Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups.

Ransomware 117

Ransomware Software Cybercrime Encryption 117

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog. and Europe in early March.” So it’s a double vig.”

Ransomware 340

Ransomware Backups Encryption Internet 340

Security Affairs

NOVEMBER 18, 2024

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. “On September 8, 2024, we suffered a ransomware attack on our computer system.

Ransomware 123

Ransomware Insurance Encryption Healthcare 123

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data.

Healthcare 115

Healthcare Ransomware Identity Theft Data breaches 115

Krebs on Security

DECEMBER 19, 2023

Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

Ransomware 316

Ransomware Cybercrime Advertising Encryption 316

Security Affairs

MARCH 24, 2025

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney Generals Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office.

Ransomware 101

Ransomware Hacking Social Engineering VPN 101

Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware 123

Ransomware Backups Small Business Malware 123

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware.

Healthcare 327

Healthcare Ransomware Antivirus Hacking 327

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. It’s just some kind of sabotage.” 23, 2020.

Ransomware 304

Ransomware Healthcare Cybercrime Government 304

Security Affairs

MARCH 2, 2025

The Qilin ransomware group claims responsibility for attacking the newspaper Lee Enterprises, stealing 350GB of data. The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises , Inc. is a publicly traded American media company.

Ransomware 75

Ransomware Cybercrime Encryption Healthcare 75

Schneier on Security

JANUARY 10, 2023

…within a few weeks of ChatGPT going live, participants in cybercrime forums—­some with little or no coding experience­—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks.

Malware 65

Malware Encryption Cybercrime Passwords 65

Krebs on Security

MAY 13, 2024

and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Last week, the United States joined the U.K. However, it’s quite possible to send data.

Ransomware 298

Ransomware Cybercrime Accountability Malware 298

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack. The gang claimed they had stolen databases containing 6.5

Ransomware 113

Ransomware Identity Theft Data breaches Cyber threats 113

Krebs on Security

DECEMBER 16, 2019

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. The message displayed at the top of the Maze Ransomware public shaming site. Follow the news!”

Ransomware 245

Ransomware Data breaches Healthcare Cybercrime 245

Security Affairs

FEBRUARY 11, 2025

Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The ransomware component is then decrypted and loaded into the SmokeLoader process memory.

Ransomware 69

Ransomware Encryption Backups Malware 69

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . key files.

Encryption 136

Encryption Ransomware Cybercrime Malware 136

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Cybercrime 139

Cybercrime Ransomware DDOS Encryption 139

Dark Reading

APRIL 4, 2023

The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime.

Ransomware 133

Ransomware Encryption Cybercrime Malware 133

Security Affairs

MARCH 13, 2025

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025.

Ransomware 68

Ransomware Encryption Cryptocurrency Insurance 68

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch inch diskettes. inch diskettes. FBI spoofs 2012 – 2013.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

MARCH 7, 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts tracked the Medusa ransomware activity as Spearwing.

Ransomware 61

Ransomware Antivirus Healthcare Encryption 61

Security Affairs

MARCH 14, 2025

Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks. Between January and March, researchers at Forescout Research Vedere Labs observed a threat actors exploiting two Fortinet vulnerabilities to deploy the SuperBlack ransomware. SuperBlack modifies LockBit 3.0s

Firewall 65

Firewall Ransomware VPN Encryption 65

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions.

Cryptocurrency 127

Cryptocurrency Cybercrime Education Scams 127

Krebs on Security

JULY 15, 2019

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. “We are a living proof that you can do evil and get off scot-free.” We are interested in professionals.”

Ransomware 233

Ransomware Cybercrime Media Encryption 233

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 145

Encryption Ransomware Backups VPN 145

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 144

Encryption Ransomware Backups VPN 144

SecureList

AUGUST 1, 2024

Introduction Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. You will find a few excerpts from these below.

Ransomware 119

Ransomware Cybercrime Education Malware 119

Security Affairs

SEPTEMBER 2, 2024

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in the threat landscape and already targeted tens of companies. Cicada3301 is a new ransomware-as-a-service (RaaS) operation that appeared in the threat landscape. The Cicada3301 ransomware is written in Rust and targets both Windows and Linux/ESXi hosts.

Ransomware 134

Ransomware Encryption Malware Cybercrime 134

Krebs on Security

OCTOBER 8, 2020

But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. THE DOCTOR IS IN.

Cybercrime 351

Cybercrime VPN Malware Ransomware 351

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. macaw extension to the file name of the encrypted files.

Ransomware 141

Ransomware Cybercrime Banking Encryption 141

The Hacker News

DECEMBER 24, 2021

Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. "Be

Ransomware 133

Ransomware Cybercrime Encryption Malware 133

Security Affairs

DECEMBER 1, 2023

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. The malware adds the extension “ TURTLERANSv0 ” to the filenames of encrypted files.

Ransomware 140

Ransomware Encryption Malware Cybercrime 140

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang are jointly conducting a ransomware campaign targeting various organizations in multiple countries, Cisco Talos reported. The GhostLocker 2.0 GhostLocker 2.0

Ransomware 140

Ransomware Encryption Cybercrime Hacking 140

Security Affairs

OCTOBER 13, 2024

The Mexican Drug Cartels Want You Casio: Notice of Partial Service Outage and Information Leak Caused by Ransomware Attack He founded a “startup” to access sanctioned Russian websites: the cyber police of Khmelnytskyi region exposed the hacker Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse Malware Over 300,000!

Data breaches 115

Data breaches Cryptocurrency Artificial Intelligence Cybercrime 115

Krebs on Security

DECEMBER 8, 2022

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. Department of Health and Human Services (HHS) warned that Venus ransomware attacks were targeting a number of U.S. Encrypting sensitive data wherever possible.

Healthcare 324

Healthcare Backups Ransomware Insurance 324

Security Affairs

JANUARY 28, 2025

ENGlobal reported to the SEC that personal information was compromised in a ransomware attack that took place in November 2024. ENGlobal disclosed a ransomware attack that occurredin November, in a SEC filingthe company confirmed that threat actors gained access to personal information. ” reads the FORM 8-K filed with SEC.

Ransomware 65

Ransomware Encryption Hacking Technology 65

Security Affairs

MARCH 15, 2025

The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques. It uses a configuration file with regex patterns to detect cryptocurrency wallet addresses and C2 addresses for downloading encrypted wallet lists (recovery.dat and recoverysol.dat). ” concludes the report.

Software 116

Software Cryptocurrency Malware Encryption 116