What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-14 07:45:00 | Irish health service hit by major ransomware attack (lien direct) | Pas de details / No more details | Ransomware | ||
 |
2021-05-14 07:44:48 | (Déjà vu) Irish healthcare shuts down IT systems after Conti ransomware attack (lien direct) | Ireland's Health Service Executive(HSE), the country's publicly funded healthcare system, has shut down all IT systems after its network was breached in a ransomware attack. [...] | Ransomware | ||
|
2021-05-14 07:44:48 | Irish healthcare shuts down IT systems after ransomware attack (lien direct) | Ireland's Health Service Executive(HSE), the country's publicly funded healthcare system, has shut down all IT systems after its network was breached in a ransomware attack. [...] | Ransomware | ||
 |
2021-05-14 00:57:10 | Colonial Pipeline Paid Nearly $5 Million in Ransom to Cybercriminals (lien direct) | Colonial Pipeline on Thursday restored operations to its entire pipeline system nearly a week following a ransomware infection targeting its IT systems, forcing it to reportedly shell out nearly $5 million to restore control of its computer networks.
"Following this restart, it will take several days for the product delivery supply chain to return to normal," the company said in a statement on |
Ransomware | ||
 |
2021-05-13 22:41:13 | Le cambriolage numérique totalement fou de la Police de Washington (lien direct) | Le groupe de pirates informatiques caché derrière le ransomware Babuk vient de diffuser 250Go de données appartenant à la police de Washington. Les autorités ont voulu payer, mais pas assez pour les pirates !... | Ransomware | ||
|
2021-05-13 21:48:23 | Popular Russian hacking forum XSS bans all ransomware topics (lien direct) | One of the most popular Russian-speaking hacker forums, XSS, has banned all topics promoting ransomware to prevent unwanted attention. [...] | Ransomware | ||
 |
2021-05-13 20:16:55 | Security at Bay: Critical Infrastructure Under Attack (lien direct) | The recent Colonial Pipeline attack highlights the dangers that are facing Critical Infrastructure worldwide. The attack perpetrated by hackers on oil company Colonial Pipeline highlights the dangers that are facing Industrial Control Systems (ICS) and the need for change in the information security landscape, The attack took place on May 7th where hackers used ransomware […] | Ransomware | ||
 |
2021-05-13 19:52:33 | Ransomware Going for $4K on the Cyber-Underground (lien direct) | An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. | Ransomware | ||
|
2021-05-13 18:24:29 | Chemical distributor pays $4.4 million to DarkSide ransomware (lien direct) | Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data. [...] | Ransomware Threat | ||
 |
2021-05-13 14:47:00 | Colonial Pipeline paid close to $5 million in ransomware blackmail payment (lien direct) | The payment was reportedly made soon after the attack began. It wasn't enough to stop the disruption. | Ransomware | ★★★★★ | |
|
2021-05-13 13:54:54 | Colonial Pipeline restores operations, $5 million ransom demanded (lien direct) | Colonial Pipeline Company has recovered quickly from the ransomware attack suffered less than a week ago and expects all its infrastructure to be fully operational today. [...] | Ransomware | ||
|
2021-05-13 12:54:13 | Meet Lorenz - A new ransomware gang targeting the enterprise (lien direct) | A new ransomware operation known as Lorenz targets organizations worldwide with customized attacks demanding hundreds of thousands of dollars in ransoms. [...] | Ransomware | ||
|
2021-05-13 12:14:47 | Insurance giant CNA fully restores systems after ransomware attack (lien direct) | Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that hits its network during late March and disrupted online services and business operations. [...] | Ransomware Guideline | ||
 |
2021-05-13 12:00:10 | UK Minister Raab Wakes Up to Aggressive Cyber-Attacks Targeting British Education Sector (lien direct) | Later today Foreign Secretary, Dominic Raab, will alert the Cyber UK conference that 80 British schools and universities were hit by ransomware attacks in March, forcing them to delay reopening. … | Ransomware | ||
 |
2021-05-13 11:03:58 | Green Energy Company Volue Hit by Ransomware (lien direct) | Norway-based green energy solutions provider Volue has been working on restoring systems after being targeted in a ransomware attack. | Ransomware | ||
 |
2021-05-13 11:00:00 | Threat Source Newsletter (May 13, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers.
