What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-26 07:17:37 | LockBit claims ransomware attack on Italian tax agency (lien direct) | Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service (L'Agenzia delle Entrate). [...] | Ransomware | ||
 |
2022-07-26 06:00:00 | L'équipe rouge mandiante émule les tactiques FIN11 pour contrôler les serveurs de technologie opérationnelle Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers (lien direct) |
Au cours des deux dernières années, les incidents de ransomwares ont eu un impact sur des milliers d'organisations d'infrastructure industrielles et critiques.Dans certains cas, Mandiant a observé comment ces intrusions perturbent les chaînes de production industrielles et les flux de travail opérationnels comme méthode pour inciter le paiement des rançons.Bien que dans la plupart des cas, les victimes aient subi des dommages-intérêts exclusivement limités aux systèmes d'entreprise, cela ne signifie pas que les systèmes de technologie opérationnelle (OT) ne sont pas à risque.
La nature de la technologie OT et les défis de la défense signifie que de nombreux réseaux OT ont Sécurité Gaps que
During the last couple of years, ransomware incidents have impacted thousands of industrial and critical infrastructure organizations. In some cases, Mandiant has observed how these intrusions disrupt industrial production chains and operational workflows as a method to incentivize the payment of ransoms. Although in most cases victims have suffered damages exclusively restricted to enterprise systems, this does not mean that operational technology (OT) systems are not at risk. The nature of OT technology and the challenges of defending it means that many OT networks have security gaps that |
Ransomware Industrial | ★★★ | |
 |
2022-07-25 19:47:15 | Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs (lien direct) | Several threat actors used Amadey Bot previously to steal information and distribute malware such as the GandCrab ransomware and the FlawedAmmy RAT. | Ransomware Malware Threat | ||
 |
2022-07-25 16:09:09 | Ransomware group targets Italian tax agency (lien direct) | >LockBit, one of the most prolific ransomware operations, claims to have 100GB of data from the agency. | Ransomware | ||
 |
2022-07-25 13:12:21 | Ransomware Groups Get Smaller and More Social (lien direct) |
The Colonial Pipeline ransomware attack of 2021 put infrastructure operators on notice that they were directly in the crosshairs of big ransomware gangs. The reaction of law enforcement seems, however, to have also put the gangs on notice that their ability to operate with impunity isn't what it used to be. The big criminal operations seem to be breaking up. That's not because they've gone straight. It's because they've realized that they're more vulnerable than they used to be. |
Ransomware | ||
 |
2022-07-25 13:00:00 | U.S. Cybersecurity Policy Has Changed Since the Colonial Pipeline Attack (lien direct) | >More than a year ago, a ransomware attack made the news across the nation. The Colonial Pipeline Company announced on May 7, 2021, that the DarkSide Ransomware-as-a-Service group, based in eastern Europe, had hit it. The FBI has since confirmed DarkSide, which has since shut down, as the threat actors. What’s changed about U.S. cyber […] | Ransomware Threat | ||
 |
2022-07-25 12:20:21 | US Offers $15m Reward For HSE Hackers (lien direct) | As reported by The Times, US authorities have offered a $15 million (€14.7 million) reward for information leading to the arrest or conviction of members of the Conti group, the criminals blamed for last year’s crippling ransomware attack on the HSE. The US State Department has also offered a bounty of up to $5 million […] | Ransomware Guideline | ||
 |
2022-07-25 11:06:59 | What Are Ransomware Attacks? An In-Depth Guide (lien direct) | >
We all love to spend time surfing the web - whether we're shopping, paying bills, or reacting to funny memes....
