What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-05 17:37:16 | Cybersecurity Risk Management In The Real World (lien direct) | New cyber risks, data breaches, attack trajectories, and undisclosed vulnerabilities emerge every year. In 2022 alone, 71% of organisations were hit by ransomware attacks, with more than 60% paying the ransom to retrieve the damaged data. One unsettling truth emerges from the present environment of cybersecurity risk management: controlling cyber risk throughout an organization is […] | Ransomware | ★★ | |
 |
2022-12-05 15:41:11 | Ransomware attack forces French hospital to transfer patients (lien direct) | The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that hit on Saturday evening. [...] | Ransomware | ★★ | |
 |
2022-12-05 14:01:54 | Kaspersky prévoit des changements dans le paysage des menaces pour les systèmes de contrôle industriel en 2023 (lien direct) | Les chercheurs de l'ICS CERT de Kaspersky ont partagé leurs prédictions concernant les évolutions et les risques concernant les systèmes de contrôle industriel auxquels les organisations doivent se préparer en 2023. Parmi ces prédictions, les experts de Kaspersky prévoient une augmentation de la surface d'attaque due à la numérisation, des activités d'initiés bénévoles et cybercriminels, des attaques de ransomware ciblant les infrastructures critiques, mais aussi des incidences techniques, économiques et géopolitiques sur les capacités de détection des menaces et l'augmentation des vulnérabilités potentielles exploitées par les agents malveillants. - Points de Vue | Ransomware Industrial | ★★★★ | |
 |
2022-12-05 10:00:58 | If one sheep leaps over the ditch… (lien direct) | In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend. | Ransomware | ★★★ | |
 |
2022-12-05 07:57:00 | The Story of a Ransomware Turning into an Accidental Wiper (lien direct) | FortiGuard Labs provides a deeper analysis of an open-source Cryptonite ransomware sample that never offers a decryption window, but instead acts as wiper malware. Read to find out more. | Ransomware | ★★ | |
 |
2022-12-05 00:18:31 | Les pirates Play payés par 16 entreprises en 15 jours ? (lien direct) | Les pirates informatiques du groupe Play Ransomware ont-ils été payés 16 fois sur 24 prises d'otages d'entreprises ?... | Ransomware | ★★ | |
|
2022-12-02 17:51:35 | The Week in Ransomware - December 2nd 2022 - Disrupting Health Care (lien direct) | This week's big news was the Colombia health system being severely disrupted by a ransomware attack on Keralty, one of the country's largest healthcare providers. [...] | Ransomware | ★★ | |
 |
2022-12-02 17:36:35 | Ransomware Attacks on Holidays and Weekends Increase and Take a Greater Toll on Organizations (lien direct) |
|
Ransomware | ★★ | |
 |
2022-12-02 15:45:58 | Cybersecurity fears are just the tip of the iceberg for CTOS (lien direct) | That CTOs should be concerned about cybersecurity and data breaches is perhaps not the biggest surprise. 2022 has seen more data breaches than ever before, and it feels like the impact of a breach is increasing too. Damage to the brand, paying ransomware costs, time and resources to address the breach, data privacy law penalties […] | Ransomware | ★★★ | |
 |
2022-12-02 13:00:00 | FBI, CISA Issue Warning on Cuba Ransomware (lien direct) |
|
Ransomware | ★★★ | |
 |
2022-12-02 10:15:00 | Cuba Ransomware Actors Pocket $60m (lien direct) | Number of US victims has doubled over the past year | Ransomware | ★★★ | |
|
2022-12-02 09:47:18 | Près de 6 entreprises françaises sur 10 effectuent leur veille de renseignement sur les menaces sur les réseaux sociaux, selon une étude Kaspersky (lien direct) | Près de 6 entreprises françaises sur 10 effectuent leur veille de renseignement sur les menaces sur les réseaux sociaux, selon une étude Kaspersky • 47% des décideurs européens et 55% des décideurs français se basent sur des articles de presse, des blogs de l'industrie et les réseaux sociaux pour se nourrir en threat intelligence (renseignement sur la menace). • 40% des dirigeants européens et jusqu'à 48,5% des dirigeants français font appel à des équipes internes pour regrouper des renseignements sur la menace et les aborder pendant les comités de direction. • Pour autant, environ 45% des dirigeants de grande entreprise, en France, trouvent que les termes basiques de cybersécurité, tels que malware, phishing et ransomware sont confus. - Points de Vue | Ransomware Threat | ★★★ | |
 |
2022-12-02 09:03:00 | Hunting and remediating BlackCat ransomware (lien direct) | >By Anish Bogati and Bibek Thapa Magar; Security Research Contents TL;DR Hunting and remediating BlackCat ransomware Fast Facts Technical Analysis Detecting BlackCat with Logpoint Investigation and response using Logpoint SOAR Recommended Mitigation Despite prevalence and sophistication, it's easy to detect BlackCat TL;DR Known by many names, including ALPHV, AlphaV, ALPHVM, and Noberus, BlackCat ransomware [...] | Ransomware | ★★★ | |