In case you missed the Friday news drop last week, we have an update on the Lemon Duck cryptocurrency miner. It's not as eye-catching as the ransomware attacks that make the news, but Lemon Duck's...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware | ||
|
2021-05-13 09:17:43 | US CISA and FBI publish joint alert on DarkSide ransomware (lien direct) | FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption. […] | Ransomware | ||
 |
2021-05-13 09:00:00 | How AI defends critical infrastructure from ransomware (lien direct) | In the wake of the Colonial Pipeline cyber-attack, this blog discusses the many threats facing critical infrastructure, and how Cyber AI disrupted a similar âdouble extortionâ ransomware attack against an electrical utilities supplier. | Ransomware | ||
 |
2021-05-13 00:21:55 | Colonial Pipeline resumes operations after ransomware prompted closure (lien direct) | Closure prompted panic buying, price hikes, and other disruptions in East Coast states. | Ransomware | ||
 |
2021-05-12 21:55:00 | Anomali Cyber Watch: Cozy Bear TTPs, Darkside Ransomware Shuts Down US Pipeline, Operation TunnelSnake Uses New Moriya Rootkit, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Fileless Malware, Malspam, Phishing, Ransomware, Rootkits, Targeted Attacks and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this agazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Darkside Ransomware Caused Major US Pipeline Shutdown
(published: May 8, 2021)
DarkSide ransomware attack caused Colonial Pipeline to shut down the biggest US gasoline pipeline on Friday, May 7th, 2021. The pipeline is the main source of gasoline, diesel and jet fuel for the US East Coast and runs from Texas to Tennessee and New Jersey serving up to 50 Million people. DarkSide group began their attack against the company a day earlier, stealing nearly 100 gigabytes of data before locking computers with ransomware and demanding payment.
Analyst Comment: While DarkSide's first known activity goes back only to August 2020, it is likely backed by experienced Eastern-European actors. Ransomware protection demands a multi-layered approach to include isolation, air-gaps, backup solutions, anti-phishing training and detection.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Inhibit System Recovery - T1490 | [MITRE ATT&CK] Scripting - T1064
Tags: DarkSide, ransomware, Oil and Gas, USA, Colonial Pipeline
Revealing The 'Cnip3' Crypter, A Highly Evasive RAT Loader
(published: May 7, 2021)
Morphisec has discovered a new stealthy crypter as a service dubbed Snip3. Its advanced anti-detection techniques include: 1) Executing PowerShell code with the ‘remotesigned’ parameter. 2) Validating the existence of Windows Sandbox and VMWare virtualization. 3) Using Pastebin and top4top for staging. 4) Compiling RunPE loaders on the endpoint in runtime. Several hackers were observed using Snip3 to deliver various payloads: AsyncRAT, NetWire RAT, RevengeRAT, and Agent Tesla.
Analyst Comment: The Snip3 Crypter’s ability to identify sandboxing and virtual environments make it especially capable of bypassing detection-centric solutions. It shows the value of investing in complex cybersecurity solutions.
