What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-09 12:43:56 | Ransomware Attack Hits Production Facilities of Agricultural Equipment Giant AGCO (lien direct) | Agricultural equipment giant AGCO says its business operations have been impacted after falling victim to a ransomware attack last week. AGCO designs, makes, and distributes agricultural machinery and precision technology, offering equipment under brands such as Challenger, Fendt, Massey Ferguson, and Valtra. | Ransomware | ★★★ | |
 |
2022-05-09 12:40:12 | How Do Ransomware Attacks Impact Victim Organizations\' Stock? (lien direct) |
Ransomware has developed into an extremely lucrative business model with little risk involved for the threat actors. Couple this with the willingness of most victim organizations to pay the ransom demand under the assumption it will return business operations to normal–ultimately encouraging more attacks–and we have a big problem with no easy remedies. |
Ransomware Threat | ★★★ | |
 |
2022-05-09 09:50:24 | US government offers up to $15m for Conti info (lien direct) | Authorities in the US have offered up to $15 million in rewards for information leading to the identification, arrest, and/or conviction of any individual affiliated with Conti ransomware variant attacks. The money, offered under the Department of State's Transnational Organized Crime Rewards Program (TOCRP), is split into two pots: up to $10m for information on […] | Ransomware Guideline | ★★★ | |
 |
2022-05-09 00:00:00 | Examining the Black Basta Ransomware\'s Infection Routine (lien direct) | We analyze the Black Basta ransomware and examine the malicious actor's familiar infection tactics.
|
Ransomware | ||
 |
2022-05-08 20:58:14 | Conti ransomware claims to have hacked Peru MOF – Dirección General de Inteligencia (DIGIMIN) (lien direct) | Conti Ransomware gang claims to have hacked the Peru MOF – Dirección General de Inteligencia (DIGIMIN) and stolen 9.41 GB. The Conti ransomware gang added the Peru MOF – Dirección General de Inteligencia (DIGIMIN) to the list of its victims on its Tor leak site. The National Directorate of Intelligence is the premier intelligence agency […] | Ransomware | ||
 |
2022-05-08 20:28:43 | U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers (lien direct) | The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convict individuals who are conspiring or attempting to affiliate with the group in a ransomware attack. | Ransomware Guideline | ||
|
2022-05-08 11:10:10 | US agricultural machinery manufacturer AGCO suffered a ransomware attack (lien direct) | The American agricultural machinery manufacturer AGCO announced that has suffered a ransomware attack that impacted its production facilities. AGCO, one of the most important agricultural machinery manufacturers, announced that a ransomware attack impacted some of its production facilities. The company was forced to shut down portions of its IT systems in response to the incident. AGCO did […] | Ransomware | ||
|
2022-05-08 08:01:13 | US DoS offers a reward of up to $15M for info on Conti ransomware gang (lien direct) | The US Government offers up to $15 million for information that helps identify and locate leadership and co-conspirators of the Conti ransomware gang. The US Department of State offers up to $15 million for information that helps identify and locate leadership and co-conspirators of the Conti ransomware gang. The reward is offered under the Department […] | Ransomware Guideline | ||
 |
2022-05-06 18:14:04 | Expert Advise On Colonial Pipeline Ransomware Attack Anniversary (lien direct) | This week is the anniversary of the Colonial Pipelines attack, which saw one of the biggest pipelines in the US temporarily shut down, following a ransomware attack by DarkSide, a ransomware-as-a-service group that is believed to be linked to Russia. Not only did the attack affect millions but heralded a new era of cybercrime. In […] | Ransomware | ★★★ | |
 |
2022-05-06 18:03:35 | One year removed from the Colonial Pipeline attack, what have we learned? (lien direct) | Several businesses in critical infrastructure were forced to confront some hard truths in the wake of the 2021 ransomware attack. | Ransomware | ★★★ | |
 |
2022-05-06 06:43:27 | macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis (lien direct) | Ransomware (43% of analyzed threat data), backdoors (35%) and trojans (17%) were the most popular macOS malware categories spotted by CrowdStrike researchers in 2021 OSX.EvilQuest (ransomware), OSX.FlashBack (backdoor) and OSX.Lador (trojan) were the most prevalent threats in their respective categories To strengthen customer protection, CrowdStrike researchers continuously build better automated detection capabilities by analyzing and […] | Ransomware Malware Threat | ★★★ | |
|
2022-05-05 13:47:10 | Webinar May 25th 2022: Organizations at Risk: Ransomware Attackers Don\'t Take Holidays (lien direct) |
Join us for this webinar as we delve into research findings about the risk to organizations from ransomware attacks that occur on weekends and holidays and how you can better prepare to defend against and respond to attacks designed to hit when your organization is most vulnerable. |
Ransomware | ||
 |
2022-05-05 12:45:00 | Latest Cohort Announced for NCSC For Startups (lien direct) | The new cohort was chosen for their innovative approaches to tackling the growing ransomware threat | Ransomware | ★★★★★ | |
