Firmware and Ransomware - Cyber Security Informer

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. All they need is one successful attempt to gain initial access."

Ransomware

Ransomware IoT Encryption Social Engineering

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

eSecurity Planet

MARCH 17, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware.

Ransomware

Ransomware Backups Firmware Insurance

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks. “Organizations using VHD PTZ camera firmware < 6.3.40 ” reads the analysis published by GreyNoise.

Firmware

Firmware Manufacturing IoT Healthcare

Zyxel firewalls targeted in recent ransomware attacks

Security Affairs

NOVEMBER 25, 2024

Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise.

Firewall

Firewall Ransomware VPN Firmware

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

NOVEMBER 20, 2019

Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. Firmware is on everything from hard drives, motherboards and routers to office printers and smart medical devices. The Chinese are all over this.

Firmware

Firmware Hacking Software Surveillance

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the installation of persistent backdoors.

Firmware

Firmware Hacking Authentication Advertising

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Ransomware Encryption Advertising

Conti ransomware targeted Intel firmware for stealthy attacks

Bleeping Computer

JUNE 2, 2022

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [.].

Firmware

Firmware Ransomware Cybercrime Hacking

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

FEBRUARY 26, 2020

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

Firewall

Firewall Firmware VPN IoT

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

As of the publication, no publicly known vulnerabilities have been identified in the latest firmware version. CVE-2024-8356 : Unsigned code vulnerability in VIP MCU, allowing unauthorized firmware uploads that could impact vehicle subsystems. ” concludes the report.

Hacking

Hacking Firmware Software Manufacturing

Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks

The Hacker News

JUNE 2, 2022

An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices.

Firmware

Firmware Ransomware

Ransomware threat to SonicWall Customers

CyberSecurity Insiders

JULY 16, 2021

SonicWall that offers next generation firewalls and various Cybersecurity solutions has announced that its customers using certain products are at a risk of being cyber attacked with ransomware. x firmware is going to reach its EOL aka End of Life. x firmware can use a complimentary virtual SMA 500v until the end of October this year.

Ransomware

Ransomware Firmware Cyber Attacks Firewall

Ransomware Campaign Poses a Threat to EOL 8.x Firmware: SonicWall Security Notification Released

Heimadal Security

JULY 15, 2021

Ransomware risk is at every corner. Now a new SonicWall security notification announced on the company’s website informs users about an imminent threat of ransomware risk. x firmware. The post Ransomware Campaign Poses a Threat to EOL 8.x These products are unpatched and run the EOL (end-of-life) 8.x What’s the goal?

Firmware

Firmware Ransomware Mobile Risk

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

NOVEMBER 7, 2024

In the same way, utilities around the world have experienced service disruptions as ransomware targets back-end systems. Firmware integrity checks: Regularly check that each device's firmware is up to date and verified—especially when outdated firmware is one of the most common entry points for attackers.

IoT

IoT Firmware Encryption Authentication

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. SonicWall this week has issued an urgent security alert to warn companies of “ an imminent ransomware campaing ” targeting some of its equipment that reached end-of-life (EoL).

Ransomware

Ransomware Firmware Mobile InfoSec

NFC Flaws in POS Devices and ATMs

Schneier on Security

JUNE 28, 2021

Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems’ firmware.

Firmware

Firmware Retail Hacking Ransomware

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Krebs on Security

JUNE 8, 2023

Nicholas Weaver , a researcher at University of California, Berkeley’s International Computer Science Institute (ICSI), said it is likely that the malware was able to corrupt the underlying firmware that powers the ESG devices in some irreparable way. “That’s not a ransomware actor, that’s a state actor. .

Firmware

Firmware Malware Software Ransomware

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” concludes the report.

Firmware

Firmware Engineering Ransomware Malware

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

SecureWorld News

OCTOBER 31, 2024

Warding off zombies : Regularly update device firmware, patch IoT devices, and monitor for unusual traffic patterns. Like vampires, malware strains can operate quietly, leeching data or encrypting files without warning, making ransomware and spyware infections incredibly haunting.

IoT

IoT Phishing DDOS Backups

QNAP Devices Targeted in Ransomware Attack

Heimadal Security

JANUARY 26, 2022

The DeadBolt ransomware organization is encrypting QNAP NAS systems all around the globe, claiming that they are exploiting a zero-day vulnerability in the device’s firmware to do so. The post QNAP Devices Targeted in Ransomware Attack appeared first on Heimdal Security Blog. QNAP Systems, Inc. What Happened?

