ransomware attack that impacted many systems of the company, Bleeping Computer reported. ” reported Bleeping Computer.

Ransomware 141

Ransomware Insurance Technology Encryption 141

CyberSecurity Insiders

MAY 23, 2023

BullWall , global leaders in ransomware containment, and researchers with Cybersecurity Insiders, today published the Cybersecurity Insiders 2023 Ransomware Report. We’ve been researching the state of ransomware for years, but a new trend is now starting to emerge. alone according to experts.

Ransomware 125

Ransomware Encryption Risk Cybersecurity 125

Security Affairs

SEPTEMBER 30, 2023

Federal Bureau of Investigation (FBI) warns of dual ransomware attacks aimed at the same victims. Federal Bureau of Investigation (FBI) is warning of dual ransomware attacks, a new worrisome trend in the threat landscape that sees threat actors targeting the same victims two times. ” continues the alert. .

Ransomware 144

Ransomware Architecture Encryption Malware 144

Security Affairs

JULY 19, 2024

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation.

Ransomware 144

Ransomware Healthcare Encryption Government 144