What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-07 19:29:00 | Anomali Cyber Watch: FIN7 Using Windows 11 To Spread JavaScript Backdoor, Babuk Source Code Leaked, Feds Warn Of Ransomware Attacks Ahead Of Labor Day and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Babuk, Cryptocurrency, Data breach, FIN7, Proxyware, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
(published: September 3, 2021)
Researchers from the Anomali Threat Research team have identified six Windows 11 themed malicious Word documents, likely being used by the threat actor FIN7 as part of phishing or spearphishing attacks. The documents, dating from late June/early July 2021, contain malicious macros that are used to drop a Javascript backdoor, following TTPs to previous FIN7 campaigns. FIN7 are a prolific Eastern European cybercrime group, believed to be responsible for stealing over 15 million card records in the US alone. Despite several high profile arrests, activity like this illustrates they are more than capable of continuing to target victims.
Analyst Comment: Threat actors are always adapting to the security environment to remain effective. New techniques can still be spotted with behavioural analysis defenses and social engineering training. Ensure that your company's firewall blocks all entry points for unauthorized users, and maintain records of how normal traffic appears on your network. Therefore, it will be easier to spot unusual traffic and connections to and from your network to potentially identify malicious activity. Furthermore, ensure that your employees are educated about the risks of opening attachments, particularly from unknown senders and any attachment that requests macros be enabled.
MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497 | [MITRE ATT&CK] Account Discovery - T1087
Tags: FIN7, phishing, spearphishing, maldoc, Windows 11, carding POS, javascript, backdoor, CIS
Feds Warn of Ransomware Attacks Ahead of Labor Day
(published: September 1, 2021)
The FBI and CISA put out a joint cybersecurity advisory Tuesday noting that ransomware actors often ambush organizations on holidays and weekends when offices are normally closed, making the upcoming three-day weekend a prime opportunity for threat activity. Often during holiday weekends, IT departments are staffed by skeleton crews, limiting their ability to respond and remediate to incidents. Holidays can also present tempting lures for phishing attacks. While the agencies haven' |
Ransomware Malware Tool Vulnerability Threat Guideline | ||
 |
2021-09-07 17:09:00 | Cyber-Attack on Washington DC University (lien direct) | Classes cancelled at Howard University as suspected ransomware attack is investigated | Ransomware | ||
 |
2021-09-07 14:19:11 | REvil ransomware\'s servers mysteriously come back online (lien direct) | The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. It is unclear if this marks their ransomware gang's return or the servers being turned on by law enforcement. [...] | Ransomware | ||
 |
2021-09-07 12:01:33 | If you contact the police, we *will* leak your data – warns Ragnar Locker ransomware gang (lien direct) | The Ragnar Locker group, a gang of cybercriminals behind a series of costly ransomware attacks against companies, has warned victims that they should not seek the assistance of law enforcement agencies. | Ransomware | ||
 |
2021-09-07 09:13:41 | Ragnar Locker gang threatens to leak data if victim contacts law enforcement (lien direct) | The Ragnar Locker ransomware operators threaten to leak stolen data if the victims attempt to contact law enforcement agencies. The Ragnar Locker ransomware gang is adopting a new technique to force victims to pay the ransom, the operators threaten to leak stolen data if the victims contact law enforcement agencies. The group announced its new […] | Ransomware | ||
|
2021-09-07 02:28:34 | Ransomware gang threatens to leak data if victim contacts FBI, police (lien direct) | The Ragnar Locker ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities, like the FBI. Ragnar Locker has previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payments. [...] | Ransomware | ||
|
2021-09-06 16:40:00 | Ireland\'s Gardai Clamps Down on HSE Cyber-Attackers (lien direct) | The seizure of the websites had “directly prevented” other ransomware attacks globally | Ransomware | ||