Ransomware

Ransomware Firmware Surveillance Encryption

Protecting Your Fortinet Devices With Firmware Security

Security Boulevard

NOVEMBER 2, 2021

Vulnerabilities in enterprise network and security devices are being aggressively targeted by APT and ransomware threat actors as initial access vectors into enterprises. The post Protecting Your Fortinet Devices With Firmware Security appeared first on Security Boulevard.

Firmware

Firmware Ransomware

Ranzy Locker Ransomware warning issued by FBI

CyberSecurity Insiders

OCTOBER 28, 2021

US Federal Bureau of Investigation (FBI) has issued an alert that a new ransomware dubbed as Ranzy Locker is on the prowl in the wild and has so far attained success in victimizing over 30 companies operating in America. The post Ranzy Locker Ransomware warning issued by FBI appeared first on Cybersecurity Insiders.

Ransomware

Ransomware Firmware Encryption Backups

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

SonicWall has issued an urgent security alert to warn customers of “ an imminent ransomware campaing ” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “ an imminent ransomware campaing ” targeting some of its equipment that reached end-of-life (EoL). x firmware versions. 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

MAY 1, 2021

Taiwanese vendor QNAP is warning its customers of AgeLocker ransomware attacks on their NAS devices. Crooks behind the AgeLocker ransomware operation are targeting QNAP NAS devices, the Taiwanese vendor warns. In June the company also warned of eCh0raix ransomware attacks that targeted its NAS devices. Pierluigi Paganini.

Ransomware

Ransomware Cryptocurrency Malware Internet

Maze Ransomware operators published data from LG and Xerox

Security Affairs

AUGUST 4, 2020

Maze ransomware operators published internal data from LG and Xerox after the company did not pay the ransom. Ransomware crews are very active during these months, Maze ransomware operators have published tens of GB of internal data allegedly stolen from IT giants LG and Xerox following failed extortion attempts. GB from Xerox.

Ransomware

Ransomware Encryption Advertising Hacking

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. SecurityAffairs – hacking, Ranzy Locker ransomware).

Ransomware

Ransomware Firmware Antivirus Accountability

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Security Affairs

DECEMBER 17, 2020

FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay, threatening to send individuals to their homes. “As of February 2020, in multiple instances, DoppelPaymer actors had followed ransomware infections with calls to the victims to extort payments through intimidation or threatening to release exfiltrated data.

Ransomware

Ransomware Backups Firmware Accountability

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” states the vendor.

Ransomware

Ransomware Firmware Encryption Engineering

HelloKitty ransomware is targeting vulnerable SonicWall devices

Bleeping Computer

JULY 17, 2021

CISA is warning of threat actors targeting "a known, previously patched, vulnerability" found in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products with end-of-life firmware. [.].

Firmware

Firmware Ransomware Mobile

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

A new ransomware strain dubbed Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom payment. Experts are warning of a new strain of ransomware named Qlocker that is infecting hundreds of QNAP NAS devices on daily bases. If anyone's dealing with the QLocker QNAP NAS ransomware, feel free to DM me.

Ransomware

Ransomware Backups Media Malware

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs

JANUARY 16, 2022

QNAP NAS devices are under attack, experts warn of a new Qlocker ransomware campaign that hit devices worldwide. A new wave of Qlocker ransomware it targeting QNAP NAS devices worldwide, the new campaign started on January 6 and it drops ransom notes named !!!READ_ME.txt Up to date apps and firmware seem not to help either.”

Ransomware

Ransomware Encryption Backups Firmware

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

A new piece of ransomware called Cr1ptT0r infects embedded systems and network attached storage (NAS) devices exposed online. A new piece of ransomware called Cr1ptT0r was discovered by experts, it infects embedded systems and network attached storage (NAS) devices exposed online. No extension added to locked files.

Ransomware

Ransomware DNS Firmware Encryption

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

Maze ransomware operators claims to have breached the South Korean multinational electronics company LG Electronics. Researchers at Cyble discovered a data leak of LG Electronics published by Maze ransomware operators. Just after the WorldNet Telecommunications, the LG electronics fall as a victim of the Maze ransomware operators.”

