What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-20 10:41:20 | Indonesia\'s central bank confirms ransomware attack, Conti leaks data (lien direct) | Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. [...] | Ransomware | ||
 |
2022-01-20 00:28:40 | A Trip to the Dark Site - Leak Sites Analyzed (lien direct) | Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can | Ransomware Threat | ||
 |
2022-01-20 00:00:00 | Rapport WatchGuard Threat Lab : 2021, l\'année de l\'explosion du nombre de malwares et ransomwares ciblant les endpoints (lien direct) | Paris, le 19 janvier 2022 - WatchGuard® Technologies, leader mondial en matière de sécurité et d\'intelligence réseau, de Wi-Fi sécurisé, d\'authentification multifacteur et de protection avancée des postes de travail, publie aujourd\'hui les résultats de son dernier rapport trimestriel sur la sécurité Internet. Ce rapport met en évidence les principales tendances en matière de malwares et menaces pour la sécurité réseau au troisième trimestre 2021, analysées par les chercheurs du Threat Lab de WatchGuard. Les données indiquent que si le volume total de détections de malwares dans le périmètre a diminué par rapport aux sommets atteints au trimestre précédent, les détections de malwares sur les endpoints ont quant à elles déjà dépassé le volume total observé en 2020 (les données du quatrième trimestre 2021 n\'ayant pas encore été communiquées). En outre, un pourcentage important de malwares continue de mettre à profit des connexions chiffrées, confirmant la tendance des trimestres précédents. Les rapports de recherche trimestriels de WatchGuard sont basés sur des données anonymisées provenant d\'appliances Firebox actives chez les clients WatchGuard et dont les propriétaires ont choisi de partager les données pour soutenir directement les efforts de recherche du Threat Lab. Au troisième trimestre 2021, WatchGuard a bloqué plus de 16,6 millions de variantes de malwares et près de 4 millions de menaces réseau. Corey Nachreiner, Chief Security Officer chez WatchGuard commente : " Alors que le volume total d\'attaques réseau a légèrement diminué au troisième trimestre, le nombre de malwares détectés par terminal a progressé pour la première fois depuis le début de la pandémie. Mais il est important que les entreprises voient plus loin que les fluctuations à court terme pour se concentrer sur les tendances persistantes et préoccupantes telles que l\'utilisation accélérée des connexions chiffrées dans les attaques Zero-Day ". Parmi ses conclusions les plus notables, le rapport sur la sécurité Internet du troisième trimestre 2021 de WatchGuard révèle ce qui suit : Près de la moitié des malwares Zero-Day sont désormais diffusés via des connexions chiffrées – Alors que le nombre total de malwares 0-Day a connu une augmentation modeste de 3 % pour atteindre 67,2 % de l\'ensemble des malwares au troisième trimestre, le pourcentage de malwares diffusés via le protocole TLS (Transport Layer Security) a grimpé de 31,6 % à 47 %. Même si une moindre proportion des attaques Zero-Day chiffrées sont considérées comme avancées, la situation reste préoccupante d\'après les données de WatchGuard : celles-ci montrent en effet qu\'un grand nombre d\'organisations ne déchiffrent pas ces connexions et ont donc une mauvaise visibilité sur la quantité de malwares qui pénètrent leurs réseaux. Les cybercriminels ciblent les nouvelles vulnérabilités au fur et à mesure que les utilisateurs passent à des versions plus récentes de Microsoft Windows et Office – Si les vulnérabilités non corrigées des anciens logiciels restent un terrain de chasse prisé des cybercriminels, ces derniers cherchent également à exploiter les faiblesses des toutes dernières versions des produits Microsoft les plus répandus. Au troisième trimestre, CVE-2018-0802, qui exploite une vulné | Ransomware Tool Threat | ★★★ | |
 |
2022-01-19 22:45:00 | Anomali Cyber Watch: Russia-Sponsored Cyber Threats, China-Based Earth Lusca Active in Cyberespionage and Cybertheft, BlueNoroff Hunts Cryptocurrency-Related Businesses, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, HTTP Stack, Malspam, North Korea, Phishing, Russia and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques
(published: January 17, 2022)
The Earth Lusca threat group is part of the Winnti cluster. It is one of different Chinese groups that share aspects of their tactics, techniques, and procedures (TTPs) including the use of Winnti malware. Earth Lusca were active throughout 2021 committing both cyberespionage operations against government-connected organizations and financially-motivated intrusions targeting gambling and cryptocurrency-related sectors. For intrusion, the group tries different ways in including: spearphishing, watering hole attacks, and exploiting publicly facing servers. Cobalt Strike is one of the group’s preferred post-exploitation tools. It is followed by the use of the BioPass RAT, the Doraemon backdoor, the FunnySwitch backdoor, ShadowPad, and Winnti. The group employs two separate infrastructure clusters, first one is rented Vultr VPS servers used for command-and-control (C2), second one is compromised web servers used to scan for vulnerabilities, tunnel traffic, and Cobalt Strike C2.