 |
2021-09-06 12:04:29 | FBI Warns Ransomware Attack Could Disrupt Food Supply Chain (lien direct) | Ransomware attack on U.S. farm incurred $9 million in losses | Ransomware | ||
 |
2021-09-06 10:27:12 | Irish Gardai clamp down on cyber gang that attacked HSE (lien direct) | Gardaí have seized cyber infrastructure used by the cyber gang involved in the HSE cyber attack earlier this year. The operation is believed to have prevented more than 750 ransomware attacks, the Irish Times has reported. The Garda-led operation targeted websites, domain names and servers used in the attacks, has been led by An Garda […] | Ransomware | ||
 |
2021-09-06 10:18:58 | This is the perfect ransomware victim, according to cybercriminals (lien direct) | An investigation into what ransomware groups want has painted the picture of the perfect target. | Ransomware | ||
|
2021-09-06 06:00:00 | Ransomware gangs target companies using these criteria (lien direct) | Ransomware gangs increasingly purchase access to a victim's network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks. [...] | Ransomware Threat | ||
|
2021-09-05 20:13:29 | Pacific City Bank hit by AVOS Locker Ransomware (lien direct) | Pacific City Bank was hit by AVOS Locker Ransomware operators, the gang claims to have stolen sensitive file from the company and threatens to leak it. Pacific City Bank is an American community bank that focuses on the Korean-American community based in California and offers commercial banking services The bank was hit by AVOS Locker […] | Ransomware | ||
 |
2021-09-05 11:00:47 | (Déjà vu) Why ransomware hackers love a holiday weekend (lien direct) | Looking forward to Labor Day? So are ruthless gangs of cybercriminals. | Ransomware | ||
|
2021-09-04 11:26:46 | (Déjà vu) Source code for the Babuk is available on a hacking forum (lien direct) | The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. The Babuk Locker operators halted their operations at the end of April after the attack against the Washington, DC police department. Experts believe that […] | Ransomware Threat | ||
|
2021-09-03 16:17:10 | The Week in Ransomware - September 3rd 2021 - Targeting Exchange (lien direct) | Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks. [...] | Ransomware Threat | ||
 |
2021-09-03 16:05:00 | Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight (lien direct) | Ransomware actors are specializing, collaborating and assisting each other to conduct sophisticated attacks that are becoming increasingly difficult to prevent. Combating these groups effectively similarly requires a team approach — specialization, understanding tactics and techniques and how to counter them and cutting off activity at its source. Arguably, it has never been more imperative that […] | Ransomware | ||
|
2021-09-03 11:22:01 | Babuk ransomware\'s full source code leaked on hacker forum (lien direct) | A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum. [...] | Ransomware Threat | ||
 |
2021-09-03 11:00:00 | Why Ransomware Hackers Love a Holiday Weekend (lien direct) | Looking forward to Labor Day? So are ruthless gangs of cybercriminals. | Ransomware | ||
|
2021-09-03 10:29:17 | FBI warns of ransomware attacks targeting the food and agriculture sector (lien direct) | FBI warns ransomware gangs are actively targeting organizations in the food and agriculture sector. The FBI Cyber Division issued a Private Industry Notification (PIN) to warn of ransomware attacks targeting the Food and Agriculture sector disrupting its operations, causing financial loss and negatively impacting the overall food supply chain. Small farms, large producers, processors and […] | Ransomware | ||
|
2021-09-03 10:15:00 | Tech CEOs: Multi-Factor Authentication Can Prevent 90% of Attacks (lien direct) | White House issues best practices for ransomware protection | Ransomware | ||
|
2021-09-03 09:21:32 | Conti ransomware now hacking Exchange servers with ProxyShell exploits (lien direct) | The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. [...] | Ransomware Vulnerability | ||
|
2021-09-03 08:15:00 | FBI Warns Food and Agriculture Firms of Ransomware Threat (lien direct) | IoT and OT systems have expanded the attack surface | Ransomware Threat | ||
|