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

A new variant of the eCh0raix ransomware is able to target Network-Attached Storage (NAS) devices from both QNAP and Synology vendors. A newly variant of the eCh0raix ransomware is able to infect Network-Attached Storage (NAS) devices from Taiwanese vendors QNAP and Synology. ” reads the report published by Palo Alto Researchers.

Ransomware

Ransomware Encryption Firmware Passwords

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November.

Ransomware

Ransomware Antivirus Passwords Malware

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware attacks against education institutions. PowerShell) to easily deploy tooling or ransomware. Pierluigi Paganini.

Education

Education Ransomware Antivirus Backups

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Canon DSLR Camera Infected with Ransomware Over the Air. A researcher discovered 6 flaws in the image transfer protocol used in Canon EOS 80D DSLR cameras that allow him to infect the device with ransomware over the air. An attacker could exploit the flaw to compromise the device and install ransomware on the camera.

Ransomware

Ransomware Firmware Wireless Encryption

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Malwarebytes

MAY 8, 2023

While the statement does not reveal a lot of tangible information, this snippet is important: “MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.” Money Message is a new ransomware which targets both Windows and Linux systems.

Firmware

Firmware Ransomware Backups Malware

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. The Cring ransomware appeared in the threat landscape in January, it was first reported by Amigo_A and the CSIRT team of Swisscom. The #CRING #ransomware is then downloaded via certutill.

VPN

VPN Ransomware Antivirus Firmware

SonicWall Warning: 'Imminent Risk of a Targeted Ransomware Attack'

SecureWorld News

JULY 14, 2021

Just because the infamous REvil ransomware gang suddenly disappeared this week does not mean it's time to relax on the cybersecurity front. x firmware in an imminent ransomware campaign using stolen credentials. x firmware in an imminent ransomware campaign using stolen credentials.

Risk

Risk Ransomware Firmware Mobile

New tech on SSDs to stop ransomware spread

CyberSecurity Insiders

SEPTEMBER 10, 2021

A group of researchers presented a new tech that can be installed on Solid State Drives (SSD)s to keep a check on ransomware spread. All these days, we have seen some antivirus software providers offer tech that can fight ransomware. All these days, we have seen some antivirus software providers offer tech that can fight ransomware.

Ransomware

Ransomware Firmware Antivirus Encryption

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

The Hacker News

JULY 15, 2021

Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x x firmware.

VPN

VPN Ransomware Firmware Mobile

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

X remote access devices that they have been made aware of an imminent ransomware campaign using stolen credentials. The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware. x firmware versions.

Ransomware

Ransomware Firmware VPN Passwords

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

Trending Sources

PTZOptics cameras zero-days actively exploited in the wild

Zyxel firewalls targeted in recent ransomware attacks

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

QNAP urges users to update NAS firmware and app to prevent infections

Conti ransomware targeted Intel firmware for stealthy attacks

Zyxel 0day Affects its Firewall Products, Too

Mazda Connect flaws allow to hack some Mazda vehicles

Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks

Ransomware threat to SonicWall Customers

Ransomware Campaign Poses a Threat to EOL 8.x Firmware: SonicWall Security Notification Released

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

HelloKitty ransomware gang targets vulnerable SonicWall devices

NFC Flaws in POS Devices and ATMs

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

QNAP Devices Targeted in Ransomware Attack

Protecting Your Fortinet Devices With Firmware Security

Ranzy Locker Ransomware warning issued by FBI

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

AgeLocker ransomware operation targets QNAP NAS devices

Maze Ransomware operators published data from LG and Xerox

Ranzy Locker ransomware hit tens of US companies in 2021

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

HelloKitty ransomware is targeting vulnerable SonicWall devices

FBI published a flash alert on Mamba Ransomware attacks

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Maze ransomware operators claim to have breached LG Electronics

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

BlackCat Ransomware gang breached over 60 orgs worldwide

NCSC warns of a surge in ransomware attacks on education institutions

Infecting Canon EOS DSLR camera with ransomware over the air

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

SonicWall Warning: 'Imminent Risk of a Targeted Ransomware Attack'

New tech on SSDs to stop ransomware spread

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

SonicWall warns users of “imminent ransomware campaign”

Stay Connected