Malwarebytes

JULY 13, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 92

Ransomware Manufacturing Data breaches Encryption 92

Malwarebytes

NOVEMBER 15, 2023

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 95

Ransomware Education Backups Cyber Insurance 95

Malwarebytes

SEPTEMBER 12, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 96

Ransomware Backups Data breaches Malware 96

SecureList

MAY 8, 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. As we approach International Anti-Ransomware Day, we have analyzed the major ransomware events and trends. The group itself also has a large affiliate network.

Ransomware 122

Ransomware Encryption Small Business Cybersecurity 122

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) The vulnerability was addressed in March 2023, and shortly after a PoC exploit code for this issue was released publicly.

Backups 142

Backups Ransomware Antivirus DNS 142

Malwarebytes

JUNE 9, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. MalasLocker: The Robin Hood of ransomware?

Ransomware 82

Ransomware Education Encryption Software 82

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines.

Encryption 98

Encryption Ransomware Malware Healthcare 98

Security Boulevard

NOVEMBER 22, 2023

Ransomware Trends Overview As ransomware’s fundamental nature shifts from encryption to data exfiltration, organizations’ data backup and recovery practices no longer protect them from attacks. The post Threat Spotlight: Data Extortion Ransomware: Key Trends in 2023 appeared first on Security Boulevard.

Ransomware 78

Ransomware Backups Cyber threats Encryption 78

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 142

Ransomware Encryption Backups Manufacturing 142

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server.

Ransomware 145

Ransomware Encryption Malware Accountability 145

Heimadal Security

JUNE 29, 2023

In early February 2023, a new ransomware strain quietly made its way up the ranks. Earmarked Dark Power, the NIM-written ransomware leverages an advanced block cipher technique to bypass detection, stop system-critical services, and, finally to encrypt the victim’s file.

Ransomware 83

Ransomware Encryption 83

Malwarebytes

FEBRUARY 9, 2024

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. 2023 was an explosive year for ransomware.

Ransomware 71

Ransomware Education Social Engineering Manufacturing 71

Security Affairs

FEBRUARY 12, 2024

Researchers discovered a vulnerability in the code of the Rhysida ransomware that allowed them to develop a decryption tool. Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware.

Ransomware 133

Ransomware Encryption VPN Manufacturing 133

The Hacker News

JUNE 5, 2024

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims' data for financial gain.

Ransomware 132

Ransomware Healthcare Encryption 132

Malwarebytes

AUGUST 10, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. The driving force behind this huge number?

Ransomware 66

Ransomware Backups Encryption Software 66

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 142

Ransomware Encryption Antivirus VPN 142

Malwarebytes

MAY 8, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. “The viability may improve in the future. .”

Ransomware 65

Ransomware Backups Encryption Education 65

SecureList

OCTOBER 1, 2024

Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. Notably, on June 30, 2022, the creator of Chaos announced the launch of a RaaS (Ransomware-as-a-Service) partnership program.

Ransomware 83

Ransomware Encryption Accountability Malware 83

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 137

Ransomware Encryption Insurance Malware 137

The Hacker News

JUNE 26, 2024

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023.

Ransomware 134

Ransomware Encryption Government 134

Security Affairs

SEPTEMBER 1, 2023

Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption tool for the Key Group ransomware (aka keygroup777) that allows victims to recover their data without paying a ransom.

Ransomware 132

Ransomware Encryption Backups Malware 132

The Last Watchdog

DECEMBER 14, 2023

Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? ai Antani Many speculated that the ransomware attack on a Toyota supply chain player in Kojima, Japan was in retaliation for Japan’s aid to Ukraine. Their guidance: Snehal Antani , CEO, Horizon3.ai

Cybersecurity 234

Cybersecurity Marketing Encryption CISO 234

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 134

Backups Ransomware VPN Accountability 134

Bleeping Computer

NOVEMBER 14, 2023

The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files. [.]

Ransomware 126

Ransomware Encryption 126

Malwarebytes

DECEMBER 29, 2023

Ransomware gangs care about one thing: Stealing money. Worst of all, they show no sign of slowing down, and their extortion attempts—which no longer focus on ransomware delivery alone—are getting bolder, meaner, and uglier. Considering all this, it’s pretty damn nice to see ransomware gangs lose.

Ransomware 86

Ransomware Malware Backups Encryption 86

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware 142

Ransomware Hacking Data breaches Digital transformation 142

Graham Cluley

JULY 6, 2023

There's good news for any business that has fallen victim to the Akira ransomware. Security researchers have developed a free decryption tool for files that have been encrypted since the Akira ransomware first emerged in March 2023. Read more in my article on the Tripwire State of Security blog.

Ransomware 142

Ransomware Encryption Malware 142

Security Affairs

JANUARY 10, 2024

Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator. Cisco Talos researchers obtained a decryptor for the Babuk Tortilla ransomware variant. The experts were able to extract and share the private decryption key used by the ransomware operators.

Ransomware 135

Ransomware Encryption Engineering Malware 135

The Hacker News

OCTOBER 12, 2023

Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant's threat intelligence team is tracking the operator as Storm-1567.

Ransomware 139

Ransomware Encryption 139

Security Affairs

JUNE 22, 2024

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments. RansomHub ransomware operation relies on a new Linux version of the encrypted to target VMware ESXi environments. appeared in the threat landscape in May 2023. Knight, also known as Cyclops 2.0,

Ransomware 142

Ransomware Encryption Backups Malware 142

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data.

Healthcare 90

Healthcare Ransomware Identity Theft Data breaches 90

Malwarebytes

APRIL 13, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. it has reconsidered its decision."

Ransomware 71

Ransomware Government Accountability Mobile 71

CyberSecurity Insiders

MAY 23, 2023

BullWall , global leaders in ransomware containment, and researchers with Cybersecurity Insiders, today published the Cybersecurity Insiders 2023 Ransomware Report. We’ve been researching the state of ransomware for years, but a new trend is now starting to emerge. alone according to experts.

Ransomware 125

Ransomware Encryption Risk Cybersecurity 125

Webroot

OCTOBER 25, 2023

This post covers highlights of our analysis, including the rise of ransomware as a service (RaaS), the six nastiest malware groups, and the role of artificial intelligence in both cybersecurity and cyberthreats. Their tactics have evolved significantly over the years, with ransomware now the malware of choice for cybercriminals.

Malware 98

Malware Artificial Intelligence Ransomware Penetration Testing 98

Security Affairs

JULY 19, 2024

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation.

Ransomware 143

Ransomware Healthcare Encryption Government 143

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. The Cactus ransomware relies on multiple legitimate tools (e.g.

Retail 143

Retail Ransomware Encryption Hacking 143

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang are jointly conducting a ransomware campaign targeting various organizations in multiple countries, Cisco Talos reported. The GhostLocker 2.0 GhostLocker 2.0 GhostLocker 2.0

Ransomware 143

Ransomware Encryption Cybercrime Hacking 143