2021-09-02 19:34:00 | Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor (lien direct) | Authored by: Gage Mele, Tara Gould, Rory Gould, and Sean Townsend Key Findings Anomali Threat Research discovered six malicious Windows 11 Alpha-themed Word documents with Visual Basic macros being used to drop JavaScript payloads, including a Javascript backdoor. While we cannot conclusively identify the attack vector for this activity, our analysis. strongly suggests the attack vector was an email phishing or spearphishing campaign. We assess with moderate confidence that the financially motivated threat group FIN7 is responsible for this campaign. Based on the file names observed in this campaign, the activity likely took place around late-June to late-July 2021. Overview Anomali Threat Research conducted analysis on malicious Microsoft Word document (.doc) files themed after Windows 11 Alpha and assess with moderate confidence that these Word documents were part of a campaign conducted by the threat group FIN7. The group’s goal appears to have been to deliver a variation of a JavaScript backdoor used by FIN7 since at least 2018.[1] FIN7 FIN7 is an Eastern European threat group that has been active since at least mid-2015. They primarily target United States (US)-based companies across various industries but also operate on a global scale. The group is one of the world’s most notorious cybercrime groups and has been credited with the theft of over 15 million payment card records that cost organizations around the world approximately one billion dollars (USD) in losses.[2] In the US alone, the group has targeted over 100 companies and compromised the networks of organizations in 47 states and the District of Columbia.[3] While FIN7’s primary objective is to directly steal financial information, such as credit and debit card data, they will also steal sensitive information to sell on underground marketplaces. There has been a concerted attempt by law enforcement to tackle the group, including the arrest of three members arrested August 2018 and a high-level organizer in April 2021.[4] Despite these personnel losses and media attention, the group has continued a steady stream of documented activity since at least 2015.[5] In early 2021, FIN7 was identified as gaining illicit access to a law firm’s network by using a fake legal complaint themed around Brown-Forman Inc., the parent company of Jack Daniels whiskey.[6] Related Groups FIN7 is closely associated with the threat group referred to as “Carbanak,” with the two groups sharing a significant number of TTPs including the use of the Carbanak backdoor.[7] As such, news media and some intelligence vendors use the names interchangeably. To add to the confusion, different vendors will use their own naming conventions for each group that include: FIN7 - Carbon Spider (Crowdstrike), Gold Niagara (Secureworks), Calcium (Symantec) Carbanak - Carbon Spider (Crowdstrike), Anunak (Group-IB) Trend Micro released a report in April 2021 outlining the differences in TTPs between the two groups and MITRE also track the two groups separately.[8] For clarity, we will treat FIN7 and Carbanak as separate groups; the main distinction being FIN7 focuses on hospitality and retail sectors, while Carbanak targets banking institutions. Technical Analysis Word Document MD5 d60b6a8310373c9b84e6760c24185535 File name Users-Progress-072021-1.doc The infection chain began with a Microsoft Word document (.doc) containing a decoy image claiming to have been made with Windows 11 Alpha. The image asks the user to Enable Editing and Enable Content to begin the next stage of activity, as shown in Figure 1 below. | Ransomware Malware Threat | ||
|
2021-09-02 17:10:45 | Translated Conti ransomware playbook gives insight into attacks (lien direct) | Almost a month after a disgruntled Conti affiliate leaked the gang's attack playbook, security researchers shared a translated variant that clarifies on any misinterpretation caused by automated translation. [...] | Ransomware | ★★ | |
|