 |
2022-05-05 12:20:10 | VHD Ransomware Linked to North Korea\'s Lazarus Group (lien direct) | Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said. | Ransomware Medical | APT 38 APT 28 | |
 |
2022-05-05 11:28:04 | GUEST ESSAY: Leveraging \'zero trust\' and \'remote access\' strategies to mitigate ransomware risks (lien direct) | Ransomware? I think you may have heard of it, isn't the news full of it? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. Related: Make it costly for cybercriminals The … (more…) | Ransomware | ||
 |
2022-05-04 17:08:35 | VHD Ransomware Variant Linked to North Korean Cyber Army (lien direct) | Researchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors. | Ransomware | ||
 |
2022-05-04 13:28:52 | FIN12 Threat Group Speeds Up Ransomware Attacks to Just Two Days After Initial Access (lien direct) |
As detection times are reducing across the board, threat groups are improving their craft and are prioritizing speed as the key ingredient in ransomware attacks. |
Ransomware Threat | ||
|
2022-05-04 12:39:23 | Experts linked multiple ransomware strains North Korea-backed APT38 group (lien direct) | Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. The ransomware was employed in attacks on financial institutions, experts estimated that APT38 (Unit 180 of North Korea’s cyber-army Bureau 121) has stolen at hundreds of million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […] | Ransomware Medical | APT 38 | |
|
2022-05-04 10:37:29 | Vulnerabilities Allow Hijacking of Most Ransomware to Prevent File Encryption (lien direct) | A researcher has shown how a type of vulnerability affecting many ransomware families can be exploited to control the malware and terminate it before it can encrypt files on compromised systems. | Ransomware Malware Vulnerability | ||
|
2022-05-04 10:00:00 | Healthcare and Education Sectors Most Susceptible to Cyber Incidents (lien direct) | ICO's data revealed a signficant growth in ransomware attacks last year | Ransomware | ★★★★★ | |
|
2022-05-04 09:58:57 | An expert shows how to stop popular ransomware samples via DLL hijacking (lien direct) | A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. The security researcher John Page aka (hyp3rlinx) discovered that malware from multiple ransomware operations, including Conti, REvil, LockBit, AvosLocker, and Black Basta, are affected by flaws that could be exploited block file encryption. Page shared its findings through its […] | Ransomware Malware | ||
|
2022-05-04 04:02:00 | Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (lien direct) |
Cybersecurity often focuses on malware campaigns or the latest zero-day exploit. Surveys and reports reveal the average cost of a data breach or how much it typically costs to recover from a ransomware attack. Those are the attacks that make noise and capture attention, though. The attacks that fly under the radar are often more insidious and much more costly. |
Ransomware Data Breach Malware | ||
 |
2022-05-03 22:16:43 | Dragos ICS/OT Ransomware Analysis: Q1 2022 (lien direct) | In the fourth quarter of 2021, Dragos assessed with high confidence that ransomware would continue to disrupt OT operations into... The post Dragos ICS/OT Ransomware Analysis: Q1 2022 first appeared on Dragos. | Ransomware | ||
 |
2022-05-03 19:33:22 | New Ransomware "Black Basta" in the Wild (lien direct) | FortiGuard Labs is aware of a new ransomware variant called "Black Basta" discovered in the wild. The ransomware employs a double-extortion tactic in which it encrypts files and exfiltrates confidential information from the victim, then demands a ransom for decrypting the affected files and threatens to publicize the exfiltrated data if a ransom is not paid.Black Basta ransomware is reported to have victimized several organizations in multiple countries.Why is this Significant?This is significant because Black Basta is a new ransomware that is reported to have victimized several organizations in multiple countries.What is Black Basta ransomware?Black Basta is a new ransomware that demands ransom from the victim for decrypting victim's files it encrypted and not to release the stolen data to the public.Black Basta ransomware deletes shadow copies from the compromised machine, which prevents the victim from being able to recover any files that have been encrypted. The ransomware also replaces the desktop wallpaper with an image with a black background that has the following ransom message:Your network is encrypted by the Black Basta group.Instructions in the filereadme.txt.The ransomware then will then restart the compromised machine in safe mode with the Windows Fax service running. After the reboot, the service launches the ransomware in order to start encrypting files. Files that are encrypted by Black Basta ransomware have ".basta" file extension and also have the ransomware's own file icon. Readme.txt, also dropped by the ransomware, contains a ransom note to instruct the victim to use a specific TOR address to contact the attacker.What does the Windows Fax service have to do with this? Is it Vulnerable?The Windows Fax Service is not vulnerable. The Windows Fax service is attacked to maintain persistence and in this variant of Black Basta, it is hijacking an existing service name (in this case Windows Fax), deleting it, and spawning a new service with the same name.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against known samples of Black Basta ransomware: W32/Filecoder.OKW!tr W32/Kryptik.HPHI!trW32/Filecoder.OKT!trW32/Filecoder.OKW!tr.ransomW32/Filecoder.OKT!tr.ransomW32/Malicious_Behavior.VEX | Ransomware | ||
