What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-24 09:59:26 | An aggressive malware campaign targets US-based companies with Qakbot to deliver Black Basta Ransomware (lien direct) | >Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a surge in Qakbot infections as part of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. In the last two […] | Ransomware Malware Guideline | ||
 |
2022-11-24 09:10:50 | Le Veeam Ransomware Trends Report 2022 révèle que 23 % des entreprises seulement disposent de stratégies de préparation aux cyberattaques totalement unifiées (lien direct) | Le Veeam Ransomware Trends Report 2022 révèle que 23 % des entreprises seulement disposent de stratégies de préparation aux cyberattaques totalement unifiées La sauvegarde sécurisée étant la dernière ligne de défense contre les ransomwares, un alignement des équipes informatiques est nécessaire. - Investigations | Ransomware | ||
 |
2022-11-23 18:04:36 | Hive ransomware has extorted $100 million in 18 months, FBI warns (lien direct) | $100 million. That's the amount of money that the Hive ransomware is thought to have extorted from over 1300 companies around the world, according to a joint report from the FBI, CISA, and HHS. Read more in my article on the Hot for Security blog. | Ransomware | ||
 |
2022-11-23 16:00:00 | Qakbot Infections Linked to Black Basta Ransomware Campaign (lien direct) | Threat actors obtained admin access in two hours and then deployed ransomware in under 12 hours | Ransomware Threat | ||
 |
2022-11-23 15:54:40 | Detecting Ransomware Using Machine Learning (lien direct) | >Co-authored by Yihua Liao, Ari Azarafrooz, and Yi Zhang Ransomware attacks are on the rise. Many organizations have fallen victim to ransomware attacks. While there are different forms of ransomware, it typically involves the attacker breaching an organization's network, encrypting a large amount of the organization's files, which usually contain sensitive information, exfiltrating the encrypted […] | Ransomware | ||
 |
2022-11-23 10:26:14 | (Déjà vu) AirAsia Data Breach (lien direct) | It has been reported that the cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net. | Ransomware Data Breach | ★★★ | |
 |
2022-11-23 10:14:00 | (Déjà vu) Ransomware Roundup: Cryptonite Ransomware (lien direct) | The latest FortiGuard Labs Threat Signal Ransomware Roundup covers the Cryptonite ransomware, along with protection recommendations. Read more. | Ransomware Threat | ||
 |
2022-11-23 05:01:00 | THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies (lien direct) |
The Cybereason Global SOC (GSOC) team is investigating Qakbot infections observed in customer environments related to a potentially widespread ransomware campaign run by Black Basta. The campaign is primarily targeting U.S.-based companies. |
Ransomware | ★★★ | |
|
2022-11-23 00:11:08 | For two years security experts kept secret that they were helping Zeppelin ransomware victims decrypt their files (lien direct) | Researchers at cybersecurity firm Unit 221B have revealed that they have been secretly helping victims of the Zeppelin ransomware decrypt their computer systems since 2020. | Ransomware | ★★★★ | |
 |
2022-11-23 00:00:00 | WannaRen Returns as Life Ransomware, Targets India (lien direct) | This blog entry looks at the characteristics of a new WannaRen ransomware variant, which we named Life ransomware after its encryption extension. | Ransomware | ||
 |
2022-11-22 23:47:00 | Anomali Cyber Watch: URI Fragmentation Used to Stealthily Defraud Holiday Shoppers, Lazarus and BillBug Stick to Their Custom Backdoors, Z-Team Turned Ransomware into Wiper, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Phishing, Ransomware, Signed malware, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
DEV-0569 Finds New Ways to Deliver Royal Ransomware, Various Payloads
(published: November 17, 2022)
From August to October, 2022, Microsoft researchers detected new campaigns by a threat group dubbed DEV-0569. For delivery, the group alternated between delivering malicious links by abusing Google Ads for malvertising and by using contact forms on targeted organizations’ public websites. Fake installer files were hosted on typosquatted domains or legitimate repositories (GitHub, OneDrive). First stage was user-downloaded, signed MSI or VHD file (BatLoader malware), leading to second stage payloads such as BumbleBee, Gozi, Royal Ransomware, or Vidar Stealer.