2021-09-02 14:00:00 | What Is a Cyber Fusion Center? (lien direct) | Drive Organization-Wide Visibility, Reduce Time to Detection, and Protect Critical Assets With a Cyber Fusion Center The continual and evolving threats to information systems are a constant battle that prompted the creation of cyber intelligence analysts who provide contextualized data, information, and intelligence to those tasked with detecting and defending against attacks. Cyber defense systems need to become more responsive to internal vulnerabilities and adapt to external threats as attack methods evolve more quickly. It is this intelligence that enables them to do so. The cyber fusion center is the hub for actionable threat intelligence. Structurally, it pulls together information and coordinates efforts across security teams; SOC, IT, physical security, fraud, etc. It also integrates multiple automation tools, collecting data from internal and external sources, curating data, and providing actionable intelligence to stakeholders to make informed decisions. Designing a Cyber Fusion Center Organizational Considerations When Creating Your Cyber Fusion Center The primary goal and advantage of having a cyber fusion center is making cybersecurity an integral part of your organization. It allows you to manage risk holistically. Keeping this in mind, processes that produce actionable intel should be modeled first before creating organizational and system structures. Acknowledging that existing systems are managed by different groups and integrating competing priorities is essential. Systems will also need to be integrated, with redundancies identified and streamlined. Finally, each organization will have its own culture that should be taken into consideration throughout this process. Teams: Is Your Cyber Fusion Center Communicating Cross-Functionally? Resilient cyber fusion centers start with a circular flow of communication with priority intelligence requirement (PIR)-driven inputs. This cyber intelligence provides the most timely and comprehensive intelligence on external threats to the security operations center (SOC) for detection, monitoring, threat hunting, and, when needed, incident response. In return, those acting on the threats can recommend adjustments to PIRs that continually improve the necessary intelligence to inform proactive threat detection and respond better. That feedback ensures that the threat intelligence team remains focused on collecting and delivering threat intelligence aligned to organizational PIRs. In addition, this flow of intelligence should be infused with relevant information from functional areas with high-risk vulnerabilities (e.g., Human Resources, Finance, Fraud, etc.). For example, a cyber intelligence team might discover a new ransomware campaign utilizing a specific tool and architecture. That intelligence is reported to the SOC with additional context of the group most likely responsible for the campaign, their other known tactics, techniques, and procedures (TTPs), and indicators of compromise (IOCs). The likelihood that the newly discovered campaign could impact the organization is based on a deeper understanding of the culprits’ motives, objectives, and previous actions. This type of intelligence empowers the SOC to prioritize response actions proactively to improve the organization’s security posture against both the immediate threat posed by the indicators of compromise (IOCs) and future threats posed by the same actor and their campaigns. Tools: Managing Your Security Stack With a Cyber Fusion Center While organizational processes are the basis for creating an effective cyber fusion center, automation tools are also essential. The risks of not automating can include missed threats, dormant threats, siloed threat intel, and unaligned intel. You can enrich global threat intelligence through associated intelligence, peer sharing, and local telemetry; this enrichment begins | Ransomware Tool Threat | ||
|
2021-09-02 13:52:55 | FBI warns of ransomware gangs targeting food, agriculture orgs (lien direct) | The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain. [...] | Ransomware | ||
 |
2021-09-02 13:36:00 | FBI and CISA warn of potential cyberattacks this holiday weekend, citing past trends (lien direct) | The Labor Day holiday could be prime time for more than just barbecues and closing the pool for the year as the open season on ransomware continues. | Ransomware | ||
 |
2021-09-02 05:02:00 | Translated: Talos\' insights from the recently leaked Conti ransomware playbook (lien direct) | By Caitlin Huey, David Liebenberg, Azim Khodjibaev, and Dmytro Korzhevin.
