Authentication and Ransomware - Cyber Security Informer

Problems with Multifactor Authentication

Schneier on Security

OCTOBER 21, 2021

Roger Grimes on why multifactor authentication isn’t a panacea : The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in.

Authentication

Authentication Ransomware Social Engineering Engineering

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Traditionally, the primary target of ransomware has been the victims device. Palo Alto, Calif.,

Antivirus

Antivirus Ransomware Social Engineering Engineering

Email authentication helps governments and private companies battle ransomware

Tech Republic Security

MARCH 17, 2022

The first line of defense against ransomware lies with email authentication. The post Email authentication helps governments and private companies battle ransomware appeared first on TechRepublic. Learn more information about how to take a proactive approach to cyber attacks.

Authentication

Authentication Government Ransomware Cyber Attacks

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Security Affairs

MARCH 10, 2025

Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. ” Microsoft wrote on X. .

Ransomware

Ransomware VPN Healthcare Malware

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. Once complete, the decryptor will automatically unlock the drive and disable smart card authentication.

Ransomware

Ransomware Encryption Passwords Backups

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

Following a July 18 attack by the Rhysida ransomware group — believed to have Russian affiliations — Columbus is still reeling from the exposure of vast amounts of sensitive resident data. By requiring a second form of authentication, such as a code from a mobile device, you can reduce the risk of account compromise to a great extent.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. All they need is one successful attempt to gain initial access."

Ransomware

Ransomware IoT Encryption Social Engineering

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. Last month, Sens. Mark Warner (D-Va.)

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. This is not an idle concern.

Ransomware

Ransomware Encryption Backups Manufacturing

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. Halcyon researchers pointed out that this ransomware campaign does not exploit any AWS vulnerability.

Encryption

Encryption Ransomware Authentication Accountability

ESXi ransomware attacks use SSH tunnels to avoid detection

Security Affairs

JANUARY 27, 2025

Threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Researchers at cybersecurity firm Sygnia warn that threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection.

Ransomware

Ransomware Authentication Hacking Cybersecurity

Inside Ireland’s Public Healthcare Ransomware Scare

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware.

Healthcare

Healthcare Ransomware Antivirus Hacking

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

eSecurity Planet

MARCH 17, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware.

Ransomware

Ransomware Backups Firmware Insurance

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. concludes Sophos.

Backups

Backups VPN Ransomware Authentication

BayMark Health Services sends breach notifications after ransomware attack

Malwarebytes

JANUARY 10, 2025

The RansomHub ransomware group claims to have exfiltrated an enormous 1.5 Here, the ransomware group lays blame on the company itself. This isn’t rare for a ransomware group, as the tactics and vernacular are often based around shame, guilt, and a pre-teen-like arrogance. Enable two-factor authentication (2FA).

Ransomware

Ransomware Data breaches Passwords Phishing

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Underscoring this trend, Uber was recently hacked — through its authentication system. The best possible answer is coming from biometrics-based passwordless, continuous authentication.

Authentication

Authentication Healthcare Artificial Intelligence Passwords

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 18, 2025

The vulnerability is an authentication bypass issue that could allow a remote attacker to gain super-admin privileges by making maliciously crafted CSF proxy requests. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0

Authentication

Authentication Ransomware Firewall Hacking

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

Security Affairs

APRIL 1, 2025

Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825 , in the CrushFTP file transfer software. that may allow unauthenticated remote attackers to bypass authentication via HTTP(S) requests. Attackers are using exploits based on publicly available proof-of-concept exploit code.

Authentication

Authentication Software Ransomware Hacking

Zyxel firewalls targeted in recent ransomware attacks

Security Affairs

NOVEMBER 25, 2024

Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise.

Firewall

Firewall Ransomware VPN Firmware

Threat Spotlight: Inside the World’s Fastest Rising Ransomware Operator — BlackLock

Digital Shadows

FEBRUARY 17, 2025

Key Findings First observed in March 2024, BlackLock (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3.

Ransomware

Ransomware Malware Risk Accountability

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Security Affairs

MARCH 13, 2025

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025.

Ransomware

Ransomware Encryption Cryptocurrency Insurance

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 6, 2024

Remote attackers could bypass authentication and execute arbitrary commands by exploiting a flaw in secMiddleware , which only validates POST requests. The attack aimed at deploying the PSAUX ransomware attack. Cybersecurity and Infrastructure Security Agency (CISA)added the CyberPanelflaw CVE-2024-51378 (CVSS score: 10.0)

DNS

DNS Authentication Ransomware Hacking

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill. The ALPHV/BlackCat ransomware group claimed the initial attack. Enable two-factor authentication (2FA).

Data breaches

Data breaches Healthcare Passwords Insurance

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Ransomware? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

Ransomware

Ransomware Risk Internet Internet

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

This bypasses security barriers entirely, giving adversaries a direct path to infiltrate networks, steal data, and deploy ransomware undetected. Notably, 64% of VPN vulnerabilities are directly linked to ransomware campaigns, demonstrating how cybercriminals quickly monetize stolen credentials for profit.

VPN

VPN Authentication Ransomware Risk

Leaked Black Basta Chats Expose Ransomware Secrets & Infighting

eSecurity Planet

FEBRUARY 24, 2025

Over 200,000 internal messages from the notorious ransomware group Black Basta have surfaced online exposing deep divisions, ransom negotiations, and internal dysfunction. Cybersecurity experts are now poring over the data, uncovering a rare inside look at how one of the most feared ransomware groups operates and potentially unravels.

