Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-02-11 16:57:54 |
The Week in Ransomware - February 11th 2022 - Maze, Egregor decryptors (lien direct) |
We saw the Maze ransomware developers reemerge briefly this week as they shared the master decryption keys for the Egregor, Maze, and Sekhmet ransomware operations. [...] |
Ransomware
|
|
★★★
|
|
2022-02-09 10:26:31 |
Ransomware dev releases Egregor, Maze master decryption keys (lien direct) |
The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums by the alleged malware developer. [...] |
Ransomware
Malware
|
|
|
|
2022-02-08 07:45:04 |
NetWalker ransomware affiliate sentenced to 80 months in prison (lien direct) |
Sebastien Vachon-Desjardins, a Canadian man charged by the US for his involvement in NetWalker ransomware attacks, was sentenced to 6 years and 8 months in prison after pleading guilty before an Ontario judge to multiple offenses linked to attacks on 17 Canadian victims. [...] |
Ransomware
Guideline
|
|
|
|
2022-02-07 15:49:03 |
Puma hit by data breach after Kronos ransomware attack (lien direct) |
Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. [...] |
Ransomware
Data Breach
|
|
|
|
2022-02-07 12:08:23 |
(Déjà vu) Free decryptor released for TargetCompany ransomware victims (lien direct) |
Czech cybersecurity software firm Avast has released a decryption utility to help TargetCompany ransomware victims recover their files for free. [...] |
Ransomware
|
|
|
|
2022-02-06 10:17:34 |
Law enforcement action push ransomware gangs to surgical attacks (lien direct) |
The numerous law enforcement operations leading to the arrests and takedown of ransomware operations in 2021 have forced threat actors to narrow their targeting scope and maximize the efficiency of their operations. [...] |
Ransomware
Threat
Guideline
|
|
|
|
2022-02-05 17:29:54 |
BlackCat (ALPHV) ransomware linked to BlackMatter, DarkSide gangs (lien direct) |
The Black Cat ransomware gang, also known as ALPHV, has confirmed they are former members of the notorious BlackMatter/DarkSide ransomware operation. [...] |
Ransomware
|
|
|
|
2022-02-05 10:00:00 |
FBI shares Lockbit ransomware technical details, defense tips (lien direct) |
The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with Lockbit ransomware attacks in a new flash alert published this Friday. [...] |
Ransomware
|
|
|
|
2022-02-04 19:15:26 |
The Week in Ransomware - February 4th 2022 - Critical Infrastructure (lien direct) |
Critical infrastructure suffered ransomware attacks, with threat actors targeting an oil petrol distributor and oil terminals in major ports in different attacks. [...] |
Ransomware
Threat
|
|
|
|
2022-02-04 13:16:06 |
A look at the new Sugar ransomware demanding low ransoms (lien direct) |
A new Sugar Ransomware operation actively targets individual computers, rather than corporate networks, with low ransom demands. [...] |
Ransomware
|
|
|
|
2022-02-04 11:01:14 |
HHS: Conti ransomware encrypted 80% of Ireland\'s HSE IT systems (lien direct) |
A threat brief published by the US Department of Health and Human Services (HHS) on Thursday paints a grim picture of how Ireland's health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year's Conti ransomware attack. [...] |
Ransomware
Threat
|
|
|
|
2022-02-04 09:29:04 |
Swissport ransomware attack delays flights, disrupts operations (lien direct) |
Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays. [...] |
Ransomware
|
|
|
|
2022-02-02 11:49:49 |
KP Snacks giant hit by Conti ransomware, deliveries disrupted (lien direct) |
KP Snacks, a major producer of popular British snacks has been hit by the Conti ransomware group affecting distribution to leading supermarkets. [...] |
Ransomware
Guideline
|
|
★★★★
|
|
2022-02-02 11:02:58 |
Business services provider Morley discloses ransomware incident (lien direct) |
Morley Companies Inc. disclosed a data breach after suffering a ransomware attack on August 1st, 2021, allowing threat actors to steal data before encrypting files. [...] |
Ransomware
Data Breach
Threat
|
|
|
|
2022-02-01 14:00:00 |
Cyberspies linked to Memento ransomware use new PowerShell malware (lien direct) |
An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell. [...] |
Ransomware
Malware
Conference
|
APT 35
APT 35
|
|
|
2022-01-31 14:28:48 |
QNAP: DeadBolt ransomware exploits a bug patched in December (lien direct) |