Executive summary
Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. Talos has a team of dedicated, native-level speakers that translated these...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware | ||
|
2021-09-01 17:49:54 | CISA, FBI Warn of Increase in Ransomware Attacks on Holidays (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that ransomware actors are deliberately launching attacks during the holidays and weekends. | Ransomware | ||
|
2021-09-01 16:00:00 | What Has Changed Since the 2017 WannaCry Ransomware Attack? (lien direct) | The cybersecurity world is still feeling the effects of the 2017 WannaCry ransomware attack today. While the majority of the damage occurred in the weeks after May 12, 2017, WannaCry ransomware attacks actually increased 53% from January 2021 to March 2021. While researching my in-depth article WannaCry: How the Widespread Ransomware Changed Cybersecurity, I learned […] | Ransomware | Wannacry Wannacry | |
 |
2021-09-01 15:55:23 | LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files (lien direct) | The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack. | Ransomware | ||
|
2021-09-01 13:27:30 | Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA (lien direct) | The FBI and CISA issued a joint cybersecurity advisory to warn organizations to remain vigilant against ransomware attacks during weekends or holidays. The FBI and CISA warn organizations to keep high their defenses against ransomware attacks during weekends or holidays. The government agencies have observed an increase in ransomware attacks occurring on holidays and weekends, […] | Ransomware | ||
|
2021-09-01 12:17:17 | Feds Warn of Ransomware Attacks Ahead of Labor Day (lien direct) | Threat actors recently have used long holiday weekends -- when many staff are taking time off -- as a prime opportunity to ambush organizations. | Ransomware Threat | ||
|
2021-09-01 10:15:00 | CISA: Plan Now to Avoid Labor Day Breach (lien direct) | Alert warns of ransomware attacks on holiday weekends | Ransomware | ||
|
2021-08-31 22:31:44 | LockFile Ransomware uses a new intermittent encryption technique (lien direct) | Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. LockFile ransomware gang started its operations last month, recently it was spotted targeting Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. The popular security expert Kevin Beaumont was one of the first researchers to report that the LockFile operators are using the […] | Ransomware | ||
|
2021-08-31 20:12:29 | Ragnarok ransomware gang shuts down, universal decryption key released (lien direct) | The notorious Ragnarok ransomware gang appears to have abruptly closed its operations and entered retirement, releasing a universal decryption key for its past victims. Read more in my article on the Hot for Security blog. | Ransomware | ||
|
2021-08-31 16:40:00 | Anomali Cyber Watch: Ransomware Group Activity, Credential Phishing with Trusted Redirects, F5 BIG-IP Bugs, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, Backdoor, FIN8, iPhone, Phishing, Vulnerabilities, and XSS . The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Current Anomali ThreatStream users can query these indicators under the "Anomali Cyber Watch" tag.
Trending Cyber News and Threat Intelligence
Widespread Credential Phishing Campaign Abuses Open Redirector Links
(published: August 26, 2021)
Microsoft has identified a phishing campaign that utilizes trusted domains combined with domain-generating algorithms and CAPTCHA portals that redirect users to malicious websites. These sites will prompt users to “re-enter” their credentials, scraping the login data. Since the initial domains are trusted, standard measures such as mousing over the link will only show the trusted site, and email filters have been allowing the traffic.
Analyst Comment: Because of the nature of these types of phishing attacks, only reset your password going through the official domain website and not through any emailed links. Be sure to check the URL address if going through a link to verify the site if asked to enter any credential information.
MITRE ATT&CK: [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Spearphishing Link - T1192 | [MITRE ATT&CK] Domain Trust Discovery - T1482
Tags: Phishing, Microsoft, North America, Anomali Cyber Watch
FIN8 Cybercrime Gang Backdoors US Orgs with New Sardonic Malware
(published: August 25, 2021)
FIN8, the financially-motivated threat group known for targeting retail, restaurant, and healthcare industries, is using a new malware variant with the end goal of stealing payment card data from POS systems. "Sardonic" is a new C++-based backdoor deployed on targets' systems likely via social engineering or spear-phishing. While the malware is still under development, its functionality includes system enumeration, code execution, persistence and DLL-loading capabilities.