 |
2022-05-03 16:31:00 | Anomali Cyber Watch: Time-to-Ransom Under Four Hours, Mustang Panda Spies on Russia, Ricochet Chollima Sends Goldbackdoor to Journalists, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cyberespionage, LNK files, Malspam, North Korea, Phishing, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
A Lookback Under the TA410 Umbrella: Its Cyberespionage TTPs and Activity
(published: April 28, 2022)
ESET researchers found three different teams under China-sponsored umbrella cyberespionage group TA410, which is loosely linked to Stone Panda (APT10, Chinese Ministry of State Security). ESET named these teams FlowingFrog, JollyFrog, and LookingFrog. FlowingFrog uses the Royal Road RTF weaponizer described by Anomali in 2019. Infection has two stages: the Tendyron implant followed by a very complex FlowCloud backdoor. JollyFrog uses generic malware such as PlugX and QuasarRAT. LookingFrog’s infection stages feature the X4 backdoor followed by the LookBack backdoor. Besides using different backdoors and exiting from IP addresses located in three different districts, the three teams use similar tools and similar tactics, techniques, and procedures (TTPs).
Analyst Comment: Organizations should keep their web-facing applications such as Microsoft Exchange or SharePoint secured and updated. Educate your employees on handling suspected spearphishing attempts. Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Native API - T1106 | [MITRE ATT&CK] Shared Modules - T1129 | [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Inter-Process Communication - T1559 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Create or Modify System Process - T1543 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Rootkit - T1014 | [MITRE ATT&CK] Process Injection - T1055 | |
Ransomware Malware Tool Vulnerability Threat Guideline Cloud | APT 37 APT 10 APT 10 | |
|
2022-05-03 13:28:07 | (Déjà vu) Webinar May 19th 2022: Live Attack Simulation - XDR vs. Modern Ransomware (lien direct) |
Throughout history, sometimes truth ends up being even stranger than fiction. Today's parade of multi-million dollar ransomware payout headlines is no exception: cybercriminals and ransomware gangs are outgunning prevention tech and response strategies. Attackers are operationalizing exploits at a record rate, targeting more organizations and are operating to reduce dwell time. |
Ransomware | ||
|
2022-05-03 12:01:23 | Internal chats of ransomware cybercriminals reveal ways to avoid becoming a victim (lien direct) | Chats analyzed by Cisco Talos show how ransomware groups determine ransom amounts and force organizations to pay but also are willing to negotiate with victims. | Ransomware | ||
 |
2022-05-03 11:22:15 | Lockbit ransomware attack cripples parts of German library service (lien direct) | One of the largest library services in Germany, EKZ Bibliotheksservice, has been impacted by a ransomware attack that has left book lovers unable to rent and borrow eBooks, audio books, and electronic magazines. Read more in my article on the Hot for Security blog. | Ransomware | ||
|
2022-05-03 10:24:15 | Michigan College Cancels Classes After Ransomware Attack (lien direct) | A Michigan community college has cancelled classes indefinitely following a ransomware attack over the weekend. | Ransomware | ||
|
2022-05-03 05:01:53 | Experts Analyze Conti and Hive Ransomware Gangs Chats With Their Victims (lien direct) | An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques. In one exchange, the Conti Team is said to have significantly reduced the ransom demand from a staggering $50 million to $1 million, a 98% drop, suggesting a | Ransomware | ★★★ | |
 |
2022-05-03 05:00:00 | Conti and Hive ransomware operations: What we learned from these groups\' victim chats (lien direct) | As part of Cisco Talos' continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few years, with... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Ransomware | ||
|
2022-05-02 22:50:32 | AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection (lien direct) | Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. "This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys)," Trend | Ransomware | ||
|
2022-05-02 18:35:55 | (Déjà vu) Webinar May 12th 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2022-05-02 14:30:49 | The mystery behind the samples of the new REvil ransomware operation (lien direct) | The REvil ransomware gang has resumed its operations, experts found a new encryptor and a new attack infrastructure. The REvil ransomware operation shut down in October 2021, in January the Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string of attacks against large organizations, such as Kaseya and JBS […] | Ransomware | ||
|
2022-05-02 13:13:15 | New Black Basta Ransomware Possibly Linked to Conti Group (lien direct) | 
A new ransomware operation named Black Basta has targeted at least a dozen companies and some researchers believe there may be a connection to the notorious Conti group.