Analyst Comment: Earth Lusca often relies on tried-and-true techniques that can be stopped by security best practices, such as avoiding clicking on suspicious email/website links and or reacting on random banners urging to update important public-facing applications. Don’t be tricked to download Adobe Flash update, it was discontinued at the end of December 2020. Administrators should keep their important public-facing applications (such as Microsoft Exchange and Oracle GlassFish Server) updated.
MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] System Services - T1569 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] BITS Jobs - T1197 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Create or Modify System Process - T1543 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Hijack Execution Flow |
Ransomware Malware Tool Vulnerability Threat Patching Guideline | APT 41 APT 38 APT 29 APT 28 APT 28 | |
 |
2022-01-19 22:00:00 | Une source pour les gouverner toutes: Chasing Avaddon Ransomware One Source to Rule Them All: Chasing AVADDON Ransomware (lien direct) |
Le modèle Ransomware-as-a-Service (RAAS) réduit la barrière d'entrée dans le monde de la cybercriminalité, provoquant le nombre d'attaques de ransomware que nous \'Regurez-vous plus haut que jamais.
Au cours des dernières années, le ransomware est devenu l'une des principales sources de revenus dans l'écosystème de cybercriminalité, avec une utilisation accrue de l'extorsion en faisant honte aux victimes , menaçant de libérer des données exfiltrées, et dans certains cas les frappant avec des attaques de déni de service distribué (DDOS).
Ce billet de blog explore l'activité, les similitudes et les chevauchements entre plusieurs familles de ransomwares liées à Avaddon
The ransomware-as-a-service (RaaS) model is lowering the barrier of entry into the cybercrime world, causing the number of ransomware attacks we\'re seeing to spike higher than ever before. In the last few years, ransomware has become one of the principal sources of income in the cybercrime ecosystem, with increased use of extortion by shaming victims, threatening to release exfiltrated data, and in some cases hitting them with distributed denial-of-service (DDoS) attacks. This blog post explores activity, similarities and overlaps between multiple ransomware families related to AVADDON |
Ransomware | ★★★ | |
 |
2022-01-19 20:55:28 | Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say (lien direct) | Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia's wider effort to undermine Ukraine's sovereignty, according to analysts. | Ransomware Malware | ||
 |
2022-01-19 17:30:00 | (Déjà vu) Ransomware Attack on Moncler (lien direct) | Luxury fashion brand confirms data breach caused by ransomware attack | Ransomware Data Breach | ||
|
2022-01-19 16:25:11 | Marketing giant RRD confirms data theft in Conti ransomware attack (lien direct) | RR Donnelly has confirmed that threat actors stole data in a December cyberattack, confirmed by BleepingComputer to be a Conti ransomware attack. [...] | Ransomware Threat | ||
 |
2022-01-19 15:03:25 | Five Ransomware Myths that Leave Businesses Vulnerable (lien direct) |
In June 2021, The Washington Post identified five ransomware myths that could cloud organizations' security strategies. It's been a few months since the list was released, so Let's see how those myths are looking as we launch into Q1 of 2022: |
Ransomware | ||
|
2022-01-19 10:00:00 | (Déjà vu) Webinar February 3rd 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2022-01-19 09:27:00 | Thousands of US Public Sector Ransomware Victims in 2021 (lien direct) | Research shows healthcare organizations were hit hardest | Ransomware | ||
 |
2022-01-19 06:05:49 | Is White Rabbit ransomware linked to FIN8 financially motivated group? (lien direct) | A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. In December the popular malware researcher Michael Gillespie, […] | Ransomware Malware Threat | ||
|
2022-01-19 04:29:31 | FIN8 Hackers Spotted Using New \'White Rabbit\' Ransomware in Recent Attacks (lien direct) | The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware's overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February | Ransomware | ||
 |
2022-01-19 00:00:00 | Quelles tendances émergentes de cybersécurité devraient-elles être conscientes? Alors que le monde devient plus connecté numériquement, les entreprises doivent être conscientes des risques croissants de cybersécurité. What Emerging Cybersecurity Trends Should Enterprises Be Aware Of?As the world becomes more digitally connected, enterprises need to be aware of the growing cybersecurity risks.Read More (lien direct) |