Analyst Comment: Ensure that your organization is using good basic cyber security habits. It is important that organizations and their employees use strong passwords that are not easily-guessable and do not use the default administrative passwords provided because of their typically weak security. Update firewalls and antivirus software to ensure that systems can detect breaches or threats as soon as possible to reduce the severity of consequences. Educate employees on the dangers of phishing emails and teach them how to detect malicious emails. It is also recommended to encrypt any sensitive data at rest and in transit |
Ransomware Malware Tool Vulnerability Threat Guideline | ||
 |
2021-08-31 13:53:08 | Attaques de ransomware : comment protéger son entreprise (lien direct) | Une étude récente d'IDC révèle que plus d'un tiers des organisations dans le monde ont subi une attaque ou une violation par ransomware au cours des 12 derniers mois, bloquant ainsi l'accès à leurs systèmes ou données. En effet, les campagnes malveillantes se sont accélérées depuis le début de la pandémie ; du fait d'une digitalisation rapide des activités qui a engendré des vulnérabilités et d'une criticité accrue des services dans certains secteurs – notamment la santé – qui incite les organisations à payer promptement les demandes de rançons afin de maintenir leurs activités. The post Attaques de ransomware : comment protéger son entreprise first appeared on UnderNews. | Ransomware | ||
|
2021-08-31 13:52:41 | FBI, CISA: Ransomware attack risk increases on holidays, weekends (lien direct) | The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays to released a joint cybersecurity advisory issued earlier today. [...] | Ransomware | ||
 |
2021-08-31 12:01:26 | Evolving Ransomware Tactics Include Recruiting Insiders and DDoS Attacks (lien direct) |
The attention generated by the DarkSide ransomware attack against Colonial Pipeline in May has helped to reshape the ransomware threat landscape. One of the most important modifications came when the digital crime forum XSS announced that members could no longer post about ransomware topics. The Exploit forum followed suit not long after, as reported by Bleeping Computer. |
Ransomware Threat | ||
|
2021-08-31 10:42:18 | LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection (lien direct) | Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems. | Ransomware Threat | ||
 |
2021-08-31 00:00:00 | How SecOps Teams Can Combat Threats with the Fortinet Security Fabric (lien direct) | Ransomware is a growing problem for security operations teams everywhere as they face an increased volume, velocity, and sophistication of threats. Learn how security operations teams can combat threats with the Fortinet Security Fabric.
|
Ransomware | ||
|
2021-08-30 17:42:04 | Expert: Governments and businesses must come together to combat ransomware threat (lien direct) | Nations have to stop sheltering bad actors in order to stop them, expert says. | Ransomware Threat | ||
|
2021-08-30 15:14:21 | LockBit Gang to Publish 103GB of Bangkok Air Customer Data (lien direct) | The airline announced the breach on Thursday, and the ransomware gang started a countdown clock the next day. | Ransomware | ||
 |
2021-08-28 09:37:18 | LockFile Ransomware Bypasses Protection Using Intermittent File Encryption (lien direct) | A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption."
Called LockFile, the operators of the ransomware has been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only |
Ransomware Malware | ||
|
2021-08-27 15:23:36 | (Déjà vu) The FBI issued a flash alert for Hive ransomware operations (lien direct) | The Federal Bureau of Investigation (FBI) published a flash alert related to the operations of the Hive ransomware gang. The Federal Bureau of Investigation (FBI) has released a flaw alert on the Hive ransomware attacks that includes technical details and indicators of compromise associated with the operations of the gang. Recently the group hit the […] | Ransomware | ||
|
2021-08-27 14:20:06 | FBI Shares IOCs for \'Hive\' Ransomware Attacks (lien direct) | The Federal Bureau of Investigation this week published an alert to provide technical details and indicators of compromise (IOCs) for attacks employing the Hive ransomware. | Ransomware | ★★★ | |
|
2021-08-27 13:50:44 | Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor (lien direct) | The cybercriminal group, active since late 2019, has closed its doors and released the key to unlocking victims' files on its dark web portal. | Ransomware | ||
|
2021-08-27 09:37:00 | FBI Warns Businesses of New Hive Ransomware (lien direct) | Affiliate groups have already compromised 28 organizations | Ransomware | ||
|
2021-08-27 08:21:48 | Victims of Ragnarok ransomware can decrypt their files for free (lien direct) | Ragnarok ransomware operators are ceasing their operations and released the master key that can allow their victims to decrypt files for free. The Ragnarok ransomware group has been active since at least January 2020 and hit dozens of organizations worldwide. The news was reported by Bleeping Computer that also noticed that ransomware operators have replaced […] | Ransomware |
To see everything:
Our RSS (filtrered)