|
Ransomware | ||
 |
2022-07-25 11:01:11 | Lockbit ransomware gang claims to have breached the Italian Revenue Agency (lien direct) | >The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate). The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. “The Revenue Agency, operational since 1 January […] | Ransomware | ||
 |
2022-07-25 05:21:11 | Change in Magniber Ransomware (*.msi → *.cpl) – July 20th (lien direct) | Since February 2022, Magniber has been using a Windows installer package file (.msi) instead of IE browser vulnerability for its distribution. The ransomware includes a valid certificate and was distributed as DLL form inside the MSI file. However, starting from July 20th (Wednesday), it is now being distributed as a CPL file extension instead of MSI. As the cases of using an MSI file for distribution are decreasing, the attacker of Magniber likely has changed the method of distribution. (July... | Ransomware Vulnerability | ||
|
2022-07-25 05:17:47 | (Déjà vu) ASEC Weekly Malware Statistics (July 11th, 2022 – July 17th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 11th, 2022 (Monday) to July 17th, 2022 (Sunday). For the main category, info-stealer ranked top with 52.2%, followed by backdoor with 26.8%, downloader with 19.7%, banking with 0.6%, and ransomware with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.9%. It is an info-stealer that leaks... | Ransomware Malware | ||
 |
2022-07-25 00:00:00 | Sécurisez votre technologie opérationnelle (OT) contre les attaques en ligne avec un nouveau programme de diplôme professionnel de la cybersécurité Secure your Operational Technology (OT) against online attacks with new cyber security professional diploma programme (lien direct) |
As featured in The Independent, Prof. Thomas Newe, Associate Professor with UL\'s Department of Electronic and Computer Engineering, explains why the new cyber security professional diploma programme is particularly beneficial for IT professionals who are unfamiliar with OT. The article is included below or via this link: independent.ie --- Cyber security: why it matters Cyber security has been pushed to the forefront of public consciousness in recent years, thanks to a spate of high-profile hacks and ransomware attacks that have occurred both internationally and in Ireland. Vital business operations in many industries are increasingly carried out and managed online, which has given rise to a heightened need for comprehensive digital security training and awareness. One of the primary concerns of industry leaders in the manufacturing field is how they can secure the seamless functioning of their OT (Operational Technology) systems. OT is a term that describes hardware and software which is used to oversee and control the physical devices, processes and events associated with any given business enterprise. With the advent of Industry 4.0, which seeks to establish automated protocols and operation guidelines for the manufacturing industry, the secure functioning of OT systems underpinning manufacturing processes is paramount. Unlike IT attacks that generally target data, OT attacks focus on industrial control systems (ICS), leading to a tangible physical impact. For example, during a 2017 Triton/Trisis cyberattack on a Middle East petrochemical plant\'s safety instrumentation system, the attackers triggered an outage that could have led to the release of toxic hydrogen sulphide gas or caused explosions. In the USA, the Colonial Pipeline ransomware cyberattack in May 2021 threatened the security of the company\'s oil pipeline infrastructure. This incident highlighted the need for OT engineers to understand and be able to defend against sophisticated cyber attacks. Whilst cyber attacks exist in the digital space, they can have a real and tangible effect on the physical world. Bridging the educational gap Recent hacks within vital sectors of the Irish economy have highlighted both the pressing need for workers who are highly skilled in cyber security, and the current shortage of such workers. The Professional Diploma in OT Security is an innovative new programme that bridges this urgent educational gap. This diploma is jointly offered by two HEA-Human Capital Initiatives: Cyber Skills (Ireland\'s leading cyber security initiative) and UL@Work (a University of Limerick-based initiative that provides digital skills programmes to thoroughly prepare graduates for the workplace). Cyber Skills was established in order to address the critical skills shortage in cyber security by providing flexible, university-accredited online micro-credentials and pathways, delivered by lecturers who are experts in their field. Cyber Skills\' courses have been created by academic leaders in MTU, UL and TU Dublin, as well as the institute\'s industry partners. Integrating OT and IT knowledge The Professional Diploma in OT Security is designed to develop the skills of emerging cyber security experts in Smart Manufacturing. The diploma is ideal for professionals who are