|
Ransomware | ||
 |
2022-05-02 09:54:14 | New Black Basta Ransomware Hijacks Windows Fax Service (lien direct) |
|
Ransomware | ||
 |
2022-05-02 00:00:00 | AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell (lien direct) | We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions. | Ransomware | ||
|
2022-04-29 15:56:59 | Ransomware costs show prevention is better than the cure (lien direct) | If you are worried about the financial hit of paying a ransom to cybercriminals, wait until you find out the true cost of a ransomware attack. Read more in my article on the Tripwire State of Security blog. | Ransomware | ||
|
2022-04-28 22:05:02 | 75% of SMBs Would Only Survive Seven Days or less from a Ransomware Attack (lien direct) |
With ransomware attacks on the increase, new data shows a material portion of small and medium business organizations are completely ill-equipped to address an attack. |
Ransomware | ||
|
2022-04-28 21:53:58 | Experts Insight On Coca Cola Potential Breach (lien direct) | Following the news that: Coca Cola Investigates Potential Data Breach Coca Cola is investigating reports of data breach after claim Stormous ransomware group stole data | Daily Mail Online Security experts commented below. | Ransomware Data Breach | ||
|
2022-04-28 19:25:08 | [EYE OPENER] The Ransom Payment is Only 15% of The Total Cost of Ransomware Attacks (lien direct) |
![[EYE OPENER] The Ransom Payment is Only 15% of The Total Cost of Ransomware Attacks](https://blog.knowbe4.com/hubfs/Cyber%20Attacks%20Up%20125%25%20Ransomware%20Tops%20List.jpg)
As the number of ransomware attacks has increased 24% over the previous year, security researchers estimate the total associated attack costs to be just over 7 times higher. |
Ransomware | ||
|
2022-04-28 13:31:16 | Study: 90% of organizations say ransomware impacted their ability to operate (lien direct) | Among private sector companies, 86% of those surveyed by Sophos said that a ransomware attack caused them to lose business or revenue. | Ransomware | ||
 |
2022-04-28 13:18:25 | S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast] (lien direct) | Latest episode - listen now! | Ransomware | ||
|
2022-04-28 11:21:35 | Ransoms only make up 15% of ransomware costs (lien direct) | Researchers at Check Point have revealed that the collateral damage of ransomware attacks make up costs roughly seven times higher than the ransom demanded by threat actors. The costs include financial implications caused by incident response efforts, system restoration, legal fees, monitoring costs and the overall impact of business disruption. Ransomware attacks are an increasingly popular […] | Ransomware Threat | ||
|
2022-04-27 15:22:43 | Ransomware Survey 2022 – like the Curate\'s Egg, “good in parts” (lien direct) | You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look! | Ransomware | ||
 |
2022-04-27 14:30:00 | Putting Your SOC in the Hot Seat (lien direct) | Today’s Security Operations Centers (SOCs) are being stress-tested as never before. As the heart of any organization’s cybersecurity apparatus, SOCs are the first line of defense, running 24/7 operations to watch for alerts of attacks and appropriately address those alerts before they become all-out crises. Yet with ransomware attacks maintaining first place as the top […] | Ransomware | ||
|
2022-04-27 10:55:00 | State of Ransomware Report 2022: 66% Organizations Hit in 2021 (lien direct) | Around two-thirds (66%) of organizations were hit by a ransomware attack in 2021, surging from 37% in 2020 | Ransomware | ||
|
2022-04-27 10:12:23 | Hackers claim to have breached Coca Cola (lien direct) | The group behind Stormous ransomware has announced the sale of almost 161GB of data allegedly belonging to Coca Cola. The data up for sale includes passwords, financial data and account details. The group is asking for 1.6467000 Bitcoin, or $ 64,396.67 for the data. The announcement follows Stormous publishing a poll in which the group […] | Ransomware | ||
|
2022-04-27 09:30:00 | Coca-Cola Investigates Data Breach Claim (lien direct) | Ransomware group Stormous claims it has stolen 161GB of data from the soft drinks giant | Ransomware Data Breach | ||
|
2022-04-27 07:15:07 | Conti ransomware operations surge despite the recent leak (lien direct) | Conti ransomware gang continues to target organizations worldwide despite the massive data leak has shed light on its operations. Researchers from Secureworks state that the Conti ransomware gang, tracked as a Russia-based threat actor Gold Ulrick, continues to operate despite the recent data leak on its internal activities. The group’s activity returned to the levels […] | Ransomware Threat |
To see everything:
Our RSS (filtrered)