Ransomware

Ransomware Phishing Healthcare Cryptocurrency

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

The Last Watchdog

APRIL 11, 2022

From financial institutions to meat producers, it seems every industry has been impacted by ransomware in the past year — maybe even the past week. Related: Tech solutions alone can’t stop ransomware. Put simply, ransomware attacks are on the rise because of profits. Why the stark increase? Low cost attacks.

Ransomware

Ransomware Social Engineering Passwords Engineering

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Members of Scattered Spider are reputed to have been involved in a September 2023 ransomware attack against the MGM Resorts hotel chain that quickly brought multiple MGM casinos to a standstill.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs). Other passwords and session tokens that could allow the scammers to bypass multi-factor authentication (MFA). Email addresses.

Malware

Malware Adware Education Phishing

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

The Last Watchdog

NOVEMBER 19, 2023

As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA). But the coup de gras was how easily they brushed aside the multi-factor authentication protections. How they steamrolled multi-factor authentication is a reason for pause.

Social Engineering

Social Engineering Passwords Authentication Marketing

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

The Last Watchdog

SEPTEMBER 24, 2024

The growing threat of cybercrime, including ransomware attacks and large-scale data leaks, is also pushing individuals to take more control of their personal data. Credit monitoring services provide ongoing tracking of credit reports for suspicious activity, and some even offer insurance for identity theft-related losses.

Authentication

Authentication Identity Theft Banking Data breaches

$12M Ransomware Attack Hit Because Nobody Listened to the Security Team

SecureWorld News

APRIL 3, 2025

Then came the inevitable: a ransomware attack that encrypted patient records, forced appointment cancellations for three weeks, and ultimately cost more than $12 million in recovery costs, regulatory fines, and lost revenue. Sarah, a newly appointed CISO at a manufacturing company, inherited a failed multi-factor authentication project.

Ransomware

Ransomware CISO Authentication Healthcare

The Rise of Non-Ransomware Attacks on AWS S3 Data

Thales Cloud Protection & Licensing

FEBRUARY 12, 2025

The Rise of Non-Ransomware Attacks on AWS S3 Data madhav Thu, 02/13/2025 - 04:39 A sophisticated ransomware gang, Codefinger, has a cunning new technique for encrypting data stored in AWS S3 buckets without traditional ransomware tools. Unlike conventional ransomware, the malicious actors dont exfiltrate any data.

Ransomware

Ransomware Encryption Digital transformation Risk

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. “This is worse because the CVE calls for an authenticated user,” Holden said. “This was not.”

Software

Software Ransomware System Administration Authentication

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

The Last Watchdog

JULY 11, 2024

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

Authentication

Authentication Passwords Malware Accountability

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country.

Ransomware

Ransomware Backups VPN Authentication

VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access

The Hacker News

JULY 29, 2024

A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware.

Ransomware

Ransomware Encryption Authentication Malware

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Enable two-factor authentication (2FA).

Data breaches

Data breaches Passwords Ransomware Phishing

Zero Trust: Your Best Friend in the Age of Advanced Threats

SecureWorld News

NOVEMBER 6, 2024

Google moved away from VPNs, instead using device-based authentication and continuous access verification, ensuring that each access request is authenticated. Ransomware-as-a-Service (RaaS): The Kaseya ransomware attack in 2021 compromised more than 1,000 businesses. Take Google's BeyondCorp as an example.

Social Engineering

Social Engineering Authentication Architecture Ransomware

Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks

Bleeping Computer

JULY 29, 2024

Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. [.]

Ransomware

Ransomware Authentication

Operation Heart Blocker: International Police Disrupt Phishing Network

SecureWorld News

FEBRUARY 3, 2025

Unlike ransomware attacks, which force organizations to disclose security breaches due to operational disruptions, BEC scams often go unreported as companies quietly absorb financial losses. Organizations should enforce least privilege access and enable multi-factor authentication (MFA) on all accounts that have it available.

Phishing

Phishing Cybercrime Scams Authentication

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. Reference the provided resources for establishing DMARC authentication.

Phishing

Phishing Ransomware Security Awareness Authentication

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

Scattered Spider has gained infamy for its high-profile cyberattacks, including the ransomware assault on MGM Casino in 2023 , which caused widespread disruption. Known for targeting employee credentials through phishing schemes, the group uses stolen access to infiltrate systems, extract sensitive data, and deploy ransomware.

Phishing

Phishing Identity Theft Cryptocurrency Cybercrime

Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks

Security Affairs

OCTOBER 11, 2024

Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. ” concludes Sophos.

Backups

Backups Ransomware VPN Authentication

Problems with Multifactor Authentication

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

Trending Sources

Email authentication helps governments and private companies battle ransomware

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Bitdefender released a decryptor for the ShrinkLocker ransomware

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Change Healthcare Breach Hits 100M Americans

Researchers Quietly Cracked Zeppelin Ransomware Keys

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

ESXi ransomware attacks use SSH tunnels to avoid detection

Inside Ireland’s Public Healthcare Ransomware Scare

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

BayMark Health Services sends breach notifications after ransomware attack

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

Zyxel firewalls targeted in recent ransomware attacks

Threat Spotlight: Inside the World’s Fastest Rising Ransomware Operator — BlackLock

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Leaked Black Basta Chats Expose Ransomware Secrets & Infighting

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Warning over free online file converters that actually install malware

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

$12M Ransomware Attack Hit Because Nobody Listened to the Security Team

The Rise of Non-Ransomware Attacks on AWS S3 Data

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

Akira ransomware targets Finnish organizations

VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access

City of Columbus breach affects around half a million citizens

Zero Trust: Your Best Friend in the Age of Advanced Threats

Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks

Operation Heart Blocker: International Police Disrupt Phishing Network

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks

Stay Connected