directly or indirectly involved in integrating OT and IT systems to facilitate Industry 4.0 standards in their organisation. Programme lecturers actively encourage individuals and companies to invest in their employees\' skills, knowledge and training, in order to protect and strengthen their organisation\'s defence against cyber attacks. Prof. Thomas Newe, Associate Professor with UL\'s Department of Electronic and Computer Engineering, explains that the diploma is particularly beneficial for IT professionals who are unfamiliar with OT. “The course really helps IT engineers to better understand OT, and learn how IT securely interfaces with it.” Deeper understanding and career progression: what students can expect The course curriculum will give participants a s | Ransomware Hack Threat Industrial | ★★ | |
 |
2022-07-25 00:00:00 | LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities (lien direct) | In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware. | Ransomware | ||
 |
2022-07-24 22:00:19 | H0lyGh0st Ransomware Used to Target SMBs (lien direct) | FortiGuard Labs is aware of a report that H0lyGh0st ransomware was primarily used against "small-to-midsized businesses, including manufacturing organizations, banks, schools, and event and meeting planning companies". Microsoft attributed the ransomware to a North Korean hacking group. After the victim's networks are infiltrated, the threat actor then exfiltrates information which then deploys H0lyGh0st ransomware that encrypts files.Why is this Significant?This is significant as H0lyGh0st ransomware is a newly reported ransomware that was deployed to compromised small-to-midsized businesses by an alleged North Korean hacking group in newly discovered attacks.What is H0lyGh0st Ransomware?H0lyGh0st is a ransomware which encrypts files on a compromised machine for financial gain. After the victim's networks are compromised, the threat actor will exfiltrate information from the victim's machine. Then, H0lyGhst ransomware is deployed and encrypts files. The ransomware adds a ".h0lyenc" file extension to the affected files and leaves a ransom note in FOR_DECRYPT.html.The html file includes ransom message below:Please Read this text to decrypt all files encrypted.We have uploaded all files to cloud. Url: [redacted]Don't worry, you can return all of your files immediately if you pay.If you want to restore all of your files, Send mail to [redacted] with your Id. Your ID is [redacted]Or install tor browser and contact us with your id or [redacted] (If all of pcs in your company are encrypted).Our site : "A link to H0lyGh0st Onion site"After you pay, We will send unlocker with decryption keyAttention1. Do not rename encrypted files.2. Do not try to decrypt your data using third party software, it may cause permanent data loss.3. Decryption of your files with the help of third parties may cause increase price.4. Antivirus may block our unlocker, So disable antivirus first and execute unlocker with decryption key.According to the report, the ransom amount ranges from 1.2 to 5 Bitcoins, which amounts to 26,000 to 110,000 US dollars based on the exchange rate as of this publishing.What are the Initial Attack Vectors?While initial attack vectors have not been identified, CVE-2022-26352 is called out as a potential vulnerability that was exploited to break into target networks. CVE-2022-26352 is a critical arbitrary file upload vulnerability in dotCMS. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file be saved in target server and lead to remote code execution.Has the Vendor Released a Fix for CVE-2022-26352?Yes, a patch is available. For more information, see the Appendix for a link to "SI-62: Multipart File Directory Traversal can lead to remote execution".What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against known samples of H0lyGh0st ransomware:W64/Filecoder.788A!tr.ransomW32/Filecoder.AX!trW64/Agent.ACR!trW32/PossibleThreatMalicious_Behavior.SBFortiGuard Labs provides the following IPS coverage for CVE-2022-26352:DotCMS.API.Content.Arbitrary.File.Upload (default action is set to pass)Known network IOCs for H0lyGh0st ransomware are blocked by the WebFiltering client. | Ransomware Vulnerability Threat Guideline | ||
|
2022-07-23 18:27:23 | FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks (lien direct) | >The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in […] | Ransomware Threat | ||
|
2022-07-22 16:43:09 | Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments (lien direct) | Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology. | Ransomware Malware Threat | ||
 |
