What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-04 10:26:16 | Lazio region hit by Ransomware (lien direct) | On Sunday morning, Italy’s Lazio region suffered a ransomware attack, disabling its IT systems and disrupting the COVID-19 vaccination registration portal. The attackers reportedly encrypted every file in the portal’s data centre and shut down its IT network. President of the Lazio region, Nicola Zingaretti issued a statement, in which she said: “On the night […] | Ransomware | ||
 |
2021-08-03 20:00:31 | Ransomware Volumes Hit Record Highs as 2021 Wears On (lien direct) | The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way. | Ransomware Guideline | ||
 |
2021-08-03 15:00:00 | Anomali Cyber Watch: LockBit ransomware, Phony Call Centers Lead to Exfiltration and Ransomware, VBA RAT using Double Attack Vectors, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android malware, APT, Data leak, macOS malware, Phishing, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
BazaCall: Phony Call Centers Lead to Exfiltration and Ransomware
(published: July 29, 2021)
BazaCall campaigns have forgone malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. Actual humans then provide the callers with step-by-step instructions for installing malware. The BazaLoader payload from these campaigns also gives a remote attacker hands-on-keyboard control on an affected user's device, which allows for a fast network compromise. The lack of obvious malicious elements in the delivery methods could render typical ways of detecting spam and phishing emails ineffective.
Analyst Comment: All users should be informed of the risk phishing poses, and how to safely make use of email. They should take notice that a phone number sent to them can be fraudulent too. In the case of infection, the affected system should be wiped and reformatted, and if at all possible the ransom should not be paid. Implement a backup solution for your users to ease the pain of losing sensitive and important data.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credential Dumping - T1003 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: BazaCall, Bazaar, Ransomware
Crimea “Manifesto” Deploys VBA Rat Using Double Attack Vectors
(published: July 29, 2021)
Hossein Jazi has identified a suspicious document named "Манифест". It downloads and executes two templates: one is macro-enabled and the other is an Internet Explorer exploit. While both techniques rely on template injection to drop a full-featured Remote Access Trojan, the IE exploit is an unusual discovery.
Analyst Comment: Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Template Injection - T1221 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Modify Registry - T1112
Tags: VBA, Russia, RAT, CVE- |
Ransomware Data Breach Spam Malware Threat Guideline | ||
 |
2021-08-03 14:13:49 | RansomEXX ransomware hits Italy\'s Lazio region, affects COVID-19 site (lien direct) | The Lazio region in Italy has suffered a RansomEXX ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal. [...] | Ransomware | ||
|
2021-08-03 11:09:43 | 2021 sets new record for ransomware attacks (lien direct) | Ransomware attacks have sky-rocketed this year, with H1 2021 already surpassing last year’s total of 304.6 million. Attackers are continuously targeting established technology, infrastructure, innocent people and vulnerable institutions, resulting in a 151% year-to-date increase. April and May of this year reached a new record high while June saw 78.4 recorded ransomware attacks. Both the […] | Ransomware | ||
 |
2021-08-02 12:07:17 | (Déjà vu) What the Growing Costs of a Data Breach Means for the Business (lien direct) |
A recent global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization's brand, unplanned workforce reductions, and little in the way of relief from cyber insurance policies.
An esteemed panel of subject matter experts will examine the research findings and discuss how organizations can better prepare to defend against and respond to a ransomware attack, and the full on-demand webinar can be found here.