As the world becomes more digitally connected every year â and with the pandemic further accelerating digital transformation â all types of enterprises need to be aware of the growing cybersecurity risks that come with this shift. In Europe, for example, significant attacks on critical sectors more than doubled in 2020 compared to 2019, according to data from the European Union Agency for Cybersecurity, as reported by CNN. In 2021, the picture arguably became even bleaker around the world, with major ransomware attacks causing disruption to companies in industries ranging from energy to meat processing.In the first six months of 2021 alone, ransomware-related reported activity in the U.S. had a higher total value ($590 million) than all ransomware-related reported suspicious activity in the U.S. in 2020, according to the U.S. Department of Treasury\'s Financial Crimes Enforcement Network (FinCEN). The total number of suspicious events filed in the first six months of 2021 in the U.S. also exceeded all of what occurred in the country in 2020 by 30%, the agency reports. Yet itâs not just ransomware thatâs wreaking havoc. Enterprises also need to be prepared for cyber threats like denial of service (DoS) attacks, where a flood of network activity can interrupt servers, thereby causing business interruption. Cisco predicts that distributed denial of service (DDoS) attacks (a subset of DoS, which involves using multiple devices to send a flood of traffic, as opposed to just using one device with a DoS attack) globally will roughly âdouble from 7.9 million in 2018 to 15.4 million by 2023.âIn addition to preparing for these types of cyberattacks, enterprises will also increasingly need to be aware of and comply with privacy-related regulations. As governments around the world try to bolster their cybersecurity responses, they are passing or at least considering new rules and guidance around how companies need to handle sensitive data and privacy issues. Amidst this preparation, enterprises also need to recognize that cybersecurity plans arenât foolproof, especially as attacks evolve. That means assets could be at risk even with solid defenses in place. So, enterprises increasingly need to think about not just how to prevent cyber attacks but also consider the dollar-value cost of risk, given that events will inevitably occur. This process, known as cyber risk quantification â a form of financial quantification â helps enterprises think about and discuss cyber risk in definitive business terms. Knowing how much money is at stake and how different cyber events could affect revenue and profit can help businesses prioritize defenses and take mitigating action like securing cyber insurance. In this report, weâll take a closer look at these emerging cybersecurity trends that enterprises should be aware of. Understanding these areas can help organizations potentially improve their risk management, both from a cybersecurity and overall governance standpoint. ââEvolving Ransomware RisksWhile ransomware is not a new type of threat, the scale and intensity of ransomware continue to broaden. Enterprises large and small, across all types of industries, need to be prepared for these cyber attacks.For one, ransomware-as-a-service, âwhere ransomware variants are licensed to individuals and accomplices to execute attacks,â as Reuters explains, has been on the rise. Based on suspicious activity reports, FinCEN identified 68 ransomware variants in the first half of 2021.âThe resulting emergence of new attackers has led to increased uncertainty and volatility for companies in responding to attacks due to the lack of information on the growing number of ransomware threat actors,â adds Reuters.Part of the problem is also that ransomware attacks arenât just being launched on an ad-hoc basis by individuals. Instead, thereâs in | Ransomware Tool Threat Prediction Cloud | ★★★ | |
|
2022-01-18 21:58:59 | AlphV/BlackCat ransomware gang published data stolen from fashion giant Moncler (lien direct) | Luxury fashion giant Moncler confirmed a data breach after a ransomware attack carried out by the AlphV/BlackCat. Moncler confirmed a data breach after an attack that took place in December. The luxury fashion giant was hit by AlphV/BlackCat ransomware that today published the stolen data on its leak site in the Tor network. In December, malware […] | Ransomware Data Breach Malware | ||
