What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-27 11:52:12 | Babuk ransomware decryptor released to recover files for free (lien direct) | Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free. [...] | Ransomware Tool | ★★★★ | |
 |
2021-10-27 11:16:48 | Many Ransomware Attacks on OT Organizations Involved Ryuk: IBM (lien direct) | Many attacks that impacted organizations with operational technology (OT) networks in 2021 involved ransomware, and operators of the Ryuk ransomware in particular appear to gravitate towards this type of target, according to research conducted by IBM's X-Force cybersecurity unit. | Ransomware | ||
|
2021-10-27 11:00:00 | (Déjà vu) Malicious NPM libraries install ransomware, password stealer (lien direct) | Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users. [...] | Ransomware | ||
|
2021-10-27 11:00:00 | Malicious Roblox NPMs drop ransomware and password stealers (lien direct) | Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users. [...] | Ransomware | ||
 |
2021-10-26 19:00:00 | Data Security: How Data Activity Monitoring Protects Against Ransomware (lien direct) | Ransomware is an attack on your data. Can you say that your approach to preventing ransomware is focused on data? Organizations are becoming more aware of the chaos that ransomware can create — to the tune of $4.62 million in escalation, notification, lost business and response costs, according to the 2021 Cost of a Data […] | Ransomware | ||
 |
2021-10-26 14:54:38 | Ranzy Locker ransomware hit tens of US companies in 2021 (lien direct) | The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. The gang has been active since at […] | Ransomware | ||
 |
2021-10-26 12:57:41 | (Déjà vu) An Operation-Centric Approach to RansomOps Prevention (lien direct) |
Editor's Note: Unlock the knowledge, resources and expert guidance you need to successfully prevent ransomware attacks from impacting your organization's operations with this complimentary Ransomware Toolkit... |
Ransomware | ||
 |
2021-10-26 11:08:39 | Ransomware gang outraged at “bandit-mugging behavior of the United States” after REvil group pushed offline (lien direct) | The Conti ransomware gang is outraged that the United States appears to have hacked into the REvil ransomware gang's infrastructure, and knocked it offline... | Ransomware | ||
|
2021-10-26 09:59:00 | FBI: Ranzy Locker ransomware hit at least 30 US companies this year (lien direct) | The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. [...] | Ransomware | ||
 |
2021-10-26 08:30:00 | GCHQ Boss: Ransomware Has Doubled in a Year (lien direct) | Jeremy Fleming makes rare statement on current threat landscape | Ransomware Threat | ||
 |
2021-10-25 21:26:37 | Staying Cyber Aware and Safer from Ransomware (lien direct) | 
Ransomware – A truly frightening cyber security topic It’s October, and at McAfee we love celebrating spooky season. As McAfee's Chief Technology Officer,...
|
Ransomware | ||
|
2021-10-25 21:13:17 | Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware (lien direct) | An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware. An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258, in the popular billing software suite BillQuick Web Suite time to deploy ransomware. The attacks were first spotted this month […] | Ransomware | ||
 |
2021-10-25 21:13:17 | Groove Calls for Cyberattacks on US as REvil Payback (lien direct) | The bold move signals a looming clash between Russian ransomware groups and the U.S. | Ransomware | ||
|
2021-10-25 20:51:06 | (Déjà vu) BQE Web Suite Billing App Rigged to Inflict Ransomware (lien direct) | An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it's also let malicious actors execute code and deploy ransomware. | Ransomware | ||
|
2021-10-25 20:51:06 | BillQuick Billing App Rigged to Inflict Ransomware (lien direct) | A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it's also let malicious actors remotely execute code and deploy ransomware. | Ransomware | ||
 |
2021-10-25 19:49:37 | Conti Ransom Gang Starts Selling Access to Victims (lien direct) | The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti's malware who refuse to negotiate a ransom payment are added to Conti's victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked. | Ransomware Malware | ||
|
2021-10-25 16:22:58 | Webinar: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
 |