Recently, IBM came out with its Cost of a Data Breach Report 2021. This publication synthesizes the Ponemon Institute's research of 537 breaches that affected 17 different industries and that occurred across 17 countries and regions. It also draws on nearly 3,500 interviews to understand how much those breaches cost organizations and what decision makers are doing to better defend against security incidents going forward. |
Ransomware Data Breach | ||
 |
2021-08-02 09:18:05 | (Déjà vu) More evidence suggests that DarkSide and BlackMatter are the same group (lien direct) | Researchers found evidence that the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. BleepingComputer found evidence that after the clamorous Colonia Pipeline attack, the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. The experts analyzed encryption algorithms in a decryptor used by BlackMatter, which is actively attacking corporate entities. […] | Ransomware | ||
|
2021-07-31 15:13:53 | DarkSide ransomware gang returns as new BlackMatter operation (lien direct) | Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. [...] | Ransomware | ||
|
2021-07-31 11:12:41 | BlackMatter ransomware gang rises from the ashes of DarkSide, REvil (lien direct) | A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations. [...] | Ransomware | ||
 |
2021-07-31 10:32:21 | Un ransomware cible les Jeux Olympiques de Tokyo (lien direct) | Malgré la pandémie, les Jeux Olympiques de Tokyo ont finalement pu être lancés, avec un protocole sanitaire très strict. Mais le virus n'est pas le seul danger qui plane sur cette édition. La menace de cyberattaques est également très forte, à en croire la très récente mise en garde du Federal Bureau of Investigation (FBI), qui n'aura malheureusement pas tardé à devenir réalité puisque les organisateurs viennent de révéler avoir été victimes d'une attaque par rançongiciel. The post Un ransomware cible les Jeux Olympiques de Tokyo first appeared on UnderNews. | Ransomware | ||
|
2021-07-31 10:03:28 | Rapport Deep Instinct sur les cybermenaces : augmentation de 800 % des attaques par ransomware depuis 2019 (lien direct) | Deep Instinct a levé 240 millions de dollars à ce jour, ce qui permet à la société d'étendre considérablement ses capacités de commercialisation tout en étoffant ses équipes de recherche en apprentissage et de développement de produits, qui sont les meilleurs de leur catégorie, afin de mieux anticiper la prochaine vague de menaces. The post Rapport Deep Instinct sur les cybermenaces : augmentation de 800 % des attaques par ransomware depuis 2019 first appeared on UnderNews. | Ransomware | ||
|
2021-07-31 09:58:05 | Le cyber-gang de ransomware REvil cesse ses activités (lien direct) | Mardi 13 juillet, plusieurs sites du darkweb affiliés au gang de ransomware REvil ne fonctionnaient plus. The post Le cyber-gang de ransomware REvil cesse ses activités first appeared on UnderNews. | Ransomware | ||
|
2021-07-30 20:20:45 | (Déjà vu) CISO Stories Podcast: Ransomware Attacks and the True Cost to Business (lien direct) |
A recent global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization's brand, unplanned workforce reductions, and little in the way of relief from cyber insurance policies. |
Ransomware | ||
|
2021-07-30 19:43:44 | The Week in Ransomware - July 30th 2021 - €1 billion saved (lien direct) | Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands. [...] | Ransomware Threat | ||
 |
2021-07-30 16:27:14 | Ransomware via a call centre? BazaCall means no email attachment or link required for infection (lien direct) | Unsuspecting users of Office 365 are being tricked by a cybercriminal gang into calling a bogus call centre, with the eventual intention of installing ransomware onto their computers. Read more in my article on the Hot for Security blog. | Ransomware | ||
 |
2021-07-30 13:00:50 | Ransomware Protection, a Gold-Medal Team Approach (lien direct) | If the cybersecurity industry was to adopt a motto, the Summer Games' 2021 “Faster, Higher, Stronger - Together” adaptation should serve as inspiration. As high-profile ransomware attacks continue unabated, the need for a collaborative and... | Ransomware | ||
|
2021-07-30 06:02:08 | Meteor was the wiper used against Iran\'s national railway system (lien direct) | The recent attack against Iran's national railway system was caused by a wiper malware dubbed Meteor and not by a ransomware as initially thought. According to research from Amnpardaz and SentinelOne, the recent attack against Iran's national railway system was caused by a wiper malware dubbed Meteor and not by ransomware as initially thought. Meteor was a previously undetected strain of malware, but experts […] | Ransomware Malware | ||
 |
2021-07-29 23:13:31 | Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers (lien direct) | An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems.