|
2022-01-18 17:23:12 | \'White Rabbit\' Ransomware May Be FIN8 Tool (lien direct) | It's a double-extortion play that uses the command-line password 'KissMe' to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art. | Ransomware Tool | ||
|
2022-01-18 14:51:50 | Fashion giant Moncler confirms data breach after ransomware attack (lien direct) | Italian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web. [...] | Ransomware Data Breach | ||
 |
2022-01-18 14:26:22 | Five Key Signals From Russia\'s REvil Ransomware Bust (lien direct) | The sudden move by Russia's top law enforcement agency to conduct a very public takedown of the REvil ransomware operation has set tongues wagging about how diplomacy may hold the key to slowing big-game ransomware attacks. | Ransomware | ||
|
2022-01-18 11:56:00 | New White Rabbit ransomware linked to FIN8 hacking group (lien direct) | A new ransomware family called 'White Rabbit' appeared in the wild recently, and according to recent research findings, could be a side-operation of the FIN8 hacking group. [...] | Ransomware | ||
 |
2022-01-18 08:15:00 | Police take down VPN linked to multiple ransomware hits (lien direct) | Pas de details / No more details | Ransomware | ||
|
2022-01-18 06:55:34 | Europol shuts down VPN service used by ransomware groups (lien direct) | Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. [...] | Ransomware Malware | ||
|
2022-01-18 05:23:32 | Europol Shuts Down VPNLab, Cybercriminals\' Favourite VPN Service (lien direct) | VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the | Ransomware | ||
|
2022-01-18 04:14:09 | Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack (lien direct) | Healthcare providers Caring Communities and Entira Family Clinics are warning patients that their personal information may have been exposed in a data breach that hit tech vendor Netgain Technology more than a year ago. | Ransomware Data Breach | ||
 |
2022-01-17 20:32:11 | Wiper malware hit Ukrainian organizations (lien direct) | FortiGuard Labs is aware of a report that multiple organizations in the Ukraine were impacted by destructive malware. The malware looks to be some kind of ransomware at first glance; however, it does not have the telltale signs of ransomware. It overwrites the victim's Master Boot Record (MBR) and files with specific file extensions without any recovery mechanism, which are enough to classify the malware as a destructive wiper malware.Why is this Significant?This is significant because the attack involves a wiper malware that destroys the victim's MBR and certain files without any recovery mechanism.How Widespread is the Attack?At this point, the attack only affected multiple unnamed organizations in Ukraine.What the Details of the Attack?Initial attack vector has not yet been identified.This attack involves three malware.The first malware overwrites the victim's Master Boot Record (MBR) which makes Windows OS unbootable and leaves a ransom note that reads below:Your hard drive has been corrupted.In case you want to recover all hard drivesof your organization,You should pay us $10k via bitcoin wallet1AVNM68gj6PGPFcJuftKATa4WLnzg8fpfv and send message viatox ID 8BEDC411012A33BA34F49130D0F186993C6A32DAD8976F6A5D82C1ED23054C057ECED5496F65with your organization name.We will contact you to give further instructions.The second malware simply downloads a wiper malware hosted on a Discord channel and executes it.The wiper malware searches for and overwrites files with the following file extensions on the victim's machine:.3DM .3DS .7Z .ACCDB .AI .ARC .ASC .ASM .ASP .ASPX .BACKUP .BAK .BAT .BMP .BRD .BZ .BZ2 .CGM .CLASS .CMD .CONFIG .CPP .CRT .CS .CSR .CSV .DB .DBF .DCH .DER .DIF .DIP .DJVU.SH .DOC .DOCB .DOCM .DOCX .DOT .DOTM .DOTX .DWG .EDB .EML .FRM .GIF .GO .GZ .HDD .HTM .HTML .HWP .IBD .INC .INI .ISO .JAR .JAVA .JPEG .JPG .JS .JSP .KDBX .KEY .LAY .LAY6 .LDF .LOG .MAX .MDB .MDF .MML .MSG .MYD .MYI .NEF .NVRAM .ODB .ODG .ODP .ODS .ODT .OGG .ONETOC2 .OST .OTG .OTP .OTS .OTT .P12 .PAQ .PAS .PDF .PEM .PFX .PHP .PHP3 .PHP4 .PHP5 .PHP6 .PHP7 .PHPS .PHTML .PL .PNG .POT .POTM .POTX .PPAM .PPK .PPS .PPSM .PPSX .PPT .PPTM .PPTX .PS1 .PSD .PST .PY .RAR .RAW .RB .RTF .SAV .SCH .SHTML .SLDM .SLDX .SLK .SLN .SNT .SQ3 .SQL .SQLITE3 .SQLITEDB .STC .STD .STI .STW .SUO .SVG .SXC .SXD .SXI .SXM .SXW .TAR .TBK .TGZ .TIF .TIFF .TXT .UOP .UOT .VB .VBS .VCD .VDI .VHD .VMDK .VMEM .VMSD .VMSN .VMSS .VMTM .VMTX .VMX .VMXF .VSD .VSDX .VSWP .WAR .WB2 .WK1 .WKS .XHTML .XLC .XLM .XLS .XLSB .XLSM .XLSX .XLT .XLTM .XLTX .XLW .YML .ZIPIt also changes the file extension of the affected file to a random four-byte extension.