2021-10-25 15:49:51 | Companies that pay ransomware attackers get thumbs down from consumers (lien direct) | More than half of those surveyed by data management firm Cohesity said that companies that pay the ransom in an attack encourage ransomware and bad actors. | Ransomware | ||
|
2021-10-25 15:12:01 | REvil ransomware group reportedly taken offline by multi-nation effort (lien direct) | Law enforcement officials and cyber specialists hacked into REvil's network, gaining control of some of its servers, sources told Reuters. | Ransomware | ||
|
2021-10-25 14:54:45 | Changing Approaches to Preventing Ransomware Attacks (lien direct) | Conducting scaled and cost-effective attack surface and digital threat monitoring gives organizations of all sizes the best chance of identifying and defeating their adversaries | Ransomware Threat | ||
|
2021-10-25 12:44:44 | Malicious Life Podcast: Marcus Hutchins - A Controversial Hero (lien direct) |
In May 2017, Marcus Hutchins - AKA MalwareTech - became a hero for stopping WannaCry, a particularly nasty ransomware that spread quickly all over the world. Yet his fame also brought to light his troubled past as the teenage Black Hat hacker who created KRONOS, a dangerous rootkit. Should a criminal-turned-hero be punished for his past crimes? Check it out... |
Ransomware | Wannacry | |
|
2021-10-25 10:31:42 | Hackers used billing software zero-day to deploy ransomware (lien direct) | An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks. [...] | Ransomware | ||
|
2021-10-25 05:49:34 | Emsisoft created a free decryptor for past victims of the BlackMatter ransomware (lien direct) | Experts from cybersecurity firm Emsisoft announced the availability of a free decryptor for past victims of the BlackMatter ransomware. Cybersecurity firm Emsisoft has released a free decryption tool for past victims of the BlackMatter ransomware. The researchers found a vulnerability in the encryption process implemented in the BlackMatter ransomware that allowed them to recover encrypted […] | Ransomware Tool Vulnerability | ||
 |
2021-10-25 01:19:44 | Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware (lien direct) | Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems.
CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully |
Ransomware Vulnerability Threat | ||
|
2021-10-24 11:27:06 | BlackMatter ransomware victims quietly helped using secret decryptor (lien direct) | Cybersecurity firm Emsisoft has been secretly decrypting BlackMatter ransomware victims since this summer, saving victims millions of dollars. [...] | Ransomware | ||
|
2021-10-23 01:49:01 | Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline (lien direct) | The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem.
The takedown was first reported by Reuters, quoting multiple private-sector cyber experts working with the |
Ransomware | ||
 |
2021-10-22 22:15:07 | CVE-2021-42258 (lien direct) | BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell. | Ransomware | ||
|
2021-10-22 20:32:55 | Groove ransomware group calls on other ransomware gangs to hit US public sector (lien direct) | Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil […] | Ransomware | ||
|
2021-10-22 19:59:23 | FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks (lien direct) | The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure 'pen-testing' company. | Ransomware | ||
|
2021-10-22 19:31:06 | Microsoft OneDrive Used for Ransom Operations (lien direct) |
Microsoft was called out recently after it was discovered that hundreds of malware files commonly used to launch Conti ransomware attacks are being hosted from their OneDrive cloud storage service. The news highlights once again that Microsoft needs to invest significant time and resources just to get its own security house in order-and why they have no business trying to sell customers cybersecurity solutions to problems they created. |
Ransomware Malware | ||
|
2021-10-22 18:59:43 | REvil Ransomware Gang Hit by Law Enforcement Hack-Back Operation (lien direct) | The global fight against ransomware took a new twist this week with the United States leading a law enforcement effort to hack back and disrupt the extortion group behind the Colonial Pipeline cyberattack. | Ransomware Hack Guideline | ||
|
2021-10-22 17:47:32 | The Week in Ransomware - October 22nd 2021 - Striking back (lien direct) | Between law enforcement operations, REvil's second shut down, and ransomware gangs' response to the hacking of their servers, it has been quite the week. [...] | Ransomware | ||