The attacks - dubbed "BazaCall" - eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are |
Ransomware Malware | ||
 |
2021-07-29 21:00:00 | July 2021 Security Intelligence Roundup: Ransomware, Security by Design and How to Analyze in Windows With Frida (lien direct) | Getting and staying ahead of threat actors means knowing the cybersecurity landscape. Today, that still often means ransomware and changing the ways and places we work. July’s top stories include a supply chain attack from the REvil ransomware gang and how to fold security into design. We also have a deep dive into password safety, […] | Ransomware Threat | ||
|
2021-07-29 19:06:21 | BlackMatter rises from the ashes of notorious cybercrime gangs to pose new ransomware threat (lien direct) | A new ransomware gang that calls itself BlackMatter has launched itself on the dark web, and is actively attempting to recruit criminal partners and affiliates to attack large organisations in the United States, UK, Canada, and Australia. Read more in my article on the Tripwire State of Security blog. | Ransomware Threat | ||
|
2021-07-29 18:08:49 | BlackMatter and Haron, two new ransomware gangs in the threat landscape (lien direct) | The cyber threat landscape change continuously, recently two new ransomware-as-service (RaaS) operations named BlackMatter and Haron made the headlines. Recently, two new ransomware gangs, named BlackMatter and Haron, announced the beginning of the operations. The Haron malware was first described by the South Korean security firm S2W Lab, three day after a first sample of […] | Ransomware Malware Threat | ||
|
2021-07-29 14:55:00 | The COVID-19 Pandemic Changed Everything, Can You Detect the New Normal? (lien direct) | COVID-19 changed our personal and business lives in ways we never imagined, especially on the technology front. Consumers started using online services at monumental rates, as evidenced by explosive growth across Amazon, Netflix, and on-demand delivery apps. Businesses accelerated the pace of digital transformation with never-before seen speeds, reflected in the meteoric rise of video conferencing, remote work, and cloud growth. Governments increased their use of websites and social media to keep citizens updated on the latest developments in the pandemic and to assist with scheduling appointments for tests and vaccines.
Cyber adversaries certainly didn’t overlook the pandemic as an opportunity. This isn’t just speculation. Since March 2020, Anomali Threat Research has tracked pandemic-related malicious cyber activities, which to date include thousands of indicators of compromise (IOCs), numerous distinct campaigns associated with multiple threat actors, dozens of different malware families, and many various MITRE ATT&CK techniques in use.
Some parts of the world are starting to rebound from the pandemic’s impact, but while there is still uncertainty around when we will fully recover, it’s a sure-fire bet that a more cloud-dependent future will be part of our new “normal.” Public and private sector organizations that want to succeed not only have to innovate to fulfill consumer and business demands for digital products and services, but also how to defend them against adversaries that are increasingly sophisticated and stealthy.
Much of the development problem has been solved, with providers like Amazon, Microsoft, and Google providing the foundation for cloud applications and services such as Amazon Web Services (AWS), Azure, and Google Cloud. Global organizations have even, in many cases, built their own private cloud platforms that can easily and rapidly deploy innovations to any connected endpoint. Unfortunately, cybersecurity hasn’t kept pace. It’s no wonder we are experiencing ransomware attacks like the one that hit the Colonial Pipeline, and breaches as unprecedented as SolarWinds.
Recently, we worked with The Harris Poll to ask more than 2,000 American and 1,000 British adults over 18 how they feel about the possibility of using COVID-19 digital vaccine cards, should they become required for participating in activities like traveling, attending sporting events, in-person school participation, entering a store or government building, etc. Our initial goal was to understand more deeply what both groups’ hopes and fears are when it comes to using smartphone applications to get on with normal life. While we learned a lot about individuals’ attitudes, we also gleaned a few insights that organizations attempting to understand the new digital normal should consider.
