SecureList

AUGUST 1, 2024

Introduction Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. You will find a few excerpts from these below.

Ransomware 89

Ransomware Cybercrime Education Malware 89

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . key files.

Encryption 139

Encryption Ransomware Cybercrime Malware 139

Joseph Steinberg

JUNE 9, 2022

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. The ransomware attack on Tenafly’s school system is a reminder of a sad, ironic, reality.

Ransomware 363

Ransomware Artificial Intelligence Education Cybercrime 363

Security Affairs

NOVEMBER 12, 2024

New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware , which attackers deployed after breaching systems via PowerShell commands. ” reads the report published by Kaspersky.

Ransomware 100

Ransomware Malware Encryption Hacking 100

Krebs on Security

DECEMBER 19, 2023

Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

Ransomware 280

Ransomware Cybercrime Advertising Encryption 280

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The cybercrime group behind the attack leaked the data stolen from the victim on January 5, 2022.

Encryption 98

Encryption Ransomware Cybercrime Engineering 98

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang are jointly conducting a ransomware campaign targeting various organizations in multiple countries, Cisco Talos reported. The GhostLocker 2.0 GhostLocker 2.0

Ransomware 142

Ransomware Encryption Cybercrime Hacking 142

Bleeping Computer

FEBRUARY 20, 2024

Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation. [.]

Ransomware 124

Ransomware Cybercrime Encryption Hacking 124

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines.

Encryption 98

Encryption Ransomware Malware Healthcare 98

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts.

Backups 141

Backups Ransomware Antivirus DNS 141

Security Affairs

DECEMBER 1, 2023

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. The malware adds the extension “ TURTLERANSv0 ” to the filenames of encrypted files.

Ransomware 142

Ransomware Encryption Malware Cybercrime 142

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The experts pointed out that the Rorschach ransomware appears to be unique. The experts pointed out that the Rorschach ransomware appears to be unique. ” continues the analysis.

Encryption 98

Encryption Ransomware Malware Backups 98

Security Boulevard

MARCH 17, 2021

With cybercrime rising by 600% during the pandemic, businesses are more vulnerable than ever to the financial and reputational repercussions of cyberattacks. Costs of Cybercrime Global cybercrime costs are on the rise, increasing 15 per cent year over year, according to a 2021 cyberwarfare report by CyberSecurity Ventures.

Cybercrime 138

Cybercrime Cyber Attacks Ransomware Healthcare 138

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption 98

Encryption Ransomware VPN Malware 98

SecureList

MAY 8, 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. As we approach International Anti-Ransomware Day, we have analyzed the major ransomware events and trends. The third most active ransomware in 2023 was Cl0p.

Ransomware 122

Ransomware Encryption Small Business Cybersecurity 122

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 141

Ransomware Encryption Backups Manufacturing 141

Bleeping Computer

FEBRUARY 20, 2024

Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation. [.]

Ransomware 104

Ransomware Cybercrime Encryption Hacking 104

CyberSecurity Insiders

JUNE 26, 2023

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti. Babuk is a ransomware that was first discovered in early 2021.

Cybercrime 100

Cybercrime Social Engineering Ransomware Phishing 100

Krebs on Security

JULY 1, 2020

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.

Ransomware 317

Ransomware Cybercrime Encryption Malware 317

Security Affairs

JULY 9, 2024

Avast developed and released a decryptor for the DoNex ransomware family that allows victims to recover their files for free. Avast researchers identified a cryptographic flaw in the DoNex ransomware and its predecessors that allowed them to develop a decryptor. “All brands of the DoNex ransomware are supported by the decryptor.”

Ransomware 129

Ransomware Encryption Passwords Hacking 129

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.

Ransomware 334

Ransomware Cybercrime Malware Encryption 334

Malwarebytes

NOVEMBER 30, 2023

This morning I decided to write some ransomware, and I asked ChatGPT to help. For months following ChatGPT’s release, the cybersecurity press was drenched in speculation about how cybercrime was changed forever, even though it didn’t appear to have changed at all. to build up a basic ransomware step-by-step.

Ransomware 127

Ransomware Encryption Cybercrime Malware 127

Security Affairs

SEPTEMBER 13, 2023

3AM is a new strain of ransomware that was spotted in a single incident in which the threat actors failed to deploy the LockBit ransomware in the target infrastructure. The threat actors managed to deploy the ransomware to three computers on the target organization’s network, but it was blocked on two of those three machines.

Ransomware 136

Ransomware Encryption Cybercrime Backups 136

Security Affairs

JUNE 18, 2024

Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Initially, these attacks involved malicious software that encrypts a victim’s data, rendering it inaccessible until a ransom is paid to the attackers.

Ransomware 141

Ransomware Cryptocurrency Insurance Cybercrime 141

The Last Watchdog

SEPTEMBER 18, 2024

18, 2024, CyberNewsWire — SpyCloud , the leader in Cybercrime Analytics, today announced new cybersecurity research highlighting the growing and alarming threat of infostealers – a type of malware designed to exfiltrate digital identity data, login credentials, and session cookies from infected devices. Austin, TX, Sept.

Ransomware 113

Ransomware Malware Cybercrime Authentication 113

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 145

Encryption Ransomware Backups VPN 145

Krebs on Security

MAY 13, 2024

and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Last week, the United States joined the U.K. However, it’s quite possible to send data.

Ransomware 260

Ransomware Cybercrime Accountability Malware 260

Security Affairs

AUGUST 23, 2024

Sophos researchers investigated a Qilin ransomware breach attack that led to the theft of credentials stored in Google Chrome browsers. Sophos researchers investigated a Qilin ransomware attack where operators stole credentials stored in Google Chrome browsers of a limited number of compromised endpoints. ” concludes the report.

Ransomware 136

Ransomware Cybercrime Passwords VPN 136

Security Affairs

FEBRUARY 12, 2024

Researchers discovered a vulnerability in the code of the Rhysida ransomware that allowed them to develop a decryption tool. Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware.

Ransomware 131

Ransomware Encryption VPN Manufacturing 131

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 133

Backups Ransomware VPN Accountability 133

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

Encryption 126

Encryption Ransomware Backups VPN 126

Malwarebytes

FEBRUARY 6, 2024

Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both.

Ransomware 105

Ransomware Cybercrime Malware Social Engineering 105

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. Cado Security Labs recently became aware that Cerber ransomware is being deployed into Confluence servers via the CVE-2023-22518 exploit. ” states Cado Security. ” continues the report.

Ransomware 145

Ransomware Encryption Malware Accountability 145

Malwarebytes

SEPTEMBER 15, 2023

The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the last 24 months. Ransomware is named as the most prominent threat with a broad reach and a significant financial impact on industry. Stop malicious encryption.

Cybercrime 106

Cybercrime Ransomware DDOS Backups 106

Security Affairs

SEPTEMBER 17, 2022

Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. Pierluigi Paganini.

Ransomware 138

Ransomware Encryption Backups Cybercrime 138

Security Affairs

AUGUST 18, 2024

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks.

Social Engineering 145

Social Engineering Engineering Ransomware Cybercrime 145

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data.

Healthcare 90

Healthcare Ransomware Identity Theft Data breaches 90