Analyst Comment: DEV-0569 is a dangerous group for its abuse of legitimate services and legitimate certificates. Organizations should consider educating and limiting their users regarding software installation options. Links from alternative incoming messaging such as from contact forms should be treated as thorough as links from incoming email traffic.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Impair Defenses - T1562 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: actor:DEV-0569, detection:Cobalt Strike, detection:Royal, malware-type:Ransomware, file-type:VHD, detection:NSudo, malware-type:Hacktool, detection:IcedID, Google Ads, Keitaro, Traffic distribution system, detection:Gozi, detection:BumbleBee, NirCmd, detection:BatLoader, malware-type:Loader, detection:Vidar, malware-type:Stealer, AnyDesk, GitHub, OneDrive, PowerShell, Phishing, SEO poisoning, TeamViewer, Adobe Flash Player, Zoom, Windows
Highly Sophisticated Phishing Scams Are Abusing Holiday Sentiment
(published: November 16, 2022)
From mid-September 2022, a new phishing campaign targets users in North America with holiday special pretenses. It impersonated a number of major brands including Costco, Delta Airlines, Dick's, and Sam's Club. Akamai researchers analyzed techniques that the underlying sophisticated phishing kit was using. For defense evasion and tracking, the attackers used URI fragmentation. They were placing target-specific tokens after the URL fragment identifier (a hash mark, aka HTML anchor). The value was used by a JavaScript code running on the victim’s browser to reconstruct the redirecting URL.
Analyst Comment: Evasion through URI fragmentation hides the token value from traff |
Ransomware Malware Tool Threat Guideline Medical | APT 38 | ★★★★ |
 |
2022-11-22 17:00:00 | RansomExx Upgrades to Rust (lien direct) | >IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this […] | Ransomware Malware Threat | ★★★★ | |
|
2022-11-22 16:34:35 | Ouch! Ransomware gang says it won\'t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked company\'s network (lien direct) | The Daixin ransomware gang has given a humiliating slap in the face to Air Asia, which lost the personal data of five million passengers and all of its employees earlier this month. | Ransomware | ★★★★ | |
|
2022-11-22 16:00:00 | Firms Spend $1197 Per Employee Yearly to Address Cyber-Attacks (lien direct) | The data excludes compliance fines, ransomware costs and losses from non-operational processes | Ransomware | ★★★★ | |
|
2022-11-21 22:09:06 | Alert (AA22-321A): #StopRansomware: Hive Ransomware (lien direct) | FortiGuard Labs is aware of that the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released a joint advisory for Hive ransomware as part of their #StopRansomware effort. Hive ransomware is a Ransomware-as-a-Service (RaaS) consisting of developers and affiliates. It attempts to steal data, encrypt files on victims' machines, and demand ransom recover affected files and prevent stolen data from being published to their data leak site, called "HiveLeaks," on the DarkWeb.Why is this Significant?This is significant because Hive is a Ransomware-as-a-Service (RaaS) that, according to the advisory, has victimized more than 1,300 enterprises globally and extorted 100 million US dollars. The group has been active since June 2021 and did not only target private enterprises but also essential industries such as government organizations and healthcare services. What is Hive Ransomware?Hive is a Ransomware-as-a-Service (RaaS) consisting of two groups: developers and affiliates. Hive developers create, maintain, and update Hive ransomware and infrastructures such date leak site named "HiveLeaks" and negotiant site. Hive affiliates are responsible for finding and infecting victims, exfiltrating files, and deploying Hive ransomware to the victims' network.The latest Hive ransomware iterations are written in the Rust programing language. Older variants are written in Go.Reported initial infection vectors include emails, exploiting vulnerabilities such as CVE-2020-12812, CVE-2021-31207, CVE-2021-34473 and CVE-2021-34523.Hive ransomware encrypts files on victims' machines and typically appends a ".hive" file extension to the affected files. It also drops a ransom note named "HOW_TO_DECRYPT.txt", which instructs victims to visit a negotiation site on TOR.The advisory states that Hive ransomware is known to victimize organizations that were previously infected with Hive ransomware and recovered without paying ransom.What is the Status of Protection?FortiGuard Labs provides the following AV signatures for recent Hive ransomware samples that we