Taiwan-based network-attached storage (NAS) maker QNAP urges customers to enable firmware auto-updating on their devices to defend against active attacks. [...] |
Ransomware
|
|
|
|
2022-01-28 16:57:32 |
The Week in Ransomware - January 28th 2022 - Get NAS devices off the Internet (lien direct) |
It's been a busy week with ransomware attacks tied to political protests, new attacks on NAS devices, amazing research released about tactics, REvil's history, and more. [...] |
Ransomware
|
|
|
|
2022-01-28 01:30:00 |
QNAP force-installs update after DeadBolt ransomware hits 3,600 devices (lien direct) |
QNAP force-updated customer's Network Attached Storage (NAS) devices with firmware containing the latest security updates to protect against the DeadBolt ransomware, which has already encrypted over 3,600 devices. [...] |
Ransomware
|
|
|
|
2022-01-27 14:28:27 |
Taiwanese Apple and Tesla contractor hit by Conti ransomware (lien direct) |
Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell, disclosed that it was the victim of a cyberattack discovered on Friday morning. [...] |
Ransomware
|
|
|
|
2022-01-26 18:40:10 |
Linux version of LockBit ransomware targets VMware ESXi servers (lien direct) |
LockBit is the latest ransomware gang whose Linux encryptor has been discovered to be focusing on the encryption of VMware ESXi virtual machines. [...] |
Ransomware
|
|
|
|
2022-01-26 04:34:33 |
QNAP warns of new DeadBolt ransomware encrypting NAS devices (lien direct) |
QNAP is warning customers again to secure their Internet-exposed Network Attached Storage (NAS) devices to defend against ongoing and widespread attacks targeting their data with the new DeadBolt ransomware strain. [...] |
Ransomware
|
|
|
|
2022-01-25 19:28:37 |
New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key (lien direct) |
A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software. [...] |
Ransomware
Vulnerability
|
|
|
|
2022-01-24 11:40:20 |
Ransomware gangs increase efforts to enlist insiders for attacks (lien direct) |
A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks. [...] |
Ransomware
|
|
|
|
2022-01-21 16:40:51 |
The Week in Ransomware - January 21st 2022 - Arrests, Wipers, and More (lien direct) |
It has been quite a busy week with ransomware, with law enforcement making arrests, data-wiping attacks, and the return of the Qlocker ransomware. [...] |
Ransomware
|
|
|
|
2022-01-20 13:37:25 |
FBI links Diavol ransomware to the TrickBot cybercrime group (lien direct) |
The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan. [...] |
Ransomware
Malware
|
|
|
|
2022-01-20 10:41:20 |
Indonesia\'s central bank confirms ransomware attack, Conti leaks data (lien direct) |
Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. [...] |
Ransomware
|
|
|
|
2022-01-19 16:25:11 |
Marketing giant RRD confirms data theft in Conti ransomware attack (lien direct) |
RR Donnelly has confirmed that threat actors stole data in a December cyberattack, confirmed by BleepingComputer to be a Conti ransomware attack. [...] |
Ransomware
Threat
|
|
|
|
2022-01-18 14:51:50 |
Fashion giant Moncler confirms data breach after ransomware attack (lien direct) |
Italian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web. [...] |
Ransomware
Data Breach
|
|
|
|
2022-01-18 11:56:00 |
New White Rabbit ransomware linked to FIN8 hacking group (lien direct) |
A new ransomware family called 'White Rabbit' appeared in the wild recently, and according to recent research findings, could be a side-operation of the FIN8 hacking group. [...] |
Ransomware
|
|
|
|
2022-01-18 06:55:34 |
Europol shuts down VPN service used by ransomware groups (lien direct) |
Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. [...] |
Ransomware
Malware
|
|
|
|
2022-01-16 13:32:35 |
Microsoft: Fake ransomware targets Ukraine in data-wiping attacks (lien direct) |
Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine. [...] |
Ransomware
Malware
|
|
|
|
2022-01-15 12:06:08 |
Russia charges 8 suspected REvil ransomware gang members (lien direct) |
Eight members of the REvil ransomware operation that have been detained by Russian officers are currently facing criminal charges for their illegal activity. [...] |
Ransomware
|
|
|
|
2022-01-15 11:20:00 |
Qlocker ransomware returns to target QNAP NAS devices worldwide (lien direct) |
Threat actors behind the Qlocker ransomware are once again targeting Internet-exposed QNAP Network Attached Storage (NAS) devices worldwide. [...] |
Ransomware
Threat
|
|
|
|