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against the malware involved:W32/KillMBR.NGI!trMSIL/Agent.FP!tr.dldrThe following AV coverage is available for the wiper malware that has not yet been confirmed: MSIL/Agent.VVH!trFortiGuard Labs is currently investigating the last file to confirm the destructive capability of the wiper malware. This blog will be updated when additional information becomes available. | Ransomware Malware | ||
 |
2022-01-17 11:47:01 | Alleged REvil hackers charged in court (lien direct) | Eight people have been charged by Moscow court for their alleged involvement in the REvil ransomware gang, Russian News Agency (TASS) reported. The arrests were made as part of a larger raid on Friday across 25 locations in Moscow, St. Petersburg and Lipetsk. The men were charged on Saturday with violating Part 2 of Article […] | Ransomware | ||
|
2022-01-17 10:13:30 | Experts warn of attacks using a new Linux variant of SFile ransomware (lien direct) | The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. […] | Ransomware Malware | ||
 |
2022-01-16 21:48:05 | A bad day in the office for the REvil ransomware gang, as Russia arrests 14 members (lien direct) | While data-wiping malware is hitting the PCs of multiple Ukrainian organisations, Russia has taken the surprising step of arresting 14 members of the REvil ransomware gang. | Ransomware Malware | ||
|
2022-01-16 13:32:35 | Microsoft: Fake ransomware targets Ukraine in data-wiping attacks (lien direct) | Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine. [...] | Ransomware Malware | ||
|
2022-01-16 13:31:13 | A new wave of Qlocker ransomware attacks targets QNAP NAS devices (lien direct) | QNAP NAS devices are under attack, experts warn of a new Qlocker ransomware campaign that hit devices worldwide. A new wave of Qlocker ransomware it targeting QNAP NAS devices worldwide, the new campaign started on January 6 and it drops ransom notes named !!!READ_ME.txt on infected devices. In May, the Taiwanese vendor QNAP warned its […] | Ransomware | ||
 |
2022-01-16 12:32:13 | Can Ransomware Infect Cloud Storage? (lien direct) | >Over the last few years, many businesses and individuals have opted to move their data to cloud storage. Options like Dropbox, Microsoft OneDrive, and SugarSync offer many different benefits compared with storing files locally. These benefits include ease of access, cost-effectiveness, scalability, and security, but is cloud storage really as secure as we like to believe? The latter is … | Ransomware | ||
|
2022-01-16 01:28:50 | A New Destructive Malware Targeting Ukrainian Government and Business Entities (lien direct) | Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," | Ransomware Malware | ||
|
2022-01-15 20:27:33 | Ukraine Hacks Add to Worries of Cyber Conflict With Russia (lien direct) | Hackers on Friday temporarily shut down dozens of Ukrainian government websites, causing no major damage but adding to simmering tensions while Russia amasses troops on the Ukrainian border. Separately, in a rare gesture to the U.S. at a time of chilly relations, Russia said it had arrested members of a major ransomware gang that targeted U.S. entities. | Ransomware | ||
|
2022-01-15 12:06:08 | Russia charges 8 suspected REvil ransomware gang members (lien direct) | Eight members of the REvil ransomware operation that have been detained by Russian officers are currently facing criminal charges for their illegal activity. [...] | Ransomware | ||
|
2022-01-15 11:39:45 | One of the REvil members arrested by FSB was behind Colonial Pipeline attack (lien direct) | A senior Biden administration official said that the one of the Russian hacker arrested by FSB was behind the Colonial Pipeline attack. Yesterday, the Russian Federal Security Service (FSB) announced to have dismantled the REvil ransomware operation and arrested 14 alleged members of the gang. The group that is behind a long string of attacks […] | Ransomware | ||
|
2022-01-15 11:20:00 | Qlocker ransomware returns to target QNAP NAS devices worldwide (lien direct) | Threat actors behind the Qlocker ransomware are once again targeting Internet-exposed QNAP Network Attached Storage (NAS) devices worldwide. [...] | Ransomware Threat | ||