 |
2021-10-22 17:24:12 | FBI, others crush REvil using ransomware gang\'s favorite tactic against it (lien direct) | Multi-nation operation succeeds as gang member makes critical mistake. | Ransomware | ||
|
2021-10-22 17:01:20 | REvil Servers Shoved Offline by Governments – But They\'ll Be Back, Researchers Say (lien direct) | A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline. | Ransomware | ||
|
2021-10-22 14:21:01 | DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown (lien direct) | Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil’s infrastructure. The gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million) after the news of the recent shutdown of REvil’s infrastructure by law enforcement agencies. “The ransomware group REvil was […] | Ransomware | ||
 |
2021-10-22 14:03:42 | REvil ransomware gang allegedly forced offline by law enforcement counterattacks (lien direct) | One down. Lots more to go. Here's what to do... | Ransomware | ||
|
2021-10-22 14:02:21 | DarkSide ransomware rushes to cash out $7 million in Bitcoin (lien direct) | Almost $7 million worth of Bitcoin in a wallet controlled by DarkSide ransomware operators has been moved in what looks like a money laundering rollercoaster. [...] | Ransomware | ||
|
2021-10-22 11:48:53 | Groove ransomware calls on all extortion gangs to attack US interests (lien direct) | The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week. [...] | Ransomware | ||
|
2021-10-22 11:02:03 | FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks (lien direct) | FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to […] | Ransomware | ||
|
2021-10-22 10:06:38 | Italian celebs\' data exposed in ransomware attack on SIAE (lien direct) | The Italian data protection authority Garante per la Protezione dei Dati Personali (GPDP) has announced an investigation into a data breach of the country's copyright protection agency. [...] | Ransomware Data Breach | ||
|
2021-10-22 09:01:00 | Halloween Horror-Show for Candy-Maker Hit by Ransomware (lien direct) | Chicago-based Ferrara slowly recovering as other firms are compromised again | Ransomware | ||
|
2021-10-22 08:10:00 | Government Agents Compromise REvil Backups to Force Group Offline (lien direct) | Report reveals international operation to disrupt notorious ransomware operation | Ransomware | ||
|
2021-10-22 06:46:50 | Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks (lien direct) | The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme.
"With FIN7's latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity |
Ransomware Guideline | ||
|
2021-10-21 22:40:02 | (Déjà vu) Evil Corp rebrands their ransomware, this time is the Macaw Locker (lien direct) | Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw […] | Ransomware | ||
|
2021-10-21 19:31:40 | TA551 Shifts Tactics to Install Sliver Red-Teaming Tool (lien direct) | A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment. | Ransomware Tool Threat Guideline | ||
|
2021-10-21 17:33:24 | Gigabyte Allegedly Hit by AvosLocker Ransomware (lien direct) | If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds. | Ransomware Threat | ||
|
2021-10-21 15:49:34 | US Government warns of BlackMatter ransomware attacks against critical infrastructure (lien direct) | The US Government has issued an alert to organisations about the threat posed by the BlackMatter ransomware group. Read more in my article on the Tripwire State of Security blog. | Ransomware Threat | ||
|
2021-10-21 15:07:54 | Evil Corp demands $40 million in new Macaw ransomware attacks (lien direct) | Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. [...] | Ransomware | ||
|
2021-10-21 13:16:00 | Why is Cybersecurity Failing Against Ransomware? (lien direct) | Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. | Ransomware | ||
|
2021-10-21 12:31:48 | CISO Stories Podcast: NotPetya - 45 Minutes and 10,000 Servers Encrypted (lien direct) |
Learn how to prepare and reduce the risk of the next ransomware event as Todd Inskeep, Founder at Incovate Solutions, walks us through the lessons learned after managing out of a NotPetya ransomware attack. Will you be ready? Don't miss this podcast for valuable insights from a real-life scenario - check it out... |
Ransomware | NotPetya NotPetya |
To see everything:
Our RSS (filtrered)