2022-07-22 11:20:00 | Cybercrime escalates as barriers to entry crumble (lien direct) | An underground economy that mirrors its legitimate ecommerce counterpart is supercharging online criminal behavior, according to a report released Thursday by HP Wolf Security in collaboration with Forensic Pathways. Cybercriminals are now operating on a professional footing with easy-to-launch malware and ransomware attacks being offered on a software-as-a-service (SaaS) basis, allowing people with even rudimentary IT skills to launch cyberattacks at targets of their choosing, the report notes.It found that competition in the underground has driven down the price of malicious tools, making them affordable to anyone. In an analysis of 174 exploits advertised on the dark web, HP Wolf researchers found an overwhelming number (91%) were selling for less than $10. A look at 1,653 malware ads revealed more than three quarters (76%) selling for under $10. And on average, information stealers were selling for $5, remote access Trojans (RATs) for $3, exploits for $2.23, and crypters for $1.To read this article in full, please click here | Ransomware Malware | ||
 |
2022-07-22 09:19:34 | Apparition de failles dans l\'écosystème des ransomwares (lien direct) | Selon le Centre national de cybersécurité (NCSC) du Royaume-Uni, les ransomwares représentent la menace qui pèse le plus actuellement sur les entreprises du monde entier. L'époque où ils ciblaient une seule machine et tentaient d'extorquer un utilisateur en lui volant ses données est révolue. La menace est organisée et sophistiquée, grâce à une technologie qui s'est démocratisée au point que le ransomware est devenu une véritable industrie. Certains opérateurs de ransomware ciblent les MSP (fournisseurs de (...) - Malwares | Ransomware | ||
|
2022-07-21 22:15:19 | Researchers uncover potential ransomware network with U.S. connections (lien direct) | >Researchers at Censys found what appears to be a command and control network capable of launching attacks, including one host in Ohio. | Ransomware | ||
|
2022-07-21 15:24:41 | Luna in Rust : un nouveau groupe de ransomware utilisant un langage de programmation inter-plateforme fait surface (lien direct) | Les chercheurs de Kaspersky ont découvert un nouveau groupe de ransomware, dont l'activité vient davantage confirmer la tendance des acteurs du rançongiciel à se tourner vers des fonctionnalités inter-plateforme. Le groupe, surnommé Luna, utilise des ransomwares écrits en Rust, un langage de programmation déjà utilisé par les gangs BlackCat et Hive, entre autres. Il leur permet de facilement transférer les logiciels malveillants d'un système d'exploitation à un autre. Cette découverte, ainsi que (...) - Malwares | Ransomware | ★★★ | |
 |
2022-07-21 14:27:14 | Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR (lien direct) | >Malwarebytes Endpoint Detection and Response can fight-and defeat-advanced ransomware that other security solutions miss. In this post, we'll walk through what it looks like to deal with a ransomware attack using Malwarebytes EDR. | Ransomware | ||
|
2022-07-21 14:00:00 | The Kronos Ransomware Attack: What You Need to Know So Your Business Isn\'t Next (lien direct) | Identify your business's security posture and head off ransomware attacks with third-party risk management and vendor security assessments. | Ransomware | ||
|
2022-07-21 13:39:00 | Ransomware attacks slowing as 2022 wears on (lien direct) | Total ransomware attacks for the second quarter of 2022 totaled 574, representing a 34% slowdown compared to the first quarter of the year, according to a report released Thursday by GuidePoint Research.The most impacted industries were manufacturing and construction, GuidePoint's report said, accounting for 18.3% of all claimed attacks during the quarter. The tech sector was also heavily targeted, as were government agencies. The US was the most-attacked country, according to the report, representing nearly a quarter of all global ransomware victims.To read this article in full, please click here | Ransomware | ||
 |
2022-07-21 01:25:01 | FBI Seizes $500,000 Ransomware Payments and Crypto from North Korean Hackers (lien direct) | The U.S. Department of Justice (DoJ) has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. "The seized funds include ransoms paid by healthcare providers in Kansas and Colorado," the DoJ said in a press release issued Tuesday. The recovery of the bitcoin ransoms | Ransomware | ||
|
2022-07-21 00:17:28 | (Déjà vu) ASEC Weekly Malware Statistics (July 4th, 2022 – July 10th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 4th, 2022 (Monday) to July 10th, 2022 (Sunday). For the main category, info-stealer ranked top with 43.9%, followed by downloader with 27.2%, backdoor with 21.1%, banking with 6.1%, ransomware with 1.1%, and coinminer with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 27.2%. It is an... | Ransomware Malware | ||
|
2022-07-21 00:06:36 | Amadey Bot Being Distributed Through SmokeLoader (lien direct) | Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey was used on attacks in the ASEC blog posted in 2019 (English version unavailable). Amadey was mainly used to install ransomware by attackers of GandCrab or to install FlawedAmmyy by... | Ransomware Malware | ||
|