MITRE ATT&CK: [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497 | [MITRE ATT&CK] Command-Line Interface - T1059 | [MITRE ATT&CK] Process Injection - T1055
Tags: Snip3, crypter, Crypter-as-a-Service, VBS, RAT, AsyncRAT, NetWire RAT, RevengeRAT, Agent Tesla, NYANxCAT
Lemon Duck target Microsoft Exchange Servers, Incorporate New TTPs
(published: May 7, 2021)
The Lemon Duck cryptomining group has been active since at least |
Ransomware Malware Threat | APT 29 APT 29 | |
|
2021-05-12 15:50:05 | How Organisations Can Be Prepared Against Ransomware Attacks (lien direct) | While it may be inevitable for an organisation to control each and every aspect of the IT systems, a regular backup of all the important files would serve the purpose… | Ransomware | ||
|
2021-05-12 14:57:39 | Babuk Ransomware Gang Again Threatens DC Police Data Release (lien direct) | Multiple outlets are reporting (link to Guardian story) that the Babuk ransomware gang holding Washington DC Police Dept. data – including personnel records – has said it will release that… | Ransomware | ||
|
2021-05-12 14:53:47 | UK Home Secretary Warns Not To Pay Out To Ransomware Gangs (lien direct) | BACKGROUND: As reported by Verdict, the UK government has a “strong position” against paying ransomware gangs' demands, Home Secretary Priti Patel has said. “Paying a ransom in response to ransomware… | Ransomware | ||
|
2021-05-12 14:45:04 | U.S. Issues Ransomware Advice For Critical Infrastructure (lien direct) | BACKGROUND: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory on ransomware, in response to the DarkSide, the variant used in the recent attack on Colonial Pipeline. BACKGROUND: The Cybersecurity… | Ransomware | ||
 |
2021-05-12 14:31:45 | How to prevent another Colonial Pipeline ransomware attack (lien direct) | Government and business both need to step up to combat ransomware attacks against critical systems before they spiral further out of control. | Ransomware | ||
|
2021-05-12 13:30:54 | Security Researchers Dive Into DarkSide Ransomware (lien direct) | Following the ransomware attack that impacted the pipeline operated by Georgia-based Colonial Pipeline, security firms are providing detailed information on the cybercriminal gang behind the attack. | Ransomware | ||
 |
2021-05-12 13:00:12 | Opportunistic vs. Targeted Ransomware Attacks (lien direct) | The critical infrastructure systems we rely on to deliver water, electricity, fuel and other essential services are under siege. Increasingly, ransomware is becoming cyber criminals' attack method of choice, for they understand that even short... | Ransomware | ||
|
2021-05-12 12:39:45 | Industry Reactions to Ransomware Attack on Colonial Pipeline (lien direct) | 
|
Ransomware | ||
 |
2021-05-12 11:28:09 | RSAC insights: Sophos report dissects how improved tools, tactics stop ransomware attack (lien direct) | A new report from Sophos dissects how hackers spent two weeks roaming far-and-wide through the modern network of a large enterprise getting into a prime position to carry out what could've been a devasting ransomware attack. Related: DHS embarks on … (more…) | Ransomware | ||
 |
2021-05-12 11:13:29 | Number of industrial control systems on the internet is lower then in 2020...but still far from zero, (Wed, May 12th) (lien direct) | With the recent ransomware attack that impacted operation of one of the major US pipelines[1], I thought it might be a good time to revisit the old topic of internet-connected industrial systems. Since operational technologies are generally used to support/control processes that directly impact the physical world, the danger of successful attacks on them should be self-evident, as should the need to protect them. | Ransomware | ||
|
2021-05-12 11:00:00 | Researchers track down five affiliates of DarkSide ransomware service (lien direct) | Customers of the RaaS can deploy malware as they see fit and dictate the content of leaks. | Ransomware Malware | ||
 |
2021-05-12 10:30:00 | Le fournisseur mondial du stockage et de la gestion des informations maximise la valeur de sécurité avec la validation de sécurité mandiante Global Information Storage and Management Provider Maximizes Security Value With Mandiant Security Validation (lien direct) |
Il n'y a peut-être pas de meilleur exemple de la critique de la cybersécurité efficace que pour une entreprise mondiale dont l'activité principale est de stocker et de protéger ses clients \\ 'Data and Digital Assets.