collected:W32/Filecoder_Hive.A!tr.ransomW32/Filecoder_Hive.B!tr.ransomW32/Hive.4a4e!tr.ransomW32/Hive.B0FF!tr.ransomW32/Hive.d10e!tr.ransomW32/Hive.FD38!tr.ransomW64/Filecoder.AW!tr.ransomW64/Filecoder_Hive.A!tr.ransomW64/Filecoder_Hive.B!tr.ransomW64/Hive.31ec!tr.ransomW64/Hive.6bcb!tr.ransomW64/Hive.71de!tr.ransomW64/Hive.7cec!tr.ransomW64/Hive.933c!tr.ransomW64/Hive.A!trW64/Hive.B0FF!tr.ransomW64/Hive.c2e4!tr.ransomW64/Hive.e550!tr.ransomW64/Hive.ea51!tr.ransomW32/Filecoder.507F!tr.ransomW32/Agent.0b0f!tr.ransomW32/Agent.32a5!tr.ransomW32/Agent.65e3!tr.ransomW32/Agent.69ce!tr.ransomW32/Agent.6d49!tr.ransomW32/Agent.7c49!tr.ransomW64/Agent.U!trAll network IOCs on the advisory are blocked by Webfiltering.FortiGuard Labs provides the following IPS signatures for the vulnerabilities reportedly exploited as initial infection vector by Hive threat actors:MS.Exchange.MailboxExportRequest.Arbitrary.File.Write (CVE-2021-31207)MS.Exchange.Server.Autodiscover.Remote.Code.Execution (CVE-2021-34473)MS.Exchange.Server.Common.Access.Token.Privilege.Elevation (CVE-2021-34523) | Ransomware Threat | ★★★ | |
 |
2022-11-21 20:46:00 | Daixin Ransomware Gang Steals 5 Million AirAsia Passengers\' and Employees\' Data (lien direct) | The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net. The threat actors allegedly claim to have obtained the personal data associated with five million | Ransomware Threat | ★★★ | |
 |
2022-11-21 18:33:41 | 10 Million Health Records from Australian Insurer Medibank are Leaked After Refusing to Pay the Ransom (lien direct) |
|
Ransomware | ★★★ | |
|
2022-11-21 16:04:59 | (Déjà vu) New Ransomware Encrypts Files & Steals Your Discord Account (lien direct) | The new ‘AXLocker’ ransomware family is not only encrypting victims’ files and demanding a ransom payment but also stealing the Discord accounts of infected users. When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer. This token can then be used to log in […] | Ransomware | ||
|
2022-11-21 14:35:40 | Spate Of Ransomware Targeting Healthcare Cost $92 Billion In Downtime Since 2018, Experts Weigh In (lien direct) | The FBI has recently warned of a spate of cyberattacks and data extortion efforts by the Hive ransomware group, particularly focusing on the health and public health sectors. Hive actors have successfully exploited more than 1,300 companies globally, just this year, receiving approximately $100 million in ransom pay-out. Comparitech recently released some related research looking at […] | Ransomware | ★★★★ | |
 |
2022-11-21 12:08:58 | Breaking the Zeppelin Ransomware Encryption Scheme (lien direct) | Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken: The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of them: An ephemeral RSA-512 public key that is randomly generated on each machine it infects. “If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files!” they wrote. “The challenge was that they delete the [public key] once the files are fully encrypted. Memory analysis gave us about a 5-minute window after files were encrypted to retrieve this public key.”... | Ransomware | ||
|
2022-11-21 10:00:00 | New AXLocker Ransomware Steals Victims\' Discord Tokens (lien direct) | Researchers also discover two additional new variants | Ransomware | ||
|
2022-11-21 09:50:09 | Sophos 2023 Threat Report: Criminals “Follow the Money” by Commercializing Cybercrime, Launching More “Innovative” Ransomware Attacks and Doubling Down on Credential Theft (lien direct) | Sophos 2023 Threat Report: Criminals “Follow the Money” by Commercializing Cybercrime, Launching More “Innovative” Ransomware Attacks and Doubling Down on Credential Theft Ransomware Remains One of the Greatest Cybercrime Threats to Organizations - Special Reports | Ransomware Threat | ||
|
2022-11-21 08:31:12 | Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild (lien direct) | >Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt, and Alice Ransomware. The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. The analysis of the code […] | Ransomware Threat | ||
 |
2022-11-21 07:02:00 | Luna Moth callback phishing campaign leverages extortion without malware (lien direct) | Palo Alto's Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time. Unit 42 stated that the campaign has cost victims hundreds of thousands of dollars and is expanding in scope.Luna Moth removes malware portion of phishing callback attack Callback phishing – or telephone-oriented attack delivery (TOAD) – is a social engineering attack that requires a threat actor to interact with the target to accomplish their objectives. It is more resource intensive but less complex than script-based attacks and it tends to have a much higher success rate, Unit 42 wrote in a blog posting. Actors linked to the Conti ransomware group had success with this type of attack with the BazarCall campaign, which focused on tricking victims into downloading the BazarLoader malware. This malware element is synonymous with traditional callback phishing attacks. Interestingly, in this campaign, Luna Moth does away with the malware portion of the attack, instead using legitimate and trusted systems management tools to interact directly with a victim's computer to manually exfiltrate data for extortion. “As these tools are not malicious, they're not likely to be flagged by traditional antivirus products,” the researchers wrote.