The Exploding Attack Surface
The survey revealed that almost all adults in the US (93%) and the UK (89%) have smartphones capable of supporting digital vaccination cards, ranging across almost all popular operating systems. While this is great news for anyone who supports the use of digital health verification solutions, it also serves as a warning. With almost all adults in these populations so interconnected, the likely overlap of their private and business digital lives presents threat actors with a large attack surface for compromising both users and their employers. Organizations that want to leverage the digital future should be happy to hear about how easy it is to reach consumers and connect employees. They also need to prepare to mitigate the associated increased threat this presents.
No Shortage of Fakes
The number of Americans and Brits willing to adopt digital vaccine cards if they become a requiremen |
Ransomware Malware Hack Threat | ||
|
2021-07-29 10:54:12 | LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains (lien direct) | A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies. Kramez explained that this is the […] | Ransomware Malware | ||
|
2021-07-29 07:52:32 | Biden signs national security directive to boost critical infrastructure cyber defences (lien direct) | US President Biden has signed a national security directive aimed at boosting defences against ransomware attacks and the hacking of critical infrastructure, such as energy, food, water and power systems. Crucially, the directive sets performance standards for technology and systems used by private companies in these sectors - although it can’t force those companies […] | Ransomware | ||
 |
2021-07-29 07:33:00 | Technical hiccups force Babuk ransomware gang to change tactics (lien direct) | Pas de details / No more details | Ransomware | ||
 |
2021-07-29 04:01:36 | Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? (lien direct) | 
Co-written with Northwave's Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the occasional dedicated Unix or Linux based ransomware, but cross-platform ransomware was not happening yet. However, cybercriminals never sleep and in recent months we noticed that several ransomware gangs were experimenting […]
|
Ransomware | ||
|
2021-07-29 03:09:56 | New Ransomware Gangs - Haron and BlackMatter - Emerge on Cybercrime Forums (lien direct) | Two new ransomware-as-service (RaaS) programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil, the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months.
"The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," the |
Ransomware Threat | ||
|
2021-07-29 02:20:00 | (Déjà vu) DoppelPaymer ransomware gang rebrands as the Grief group (lien direct) | After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief). [...] | Ransomware | ||
|
2021-07-29 02:20:00 | Grief ransomware operation is DoppelPaymer rebranded (lien direct) | After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief). [...] | Ransomware | ||
 |
2021-07-29 00:00:00 | Protect Hybrid Data Centers and Prevent Ransomware with FortiGate 3500F NGFW (lien direct) | Fortinet introduces the industry's first high performance NGFW with integrated Zero Trust Network Access and ransomware protection to secure hybrid data centers. Learn more.
|
Ransomware | ||
|
2021-07-28 18:33:02 | BlackMatter & Haron: Evil Ransomware Newborns or Rebirths (lien direct) | They're either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling. | Ransomware | ||
 |
2021-07-28 11:42:10 | Haron and BlackMatter are the latest groups to crash the ransomware party (lien direct) | The additions come as the number of high-severity ransomware attacks ratchet up. | Ransomware | ||
|
2021-07-28 07:16:58 | BlackMatter ransomware group claims to be Darkside and REvil succesor (lien direct) | BlackMatter ransomware gang, a new threat actor appears in the threat landscape and claims to combine TTPs of Darkside and REvil. BlackMatter is a new ransomware gang that started its activity this week, the cybercriminals group claims to be the successor of Darkside and REvil groups. Lile other ransomware operations, BlackMatter also set up its […] | Ransomware Threat | ★★★★★ | |
|
2021-07-28 00:00:00 | How to Prevent Ransomware Attacks: Top Nine Things to Keep in Mind (lien direct) | Ransomware attacks are getting bolder and affect enterprises of all sizes. Explore the recommendations to give your organization the best possible chance of defeating a ransomware attack.