basé dans la région orientale des États-Unis, la société s'appuie sur Google Cloud, Azure et AWS pour sa continuité des activités basée sur le cloud et le stockage et les offres de gestion des informations.La combinaison des réglementations rigides de confidentialité des données avec une augmentation régulière des attaques de ransomwares et de logiciels malveillants contre les entreprises dans plusieurs industries a fait pression sur le leadership pour démontrer la valeur et l'efficacité
There is perhaps no better example of how critical effective cyber security is than for a global company whose core business is storing and protecting its customers\' data and digital assets. Headquartered in the eastern region of the U.S., the company relies on Google Cloud, Azure and AWS for its cloud-based business continuity and information storage and management offerings. The combination of rigid data privacy regulations with a steady increase in ransomware and malware attacks against businesses across multiple industries pressured leadership to demonstrate the value and effectiveness |
Ransomware Malware | ★★★★ | |
 |
2021-05-12 10:00:58 | Ransomware world in 2021: who, how and why (lien direct) | In this report, we take a step back from the day-to-day ransomware news cycle and follow the ripples back into the heart of the ecosystem to understand how it is organized. | Ransomware | ||
 |
2021-05-12 09:04:20 | Recent Pipeline Attack Highlights Our Vulnerable Infrastructure (lien direct) |  On Thursday, May 6, Colonial Pipeline, which operates a pipeline that delivers gasoline and jet fuel to nearly 45 percent of the U.S. East Coast, fell victim to a ransomware attack. The attack took over 100 gigabytes of data hostage, causing the company to halt all pipeline operations and shut down several of its systems. The attackers, identified as a criminal gang known as DarkSide, threatened to leak proprietary information unless a ransom is paid.
Not especially sophisticated, this attack seems to be a run-of-the-mill ransomware attack like those we???ve seen in recent years, expect that, instead of shutting down a school, a police department, or a small business, it has shut down a good portion of fuel delivery on the East Coast. What this highlights is that the same vulnerabilities and attack tools/techniques that seem commonplace can have devastating consequences based on the target. Clearly, critical infrastructure has to be more hardened than a small business, but we see this isn???t the case.
The attack comes just months after the SolarWinds and Microsoft breaches, which brought about a proposed executive order by President Joseph Biden to strengthen cybersecurity for federal agencies and contractors. According to The New York Times, which obtained a preliminary draft of the order, ???It would create a series of digital safety standards for federal agencies and contractors that develop software for the federal government.???
But many are now wondering if the executive order is enough. Top executives from firms like Amazon, Microsoft, and Cisco are calling for an international coalition to combat ransomware. As The New York Times states, ???Among the recommendations in the report by the coalition of companies is to press ransomware safe havens, like Russia, into prosecuting cybercriminals using sanctions or travel visa restrictions. It also recommends that international law enforcement team up to hold cryptocurrency exchanges liable under money-laundering and ???know thy customer??? laws.???
Would that deter cybercriminals? And what about preventing the ability to carry out these attacks in the first place? One big issue with prevention is that we typically don???t know how the attackers get in, including in the pipeline attack. Most ransomware attacks stem from phishing, but could also stem from a different vulnerability, including one in software. One noteworthy thing about the Colonial Pipeline attack is that they were first attacked through their IT systems, but shut the OT systems down out of caution.ツ? That means they were not confident the networks were sufficiently isolated.ツ? In the future this needs to be rock solid isolation, like the compartments in a submarine.
That is why I support the idea of an NTSB-like organization for cyber, which is what the government is intending with its upcoming executive order. If a criminal group can shut down 45 percent of the East Coast fuel supply, we need to know what went wrong. Can you imagine if we never found out why an airplane crashed, or why a particular model of car kept malfunctioning? Just as safety in the travel industry is dependent on information sharing and thorough investigating, it???s becoming clear that, in our increasingly digital world, the same can be said for safety in cyberspace. |
Ransomware | ||
|
2021-05-12 08:44:22 | FBI, CISA publish alert on DarkSide ransomware (lien direct) | The advisory deals with ransomware-as-a-service, thrust into the spotlight by the Colonial Pipeline cyberattack. | Ransomware | ||
|
2021-05-12 00:16:12 | Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations (lien direct) | The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met.