2022-07-20 23:41:12 | Change in Injection Method of Magniber Ransomware (lien direct) | The ASEC analysis team is constantly monitoring Magniber, which has a higher number of distribution cases. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed as a Windows installer package file (.msi) on Edge and Chrome browsers. Magniber, which is being distributed as Windows installation package file (.msi), has hundreds of distribution logs reported every day (see... | Ransomware Vulnerability | ||
|
2022-07-20 20:16:43 | New Luna ransomware targets Windows, Linux and ESXi systems (lien direct) | >Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. Luna ransomware is the third ransomware family that is written […] | Ransomware | ||
|
2022-07-20 18:22:54 | Feds Recoup $500K From Maui Ransomware Gang (lien direct) | Law enforcement hopes that retuning ransom payments to impacted businesses will demonstrate that working with the feds following a cybersecurity breach is "good business." | Ransomware | ||
|
2022-07-20 15:50:14 | Another ransomware payment recovered by the Justice Department (lien direct) | >The Justice Department announced it was able to forfeit ransomware payments made by health care organizations in Kansas and Colorado. | Ransomware | ||
 |
2022-07-20 13:49:40 | Ransomware Attacks by the Numbers - and How to Defend Against Them (lien direct) |
Ransomware is an ever-evolving type of malware that has been around for more than two decades. First appearing in the late 1980s and growing in popularity and complexity in the early 2010s, Ransomware has risen to an unprecedented level with multi-million dollar ransom demands in attacks against companies like Colonial Pipeline, JBS Foods and other critical infrastructure providers. |
Ransomware Malware | ||
 |
2022-07-20 12:35:02 | Conti\'s Reign of Chaos: Costa Rica in the Crosshairs (lien direct) | Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica? | Ransomware | ||
 |
2022-07-20 08:12:00 | DOJ Recovers $500K Paid to North Korean Ransomware Actors (lien direct) | Payments were made by at least two healthcare providers | Ransomware | ||
 |
2022-07-20 08:00:31 | Luna and Black Basta - new ransomware for Windows, Linux and ESXi (lien direct) | This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta. | Ransomware | ||
|
2022-07-20 05:00:44 | New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems (lien direct) | Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it's called, is "fairly simple" and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption. "Both the Linux and ESXi | Ransomware Malware | ||
|
2022-07-19 19:24:43 | Post-Breakup, Conti Ransomware Members Remain Dangerous (lien direct) | The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say. | Ransomware | ||
 |
2022-07-19 15:10:00 | Anomali Cyber Watch: H0lyGh0st Ransomware Earns for North Korea, OT Unlocking Tools Drop Sality, Switch-Case-Oriented Programming for ChromeLoader, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, DDoS, North Korea, Obfuscation, Phishing, Ransomware, Russia, Trojans, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Digium Phones Under Attack: Insight Into the Web Shell Implant
(published: July 15, 2022)
Palo Alto Unit42 researchers have uncovered a large-scale campaign targeting Elastix VoIP telephony servers used in Digium phones. The attackers were exploiting CVE-2021-45461, a remote code execution (RCE) vulnerability in the Rest Phone Apps (restapps) module. The attackers used a two-stage malware: initial dropper shell script was installing the PHP web shell backdoor. The malware achieves polymorphism through binary padding by implanting a random junk string into each malware download. This polymorphism allowed Unit42 to detect more than 500,000 unique malware samples from late December 2021 till the end of March 2022. The attackers use multilayer obfuscation, schedules tasks, and new user creation for persistence.
Analyst Comment: Potentially affected FreePBX users should update their restapps (the fixed versions are 15.0.20 and 16.0.19, or newer). New polymorphic threats require a defense-in-depth strategy including malware sandbox detection and orchestrating multiple security appliances and applications.
MITRE ATT&CK: [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Indicator Removal on Host - T1070 | [MITRE ATT&CK] Ingress Tool Transfer - T1105
Tags: CVE-2021-45461, Digium Asterisk, PHP Web Shell, Binary padding, Rest Phone Apps, restapps, FreePBX, Elastix
North Korean Threat Actor Targets Small and Midsize Businesses with H0lyGh0st Ransomware
(published: July 14, 2022)
Microsoft researchers have linked an emerging ransomware group, H0lyGh0st Ransomware (DEV-0530) to financially-motivated North Korean state-sponsored actors. In June-October 2021, H0lyGh0st used SiennaPurple ransomware family payloads written in C++, then switched to variants of the SiennaBlue ransomware family written in Go. Microsoft detected several successfully compromised small-to-mid-sized businesses, including banks, event and meeting planning companies, manufacturing organizations, and schools.