|
Ransomware | ||
|
2021-07-27 21:10:11 | No More Ransom Saves Victims Nearly €1 Over 5 Years (lien direct) | No More Ransom is collecting decryptors so ransomware victims don't have to pay to get their data back and attackers don't get rich. | Ransomware | ||
|
2021-07-27 17:10:43 | (Déjà vu) LockBit ransomware now encrypts Windows domains using group policies (lien direct) | An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. [...] | Ransomware | ||
|
2021-07-27 17:10:43 | LockBit ransomware automates Windows domain encryption via group policies (lien direct) | An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. [...] | Ransomware | ||
|
2021-07-27 14:36:19 | South Africa\'s logistics company Transnet SOC hit by a ransomware attack (lien direct) | Transnet SOC Ltd, a large South African rail, port and pipeline company, announced it was hit by a disruptive cyber attack. South Africa's logistics company Transnet SOC was hit last week by a disruptive cyberattack that halted its operations at all the port's terminals. The attack took place on Thursday, 22 July. “Port terminals are operational across the system, with […] | Ransomware | ||
 |
2021-07-27 12:32:38 | Kaseya Denies Paying Cybercriminals Who Launched Ransomware Attack (lien direct) | IT management software firm Kaseya on Monday said it did not pay any money to cybercriminals, following speculation that it may have paid a ransom to obtain a decryptor that would allow customers hit by the recent ransomware attack to recover their files. | Ransomware | ||
|
2021-07-27 09:20:23 | Hackers flooded the Babuk ransomware gang\'s forum with gay porn images (lien direct) | The Babuk ransomware operators seem to have suffered a ransomware attack, threat actors flooded their forum gay orgy porn images. At the end of June, the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version of the popular ransomware. The Babuk Locker operators halted their operations at the end […] | Ransomware Threat | ||
 |
2021-07-27 00:00:00 | Un été des exploits d'été des exploits de ransomware qui ont eu lieu à l'été 2021 A Summer of ExploitsA summary of ransomware exploits that took place in the summer of 2021Read More (lien direct) |
Over the past few weeks several dramatic vulnerabilities were exposed in different ubiquitous products and platforms, including the Microsoft Windows OS, the Solarwinds Serv-U Managed File Transfer and Serv-U Secure FTP products, and Kaseyaâs services.â1. Print Night Mare2. Print Nightmare Update3. Kaseya\'s Clients Important Notice4. CISA\'s public alert5. Reuters Article about Data ransom6. Microsoft\'s emergency patch fails7. SolarWinds Zero-day vulnerability8. SolarWinds alerted by Microsoft9. Kaseya restores servicesâSummary of the EventsâKaseyaWhat happened? On July 2nd, a cyber attack was launched against the IT solutions company Kaseya. Kaseya provides IT solutions including VSA, a unified remote-monitoring and management tool for handling networks and endpoints. In addition, the company provides compliance systems, service desks, and a professional services automation platform to over 40,000organizations worldwide.The cyberattack has been attributed to the REvil/Sodinikibi ransomware group whose ransomware was first detected in April 2019. The groupâs usual propagation method is phishing emails containing malicious links. Some of the groupâs most prominent victim industries in the last two years were healthcare facilities and local governments. REvil has offered a decryption key, allegedly universal - able to unlock all encrypted systems, for the âbargainâ price of $70 million via bitcoin (BTC) cryptocurrency. On July 13th, all of REvilâs online activity stopped and the groups data-dump websites were shut down without further information, leaving the victims of their latest attacks hostage with encrypted files and no valid payment address or decryption keys.Who was impacted? On July 2nd Kaseya claimed that the attack affected only a small number of on-premise clients, In a press release published on July 5th the company estimated that the number of clients impacted by the attack is between 800 and 1500 businesses.