|
2022-01-15 01:21:23 | Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks (lien direct) | In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise operation, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses | Ransomware | ||
 |
2022-01-14 22:41:34 | At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates (lien direct) | The Russian government said today it arrested 14 people accused of working for "REvil," a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin's decision to station 100,000 troops along the nation's border with Ukraine. | Ransomware | ||
|
2022-01-14 20:51:12 | Lorenz ransomware gang stolen files from defense contractor Hensoldt (lien direct) | German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware. Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. This week a Hensholdt spokesperson confirmed the security breach to BleepingComputer explaining that a small number of mobile devices in its […] | Ransomware | ||
|
2022-01-14 20:17:00 | Russia Stops REvil (lien direct) | Renowned ransomware gang's operation shut down by Russia's Federal Security Service | Ransomware | ||
|
2022-01-14 19:03:42 | Russian government claims to have dismantled REvil ransomware gang (lien direct) | Russia’s FSB announced to have dismantled the REvil ransomware gang, the infamous group behind Kaseya and JBS USA. The Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string of attacks against large organizations, such as Kaseya and JBS USA. The FSB claims to have […] | Ransomware | ||
 |
2022-01-14 18:54:43 | Russia arrests REvil ransomware gang members at request of US officials (lien direct) | Russia's Federal Security Service said that 14 people were arrested and millions in currency has been seized. | Ransomware | ||
|
2022-01-14 18:53:15 | The Week in Ransomware - January 14th 2022 - Russia finally takes action (lien direct) | Today, the Russian government announced that they arrested fourteen members of the REvil ransomware gang on behalf of US authorities. [...] | Ransomware | ||
 |
2022-01-14 18:51:31 | Russia says it has neutralized the cutthroat REvil ransomware gang (lien direct) | "Big-game hunter" REvil has menaced the world for 3 years with massive attacks. | Ransomware | ||
 |
2022-01-14 14:48:53 | REvil ransomware crew allegedly busted in Russia, says FSB (lien direct) | The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew. | Ransomware | ||
|
2022-01-14 14:45:35 | Russian Security Takes Down REvil Ransomware Gang (lien direct) | The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure. | Ransomware | ||
|
2022-01-14 14:29:33 | Russia Lays the Smackdown on REvil Ransomware Gang (lien direct) | Russia on Friday said it has cracked down on the infamous REvil hacking group, known for its high profile supply chain attack against software maker Kaseya, and a ransomware attack against JBS USA that forced the shutdown of a portion of the world's largest meat processing company. | Ransomware | ||
 |
2022-01-14 13:27:37 | Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse (lien direct) |
We thought it was bad enough when traditional ransomware started to steal data in its second generation of evolution, now dubbed "double extortion". The third stage of ransomware is beginning to happen now and will make us wish for the good, old days of Ransomware 2.0. |
Ransomware | ||
|
2022-01-14 12:33:39 | Defense contractor Hensoldt confirms Lorenz ransomware attack (lien direct) | Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary's systems were compromised in a ransomware attack. [...] | Ransomware | ||
|
2022-01-14 11:04:46 | Ukrainian police arrested Ransomware gang behind attacks on 50 companies (lien direct) | Ukrainian police arrested members of a ransomware gang that targeted at least 50 companies in the U.S. and Europe. Ukrainian police arrested members of a ransomware affiliate group that is responsible for attacking at least 50 companies in the U.S. and Europe. The operation was conducted by the SBU Cyber Department together with the Cyber […] | Ransomware | ||
|
2022-01-14 08:51:17 | (Déjà vu) Russia arrests REvil ransomware gang members, seize $6.6 million (lien direct) | The Federal Security Service (FSB) of the Russian Federation has announced today that they shut down the REvil ransomware gang after U.S. authorities reported on the leader. [...] | Ransomware Guideline |
To see everything:
Our RSS (filtrered)