Analyst Comment: Small-to-mid-sized businesses should consider enforcing multi-factor authentication (MFA) on all accounts, cloud hardening, and regular deployment of updates with Active Directory being the top priority.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Scheduled Task - T1053 | |
Ransomware Malware Tool Vulnerability Threat Guideline | ||
|
2022-07-19 14:00:00 | Former Conti Actors Remain Active in Cybercrime Underworld (lien direct) | Researchers have observed signs of overlap between several ransomware gangs and Conti | Ransomware | ||
|
2022-07-19 14:00:00 | Protecting Against Kubernetes-Borne Ransomware (lien direct) | The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended. | Ransomware Malware | Uber | |
|
2022-07-19 13:13:44 | British Jeweller Graff Paid £6 Million Ransom To Attackers Then Sued Insurers (lien direct) | As reported by SecurityAffairs, in September 2021, the Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons. Graff decided to pay a £6m ($7.5 million) ransom to Conti to avoid the leak of its customers' data and sued its insurance company Travelers for refusing […] | Ransomware Guideline | ||
|
2022-07-19 13:00:00 | Hospital Ransomware Attack: Here\'s What a Cybersecurity Success Story Sounds Like (lien direct) | Major ransomware attacks are scary, but against hospitals, they are even worse. One notable attack in August 2021 forced Ohio’s Memorial Health System emergency room to shut down (patients were diverted to other hospitals). In all hospital attacks, the health, safety, privacy and lives of patients face risk. But this incident also shows that whether targets […] | Ransomware | ★★★★★ | |
|
2022-07-19 12:16:00 | Copyright Claim Email is a LockBit Ransomware Phishing Attack in Disguise (lien direct) |
|
Ransomware | ||
|
2022-07-18 23:07:00 | Ransomware Roundup: Protecting Against New Variants (lien direct) | The latest edition of the Ransomware Roundup from FortiGuard Labs covers the LockBit, BlueSky, Deno, RedAlert, Dark Web Hacker, Hive, and Again ransomware. Read to learn more about protections. | Ransomware | ||
|
2022-07-18 16:00:00 | Ransomware Attempts Flag as Payments Also Decline (lien direct) | Telecom and business services see the highest level of attacks, but the two most common ransomware families, which continue to be LockBit and Conti, are seen less often. | Ransomware | ||
|
2022-07-18 14:45:26 | Malicious Life Podcast: Kurtis Minder - Ransomware Negotiations (lien direct) |
|
Ransomware | ||
|
2022-07-18 08:20:47 | 20 juillet 10h00 - Webcasts Arcserve : Sauvegarder ses données c\'est bien, pouvoir les récupérer c\'est mieux ! (lien direct) | Découvrez notre webcast autour de Cloud Hybrid et inscrivez-vous dés maintenant. Mercredi, 20 juillet 2022, à 10 h Sauvegarder ses données c'est bien, pouvoir les récupérer c'est mieux ! Découvrez comment Cloud Hybrid peut vous sauver la mise. L'élaboration d'une stratégie dans le cloud s'accompagne souvent de nombreux défis. Les données et les applications distribuées, les menaces des ransomware et SLAs inadaptés sont devenus des obstacles majeurs pour de nombreuses équipes informatiques. (...) - Événements / evenement_milieu | Ransomware | ★★★★ | |
|
2022-07-18 07:23:20 | Graff paid a $7.5M ransom and sued its insurance firm for refusing to cover this payment (lien direct) | >The high-end British jeweler Graff paid a £6 million ransom after the ransomware attack it suffered in 2021. In September 2021, the Conti ransomware gang hit high society jeweler Graff and threatens to release private details of world leaders, actors and tycoons The customers of the company are the richest people on the globe, including […] | Ransomware Guideline | ||
 |
2022-07-16 14:34:10 | North Koreans spotted harassing SMBs with malware (lien direct) | Also: Lawyers told to dissuade clients from paying off ransomware crooks, and more In brief SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year.… | Ransomware Malware | ||
|
2022-07-15 16:26:53 | Emerging H0lyGh0st Ransomware Tied to North Korea (lien direct) | Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530. | Ransomware Threat | ||
|
2022-07-15 15:08:00 | North Korean Threat Actor Targeting SME Businesses with Ransomware (lien direct) | The group, going by the name H0lyGh0st, has been developing and conducting cross-national malware attacks for over a year | Ransomware Malware Threat |
To see everything:
Our RSS (filtrered)