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-11-20 19:39:40 | PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online (lien direct) | >Proof-of-concept exploit code for two actively exploited Microsoft Exchange ProxyNotShell flaws released online. Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell. The two flaws are: they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell […] | Ransomware | ★★★★ | |
 |
2022-11-20 10:07:14 | (Déjà vu) New ransomware encrypts files, then steals your Discord account (lien direct) | The new 'AXLocker' ransomware family is not only encrypting victims' files and demanding a ransom payment but also stealing the Discord accounts of infected users. [...] | Ransomware | ||
|
2022-11-20 10:07:14 | New AxLocker ransomware encrypts files, then steals your Discord account (lien direct) | The new 'AXLocker' ransomware family is not only encrypting victims' files and demanding a ransom payment but also stealing the Discord accounts of infected users. [...] | Ransomware | ||
 |
2022-11-19 23:29:55 | Cracking Zeppelin (lien direct) | A few days ago Brian Krebs published a piece about Zeppelin key cracking, so … since I was also involved in recovering files for some of the ransomware gang victims […] | Ransomware | ||
|
2022-11-19 19:27:12 | DEV-0569 group uses Google Ads to distribute Royal Ransomware (lien direct) | >Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The DEV-0569 group carries out […] | Ransomware Threat | ||
|
2022-11-19 12:54:00 | Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware (lien direct) | A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. "Observed DEV-0569 attacks show a pattern of continuous innovation, with | Ransomware Malware Threat | ||
|
2022-11-18 15:18:03 | Netskope Threat Coverage: Prestige Ransomware (lien direct) | >Summary In October 2022, a novel ransomware named Prestige was found targeting logistics and transportation sectors in Ukraine and Poland. According to Microsoft, victims affected by Prestige overlap with previous victims targeted by HermeticWiper, spotted in February 2022. The research also shows that the attackers deployed the ransomware within an hour between all victims, abusing […] | Ransomware Threat | ||
 |
2022-11-18 14:51:32 | Que nous réserve l\'avenir cyber ? Tour du monde des prévisions 2023 (lien direct) | >Selon les prédictions des experts, il faut s'attendre à ce que l'année 2023 soit marquée par une augmentation des cyberattaques à visée politique, des activités malveillantes de groupes de ransomware en chasse de données médicales et personnelles, et des bouleversements majeurs dans la cybersécurité dus à la pénurie mondiale de semi-conducteurs sont à prévoir. The post Que nous réserve l'avenir cyber ? Tour du monde des prévisions 2023 first appeared on UnderNews. | Ransomware | ||
|
2022-11-18 14:15:00 | Emerging Threat Actor DEV-0569 Expands Its Toolkit to Deliver Royal Ransomware (lien direct) | As well as malvertising and phishing links, the new threat actor is now also using contact forms to deliver its payloads, found Microsoft | Ransomware Threat | ||
|
2022-11-18 13:17:00 | Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide (lien direct) | The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information | Ransomware Threat | ||
|
2022-11-18 11:30:22 | Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies (lien direct) | >Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022. The threat actors behind the Hive ransomware-as-a-service (RaaS) have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. cybersecurity and intelligence authorities. “As of November 2022, […] | Ransomware Threat | ||
 |
2022-11-18 10:29:12 | Hive Ransomware Gang Hits 1,300 Businesses, Makes $100 Million (lien direct) | The Hive ransomware gang has victimized more than 1,300 businesses, receiving over $100 million in ransom payments over the past year and a half, US government agencies say. | Ransomware | ||
|
2022-11-18 09:30:00 | Hive Ransomware Has Made $100m to Date (lien direct) | CISA notice warns of 1300 victims and counting | Ransomware | ||
 |
2022-11-18 08:00:32 | IT threat evolution Q3 2022 (lien direct) | Recent APT campaigns, a sophisticated UEFI rootkit, new ransomware for Windows, Linux and ESXi, attacks on foreign and crypto-currency exchanges, and malicious packages in online code repositories. | Ransomware Threat | ||