âPrintNightmareWhat happened? On June 8th, Microsoft published a CVE advisory for a vulnerability in the Windows PrintSpooler service which is enabled by default in all Windows clients and servers across almost all modern Windows versions. This vulnerability was initially categorized as a low severity local privilege escalation (LPE) vulnerability by Microsoft and a patch for it was released on June 21st. A week later, researchers published a successful PoC of the exploitation and claimed that the vulnerability is in fact a high severity RCE and PE vulnerability. On July 1st, a separate vulnerability in the same Windows Print Spooler service was discovered, similar to the first vulnerability, this new âPrintNightmareââ was also a RCE andLPE vulnerability that would allow attackers system privileges with which they could install programs; view, change, or delete data; or create new accounts with full user rights.After the high severity of the vulnerability was acknowledged, Microsoft published an out-of band patch on July 6th and claimed to have fully addressed the public vulnerability. However, on July 7th researchers presented additional successful PoCs and claimed that the patch can be bypassed.Who was impacted? This vulnerability affects all modern unpatched client and server versions of Windows.According to Kaspersky, the vulnerability was already exploited but no further information regarding victims is currently available.âSolarwindsWhat happened? On July 9th, Solarwinds published an announcement claiming that they were informed by Microsoft of an exploited zero-day vulnerability in their Serv-U Managed File Transfer and Serv-U Secure FTP products.On July 10th, Solarwinds released a patch to fix the vulnerability and claimed that this event is unrelated to the Solarwinds supply chain attack that occurred in December of 2020.The vulnerability allows an attacker to run arbitrary code with privileges, and then install programs; view, change, or delete data; or | Ransomware Tool Vulnerability Studies | ★★★ | |
 |
2021-07-26 22:00:29 | Cybersecurity Tips From Unit 42 to Help Stop Ransomware Attacks (lien direct) | Unit 42 shares three cybersecurity tips for small businesses and employees that could help protect against and stop ransomware attacks. | Ransomware | ||
|
2021-07-26 21:08:27 | Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn (lien direct) | A comment spammer flooded Babuk's new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin. | Ransomware | ||
|
2021-07-26 19:31:06 | No More Ransom helped ransomware victims to save almost €1B (lien direct) | The No More Ransom initiative celebrates its fifth anniversary, over 6 million victims of ransomware attacks recover their files for free saving almost €1 billion in payments. No More Ransom is celebrating its 5th anniversary, the initiative allowed more than 6 million ransomware victims to recover their files for free saving roughly $1 billion in […] | Ransomware | ||
|
2021-07-26 18:14:21 | Who us??? Kaseya says it hasn\'t paid anybody for its ransomware decryption key (lien direct) | Kaseya hasn't paid anyone for the decryptor it managed to get its paws on last week, and is offering to customers hit by a massive ransomware attack. Which only raises the question - who did? | Ransomware | ||
|
2021-07-26 17:52:52 | Average ransomware payments decline… but that\'s not good news (lien direct) | The latest research finds that ransomware attackers are attempt to extort, on average, a smaller amount of money through their criminal activities. | Ransomware | ||
|
2021-07-26 17:23:36 | No More Ransom website celebrates five years of providing free ransomware recovery tools and advice (lien direct) | The No More Ransom website has become one of the first ports of call for any individual or company whose computer has been hit by a ransomware attack. | Ransomware | ||
|
2021-07-26 16:00:00 | Double Encryption: When Ransomware Recovery Gets Complicated (lien direct) | Ever hear of double extortion? It’s a technique increasingly employed by ransomware attackers. A malware payload steals a victim’s plaintext information before launching its encryption routine. Those operating the ransomware then go on to demand two ransoms — one for a decryption utility and the other for the deletion of the victim’s stolen information from […] | Ransomware Malware | ||
|
2021-07-26 14:50:28 | No More Ransom: We Prevented Ransomware Operators From Earning $1 Billion (lien direct) | No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion. | Ransomware | ||
|
2021-07-26 13:00:30 | The True Impact of Ransomware Attacks (lien direct) | Keeper's research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations. | Ransomware |
To see everything:
Our RSS (filtrered)