2022-01-14 18:53:15 |
The Week in Ransomware - January 14th 2022 - Russia finally takes action (lien direct) |
Today, the Russian government announced that they arrested fourteen members of the REvil ransomware gang on behalf of US authorities. [...] |
Ransomware
|
|
|
|
2022-01-14 12:33:39 |
Defense contractor Hensoldt confirms Lorenz ransomware attack (lien direct) |
Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary's systems were compromised in a ransomware attack. [...] |
Ransomware
|
|
|
|
2022-01-14 08:51:17 |
(Déjà vu) Russia arrests REvil ransomware gang members, seize $6.6 million (lien direct) |
The Federal Security Service (FSB) of the Russian Federation has announced today that they shut down the REvil ransomware gang after U.S. authorities reported on the leader. [...] |
Ransomware
Guideline
|
|
|
|
2022-01-14 08:51:17 |
Russian government arrests REvil ransomware gang members (lien direct) |
The Federal Security Service (FSB) of the Russian Federation has announced today that they shut down the REvil ransomware gang after U.S. authorities reported on the leader. [...] |
Ransomware
Guideline
|
|
|
|
2022-01-13 07:47:19 |
Ukranian police arrests ransomware gang that hit over 50 firms (lien direct) |
Ukrainian police officers have arrested a ransomware affiliate group responsible for attacking at least 50 companies in the U.S. and Europe. [...] |
Ransomware
|
|
|
|
2022-01-12 12:53:27 |
Magniber ransomware using signed APPX files to infect systems (lien direct) |
The Magniber ransomware has been spotted using Windows application package files (.APPX) signed with valid certificates to drop malware pretending to be Chrome and Edge web browser updates. [...] |
Ransomware
Malware
|
|
|
|
2022-01-12 11:36:26 |
TellYouThePass ransomware returns as a cross-platform Golang threat (lien direct) |
TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target major platforms beyond Windows, like macOS and Linux. [...] |
Ransomware
Threat
|
|
|
|
2022-01-11 06:24:43 |
Night Sky ransomware uses Log4j bug to hack VMware Horizon servers (lien direct) |
The Night Sky ransomware gang has started to exploit the critical CVE-2021-4422 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems. [...] |
Ransomware
Hack
Vulnerability
|
|
|
|
2022-01-10 18:32:32 |
FinalSite: No school data stolen in ransomware attack behind site outages (lien direct) |
FinalSite announced today the findings of a six-day investigation into last week's ransomware attack, stating it found no evidence schools' data accessed or stolen by hackers. [...] |
Ransomware
|
|
|
|
2022-01-10 16:09:01 |
Linux version of AvosLocker ransomware targets VMware ESXi servers (lien direct) |
AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines. [...] |
Ransomware
Malware
|
|
|
|
2022-01-07 17:50:34 |
The Week in Ransomware - January 7th 2022 - Watch out for USB drives (lien direct) |
With the holidays these past two weeks, there have been only a few known ransomware attacks and little research released. Here is what we know. [...] |
Ransomware
|
|
|
|
2022-01-07 13:14:19 |
(Déjà vu) FBI: Hackers use BadUSB to target defense firms with ransomware (lien direct) |
The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminal group targeted the US defense industry with packages containing malicious USB devices to deploy ransomware. [...] |
Ransomware
|
|
|
|
2022-01-07 08:20:29 |
QNAP warns of ransomware targeting Internet-exposed NAS devices (lien direct) |
QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks. [...] |
Ransomware
|
|
|
|
2022-01-06 19:34:06 |
FinalSite ransomware attack shuts down thousands of school websites (lien direct) |
FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide. [...] |
Ransomware
Guideline
|
|
|
|
2022-01-06 17:09:12 |
Night Sky is the latest ransomware targeting corporate networks (lien direct) |
It's a new year, and with it comes a new ransomware to keep an eye on called 'Night Sky' that targets corporate networks and steals data in double-extortion attacks. [...] |
Ransomware
|
|
|
|
2021-12-29 14:01:07 |
(Déjà vu) Ransomware gang coughs up decryptor after realizing they hit the police (lien direct) |
The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency. [...] |
Ransomware
|
|
|
|
2021-12-29 14:01:07 |
AvosLocker ransomware gives free decryptor to US police dept (lien direct) |
The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency. [...] |
Ransomware
|
|
|