|
2022-11-18 02:30:26 | Researchers Quietly Cracked Zeppelin Ransomware Keys (lien direct) | Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things,… Read More » | Ransomware | ||
|
2022-11-17 22:25:09 | Two public schools in Michigan hit by a ransomware attack (lien direct) | >Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems. The public schools started experiencing a systems outage affecting critical operating […] | Ransomware | ||
|
2022-11-17 15:07:02 | Previously unidentified ARCrypter ransomware expands worldwide (lien direct) | A previously unknown 'ARCrypter' ransomware that compromised key organizations in Latin America is now expanding its attacks worldwide. [...] | Ransomware | ||
|
2022-11-17 13:50:00 | BrandPost: Fortinet\'s FortiGuard Labs Recaps State of Ransomware Settlements (lien direct) | It's painfully obvious at this point that ransomware continues to grow in popularity. As Fortinet's FortiGuard Labs team found, the number of new ransomware variants doubled in just the first half of 2022 compared to the previous six-month period. It's no wonder more companies are turning to cyber insurance to help recoup their losses when they do have to pay a ransomware settlement.That's an option – but think of it as a parachute for your parachute; it doesn't take the place of having all of your other safety guards in place. Cyber insurance can also be a double-edged sword. It has grown in popularity and usually compensates for losses brought on by hacking and data theft, extortion and destruction. Because it sometimes covers ransomware costs, it may seem like a reasonable way to address this threat.To read this article in full, please click here | Ransomware | ||
|
2022-11-17 12:36:52 | WithSecure, Biden Officals Pressed By Lawmakers On Cyber Reporting Legislation (lien direct) | Following the news that Biden's officials are being pressed by lawmakers on cyber reporting legislation as overseas threats and ransomware evolves, Information security experts reacted below. | Ransomware | ||
 |
2022-11-17 09:35:35 | Black Basta aurait des liens avec les pirates de FIN7 (lien direct) | Des recherches sur le ransomware Black Basta démontreraient des preuves reliant le groupe de rançongiciels aux pirates informatiques FIN7, un groupe de hackers malveillants connu sous le nom de Carbanak. | Ransomware | ||
|
2022-11-16 22:04:01 | Rubrik lance Rubrik Cyber Recovery (lien direct) | Rubrik renforce la récupération des attaques par ransomware avec le lancement de Rubrik Cyber Recovery Cette dernière version faisant partie de Rubrik Security Cloud, améliore la cyber-préparation grâce à des capacités réelles et de simulation de récupération. Cette nouvelle fonctionnalité élimine l'incertitude liée à la récupération suite à des rançongiciels. - Produits | Ransomware | ||
|
2022-11-16 21:51:52 | Comment on Australian Goverment plans to outlawing ransomware paymennts - Tyler Moffitt, OTSS (lien direct) | Comment on Australian Goverment plans to outlawing ransomware paymennts - Tyler Moffitt, OTSS - Opinion | Ransomware | ||
|
2022-11-16 11:00:00 | Holiday, Weekend Ransomware Attacks Continue to Hit Companies Hard (lien direct) |
As the holidays approach, security leaders wanting to give their teams some much deserved extra time off may get caught in a bind. After all, ransomware actors love to wreak havoc when organizations' human defenses are trying to sleep in heavenly peace. |
Ransomware Guideline | ||
|
2022-11-16 09:30:00 | LockBit Remains Most Prolific Ransomware in Q3 (lien direct) | Phobos is a close second, according to Trellix | Ransomware | ||
 |
2022-11-16 03:54:28 | (Déjà vu) ASEC Weekly Malware Statistics (November 7th, 2022 – November 13th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 7th, 2022 (Monday) to November 13th (Sunday). For the main category, downloader ranked top with 37.8%, followed by Infostealer with 27.1%, banking malware with 22.9%, backdoor with 11.2%, ransomware with 0.5%, and CoinMiner with 0.5%. Top 1 – Emotet Emotet which has resurfaced after six months ranked first place with 22.9%. Emotet... | Ransomware Malware | ||
|
2022-11-16 03:54:04 | DAGON LOCKER Ransomware Being Distributed (lien direct) | It was discovered that the DAGON LOCKER ransomware (hereinafter referred to as “DAGON”) is being distributed in Korea. It was first found through AhnLab ASD infrastructure’s suspicious ransomware behavior block history. In October, it was also reported to AhnLab as a suspicious file by a Korean organization. DAGON is commonly distributed through phishing mails or as an attachment to emails, but because it is a ransomware-as-a-service, the distribution route and target can vary according to the threat actor. As the... | Ransomware Threat |
To see everything:
Our RSS (filtrered)
