Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults. So basically: Minor incident, but no customer data or vaults were lost.

Password Management 364

Password Management Passwords Encryption Backups 364

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. “Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. .

Backups 98

Backups Encryption Data breaches Passwords 98

Security Affairs

MARCH 10, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Backups are insufficient; IPS is recommended for protection. Victims include AMD and Keralty. They shame non-payers by leaking data.

Hacking 114

Hacking Healthcare Backups Ransomware 114

Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. The Hive ransomware adds the.hive extension to the filename of encrypted files. .

Encryption 135

Encryption Ransomware Spyware Malware 135

Security Affairs

MARCH 23, 2023

Researchers released a PoC exploit code for a high-severity vulnerability in Veeam Backup & Replication (VBR) software. Veeam recently addressed a high-severity flaw, tracked as CVE-2023-27532 , in Veeam Backup and Replication (VBR) software. “This may lead to an attacker gaining access to the backup infrastructure hosts.”

Backups 98

Backups Engineering Software Encryption 98

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware 69

Ransomware Encryption Backups Malware 69

Security Affairs

MARCH 8, 2023

Veeam addressed a high-severity vulnerability in the Backup Service that impacts Backup & Replication software. Veeam addressed a high-severity vulnerability in the Backup Service, tracked as CVE-2023-27532 (CVSS v3 score: 7.5), that impacts all versions of Backup & Replication software versions.

Backups 98

Backups Encryption Firewall Software 98

Security Affairs

DECEMBER 23, 2022

In an update published on Thursday, the company revealed that threat actors obtained personal information belonging to its customers, including encrypted password vaults. The company discovered that an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the August security incident.

Encryption 98

Encryption Passwords Data breaches Backups 98

Security Affairs

AUGUST 30, 2019

PerCSoft is a cloud management provider for Digital Dental Record (DDR), that operates the online data backup service called DDS Safe. DDS Safe, is a HIPAA Compliant 3 layered online dental backup system that provides dental offices triple the protection of traditional online back-up solutions. Pierluigi Paganini.

Backups 111

Backups Ransomware Advertising Encryption 111

Security Affairs

OCTOBER 20, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 115

Data breaches Cybercrime Cyber Insurance Marketing 115

Krebs on Security

OCTOBER 28, 2020

Ransomware attackers often spend weeks or months inside of a target’s network before attempting to deploy malware across the network that encrypts servers and desktop systems unless and until a ransom demand is met. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking 358

Hacking Ransomware Banking Accountability 358

Security Affairs

MARCH 13, 2025

Medusa operators leverage legitimate remote access tools like AnyDesk, Atera, and Splashtop, alongside RDP and PsExec, to move laterally and locate files for exfiltration and encryption. Encryption is executed using gaze.exe , which disables security tools, deletes backups, and encrypts files with AES-256 before dropping a ransom note.

Ransomware 68

Ransomware Encryption Cryptocurrency Insurance 68

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption 98

Encryption Ransomware Malware Backups 98

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. Recently, the Chinese security firm Rising detected a Linux variant of the SFile ransomware that uses the RSA+AES algorithm mode. as the suffix name. . ” reported The Record. . ” reported The Record.

Ransomware 145

Ransomware Encryption Backups Malware 145

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware 139

Ransomware Encryption Backups Malware 139

Security Boulevard

FEBRUARY 16, 2025

In this episode, we discuss the UK governments demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy.

Backups 52

Backups Encryption Government Technology 52

eSecurity Planet

DECEMBER 2, 2022

Servers are encrypted with “ locked” file extensions on files. You have the disaster recovery (DR) site, backups, and storage area network (SAN) snapshots. As you try each one, that pit in your stomach grows as you experience the worst feeling in IT: the realization you have no backup for recovery. Remember those?

Architecture 116

Architecture Ransomware Backups Firewall 116

Security Affairs

NOVEMBER 8, 2023

The attacks frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons.” The FBI also published recommendations for organizations to improve their security posture in response to these new activity trends. ” reported the PIN.

Ransomware 136

Ransomware Backups Encryption Phishing 136

Security Affairs

MAY 11, 2021

Maintain offline, encrypted backups of data and regularly test your backups. Regularly conduct backup procedures and keep backups offline or in separated networks. Scan emails and attachments to detect and block malware, and implement training and processes to identify phishing and externally-sourced emails.

Ransomware 138

Ransomware Backups Antivirus DDOS 138

Security Affairs

NOVEMBER 5, 2021

. “The Babuk ransomware module, running within the process AddInProcess32, enumerates the processes running on the victim’s server and attempts to disable a number of processes related to backup products, such as Veeam backup service. ” reads the analysis published by Talos.