"The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can |
Ransomware | ||
 |
2021-05-11 22:19:35 | Webinar: Cybereason vs. DarkSide Ransomware (lien direct) |
Colonial Pipeline was recently the victim of a devastating attack that shut down U.S. operations across the East Coast, threatening an already tenuous economic recovery effort. This attack against critical infrastructure by the DarkSide Ransomware gang highlights the urgent need for better ransomware prevention, detection and response. |
Ransomware | ||
|
2021-05-11 17:27:58 | The many sides of DarkSide, the group behind the Colonial pipeline ransomware attack (lien direct) | Though it likes to promote itself as being "philanthropic," the DarkSide gang represents a dangerous threat to organizations around the world. | Ransomware Threat | ||
 |
2021-05-11 16:37:30 | A Closer Look at the DarkSide Ransomware Gang (lien direct) | The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here's a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue. | Ransomware | ||
|
2021-05-11 16:30:00 | Briller les opérations des ransomwares de darkside |Blog Shining a Light on DARKSIDE Ransomware Operations | Blog (lien direct) |
Mise à jour (14 mai): Mandiant a observé que plusieurs acteurs citent une annonce du 13 mai qui semblait partager avec les affiliés de Darkside Raas par les opérateurs du service.Cette annonce a indiqué qu'ils avaient perdu accès à leur infrastructure, y compris leurs serveurs de blog, de paiement et de CDN, et fermeraient leur service.Les décryptères seraient également fournis aux entreprises qui n'ont pas payé, peut-être à leurs affiliés pour distribuer.Le poste a cité la pression et la pression des forces de l'ordre des États-Unis pour cette décision.Nous n'avons pas validé de manière indépendante ces affirmations et il y en a
Update (May 14): Mandiant has observed multiple actors cite a May 13 announcement that appeared to be shared with DARKSIDE RaaS affiliates by the operators of the service. This announcement stated that they lost access to their infrastructure, including their blog, payment, and CDN servers, and would be closing their service. Decrypters would also be provided for companies who have not paid, possibly to their affiliates to distribute. The post cited law enforcement pressure and pressure from the United States for this decision. We have not independently validated these claims and there is some |
Ransomware | ★★★★ | |
|
2021-05-11 15:34:38 | 200K Veterans\' Medical Records Likely Stolen by Ransomware Gang (lien direct) | Analyst finds ransomware evidence, despite a contractor's denial of compromise. | Ransomware | ||
|
2021-05-11 14:45:48 | DarkSide Wanted Money, Not Disruption from Colonial Pipeline Attack (lien direct) | Statement by the ransomware gang suggests that the incident that crippled a major U.S. oil pipeline may not have exactly gone to plan for overseas threat actors. | Ransomware Threat | ||
 |
2021-05-11 12:33:05 | The DarkSide ransomware gang must be shitting itself right now (lien direct) | So, what do you do if you're a ransomware gang which has just caught the attention of not just the world's media, but also the FBI and the President of the United States? | Ransomware | ||
 |
2021-05-11 11:59:00 | Chaos des pipelines bloqués : les auteurs du ransomware s\'excusent, ils voulaient juste " faire de l\'argent " (lien direct) | Les créateurs de DarkSide rejettent la responsabilité de ce chaos énergétique sur leurs " partenaires ". À l'avenir, leurs attaques seront soumises à une modération pour éviter de ce genre de déconvenues.  |
Ransomware | ||
|
2021-05-11 10:46:00 | (Déjà vu) Colonial Pipeline attack: Everything you need to know (lien direct) | Updated: DarkSide has claimed responsibility for the catastrophic ransomware outbreak. | Ransomware | ||
|
2021-05-11 10:46:00 | Everything you need to know about the Colonial Pipeline ransomware attack (lien direct) | DarkSide has claimed responsibility for the catastrophic ransomware outbreak. | Ransomware | ||
|
2021-05-11 10:23:45 | (Déjà vu) FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks (lien direct) | The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare. The alert published […] | Ransomware | ||
 |
2021-05-11 09:31:25 | Attaque ransomware DarkSide Colonial Pipeline (lien direct) | Récemment, l'un des plus gros oléoducs des Etats-Unis, géré par la société Colonial Pipeline s'est retrouvé paralysé, suite à une cyberattaque attribuée au groupe d'attaquants Darkside. The post Attaque ransomware DarkSide Colonial Pipeline first appeared on UnderNews. | Ransomware | ||
 |
2021-05-11 08:50:00 | Japanese Manufacturer Yamabiko Targeted by Babuk Ransomware (lien direct) | Report suggests threat actors have already come out of retirement | Ransomware Threat | ||
|
2021-05-11 05:00:00 | Colonial Pipeline ransomware attack has grave consequences (lien direct) | Pas de details / No more details | Ransomware |
To see everything:
Our RSS (filtrered)