Ransomware 145

Ransomware Backups Encryption DNS 145

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime 350

Cybercrime Malware VPN Ransomware 350

Security Affairs

OCTOBER 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 115

Data breaches Cryptocurrency Artificial Intelligence Cybercrime 115

Spinone

NOVEMBER 20, 2018

In traditional on-site backup systems security is mainly a physical concern – ensuring data is backed up in more than one location in case of hardware loss or failure and restricting access to the physical backup media to only trusted employees. In cloud backup, security concerns are different.

Backups 40

Backups Encryption Computers and Electronics Accountability 40

Security Affairs

OCTOBER 19, 2021

Like other ransomware operations, BlackMatter also set up its leak site where it publishes data exfiltrated from the victims before encrypting their system. BlackMatter then remotely encrypts the hosts and shared drives as they are found. Scanning backups. Secret Service at a U.S. Secret Service Field Office.

Ransomware 138

Ransomware Backups Encryption Cybercrime 138

Security Affairs

SEPTEMBER 1, 2023

. “Key Group ransomware uses a base64 encoded static key N0dQM0I1JCM= to encrypt victims’ data. The threat actor tried to increase the randomness of the encrypted data by using a cryptographic technique called salting. ” reads the report published by EclecticIQ.

Ransomware 127

Ransomware Encryption Backups Malware 127

Security Affairs

JUNE 1, 2020

Last week a member of the Joomla Resources Directory (JRD) team left an unencrypted full backup of the JRD site ( resources.joomla.org ) on an unsecured Amazon Web Services S3 bucket operated by the company. “JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket.

Data breaches 137

Data breaches Backups Passwords Advertising 137

The Last Watchdog

DECEMBER 2, 2021

As we’ve seen with major attacks like Kaseya and Colonial Pipeline, cybercriminals have continued to innovate, developing new tools and tactics to encrypt and exfiltrate data. In fact, Gartner forecasts that global spending on information security and risk management services will reach $150.4 billion this year.

Ransomware 262

Ransomware Technology Cybersecurity Backups 262

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

AUGUST 21, 2020

The University was able to recover the operations from the backups, but decided to pay the ransom to avoid having ransomware operators leak student information online. ” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers. .” “It was determined that approximately.02%

Ransomware 145

Ransomware Cyber Insurance Insurance Advertising 145

Security Affairs

MAY 6, 2020

Nefilim will encrypt a file using AES-128 encryption, then the AES encryption key is encrypted using an RSA-2048 public key that is embedded in the ransomware executable. The encrypted AES key will be included in the contents of each encrypted file. ” reads the statement published by the company.

Ransomware 134

Ransomware Encryption Backups Healthcare 134

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware 145

Ransomware Encryption Passwords Malware 145

Security Affairs

FEBRUARY 13, 2024

The attack took place on February 11 and encrypted data in the production servers. As a result of the attack, the system is down, files and databases are encrypted.” “During the night of February 11 to 12, 2024, a massive cyber ransomware attack took place on the production servers on which the HIS IT system runs.

Ransomware 138

Ransomware Backups Encryption Healthcare 138

Security Affairs

JUNE 6, 2024

The script was also used for data exfiltration, the stolen data are sent to two different servers so the ransomware actors have a backup of the information. TargetCompany has been active since June 2021 , once encrypted a file it adds.mallox,exploit,architek, or.brg extension to the filenames of encrypted files.

Ransomware 128

Ransomware Encryption Backups Malware 128

Security Affairs

APRIL 9, 2020

million ransom to decrypt its files after being encrypted by the infamous Sodinokibi ransomware. “As part of this attack, the operators behind the Sodinokibi ransomware told BleepingComputer that they had encrypted the company’s entire network, deleted backup files, and copied more than 5GB of personal data.

Ransomware 144

Ransomware Encryption Advertising Backups 144

Malwarebytes

FEBRUARY 5, 2024

Add to that the suspicion that the ransom was paid, and we can conclude that backups were perhaps insufficient or not readily deployable. Another indication that things may not have been up to par was the chief information security officer (CISO) leaving in November, while the company was still recovering from the cyberattack.

Backups 130

Backups Ransomware CISO Malware 130

eSecurity Planet

APRIL 13, 2022

Hiring, training, and retaining the staff needed to effectively run an information security program can be a challenge for any size business given the cybersecurity talent shortage. This increase in vendors leads to excess complexity – and often reduced information security. Cybersecurity Talent Shortage.

Backups 126

Backups Encryption Risk Data privacy 126

Security Affairs

SEPTEMBER 17, 2022

The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. ” reads the announcement published by the security firm. In order to decrypt the files, users have to provide the path containing pairs of clean-encrypted files.

Ransomware 135

Ransomware Encryption Backups Cybercrime 135