 |
2022-12-02 01:04:00 | Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities (lien direct) | The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of... | Ransomware Threat | ★★ | |
 |
2022-12-02 00:54:11 | (Déjà vu) ASEC Weekly Malware Statistics (November 21st, 2022 – November 27th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 21st, 2022 (Monday) to November 27th (Sunday). For the main category, downloader ranked top with 40.3%, followed by Infostealer with 35.8%, backdoor with 16.3%, ransomware with 7.2%, and CoinMiner with 0.4%. Top 1 – AgentTesla AgentTesla is an Infostealer that ranked first place with 17.3%. It leaks user credentials saved in web... | Ransomware Malware | ★★ | |
|
2022-12-01 18:00:00 | Hackers Target Colombia\'s Healthcare System With Ransomware (lien direct) | The attack disrupted IT operations, websites and scheduling of medical appointments | Ransomware | ★★★ | |
|
2022-12-01 15:47:53 | Mimecast comments on growing legislation (lien direct) | The geopolitical landscape is constantly changing, and a rise in Cybercriminals using geopolitical events as an opportunity to conduct a variety of cyberattacks, ransomware included, has become a worrisome trend; now the UK government think the time to act is now. Below is a comment from Jonathan Miles, Head of Strategic Intelligence and Security Research Mimecast, on how increased legislation is now expected. - Opinion | Ransomware | ★★ | |
 |
2022-12-01 11:00:27 | Is there a way for healthcare providers to prevent cyber-attacks from spreading? (lien direct) | >By Antoine Korulski, Product Marketing Manager, Infinity architecture Highlights: The Healthcare sector was the most targeted industry for ransomware during the third quarter of 2022, with one in 42 organizations impacted by ransomware. 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio, they concluded that having too many security vendors results… | Ransomware | ★★ | |
|
2022-12-01 11:00:00 | Nine Cybersecurity Predictions for 2023 (lien direct) |
In 2022, ransomware continued to reign king and became one of the most common and dangerous threats facing healthcare organizations and software supply chains. The war on Ukraine created heightened concern over zero-day threats wreaking havoc for organizations worldwide. The cyber gang Conti with Russian-linked ties managed to disrupt financial operations throughout Costa Rica, and it seems there is no end in sight to the hacking group Lapsus$, which has proven itself to be a formidable threat actor. |
Ransomware Threat | ★★★ | |
 |
2022-12-01 08:18:01 | Cyberattacks, ransomware incidents expected to rise in 2023 (lien direct) | Pas de details / No more details | Ransomware | ★★ | |
|
2022-11-30 18:25:53 | Keralty ransomware attack impacts Colombia\'s health care system (lien direct) | The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries. [...] | Ransomware | ★★ | |
|
2022-11-30 16:35:59 | RansomBoggs Ransomware Targeted Multiple Ukrainian Organizations (lien direct) | FortiGuard Labs is aware of a report that a new ransomware strain named "RansomBoggs" was deployed to multiple unnamed organizations in Ukraine. The ransomware encrypts files on compromised machines and provides attacker's contact information for victims to talk with the attacker for file recovery.Why is this Significant?This is significant because RansomBoggs is the latest ransomware that targets Ukrainian organizations. Based on the tactics, techniques, and procedures (TTPs) used in the attack, security vendor ESET attributed RansomBoggs to the Sandworm APT group who is believed to be associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation.What is RansomBoggs Ransomware?RansomBoggs ransomware encrypts files on compromised machines and adds a ".chsch" file extension to the affected files. It drops a ransom note requesting victims to get in touch with the attacker for file recovery.Currently, there is no indication that RansomBoggs ransomware has wiper functionality.What is the Status of Coverage?FortiGuard Labs provides the following AV signature for RansomBoggs ransomware:MSIL/Filecoder.A!tr.ransom | Ransomware | ★★ | |
|
2022-11-30 12:12:16 | Cyber insurance paradigm shift: Protecting the business without the \'hail mary\' remedy (lien direct) | >Ransomware attacks and their significant financial threat to organizations have contributed to a growing interest in cyber insurance policies. After all, insurance has traditionally promised to cover everything from ransom payouts to incident response and PR related to corporate image taking a hit in the wake of an attack.Ironically, this year ransomware attacks have intensified [...] | Ransomware Threat | ★★ | |
|
2022-11-30 10:00:00 | Most Small Biz IaaS Users Seeing Surge in Attacks (lien direct) | A further 67% were hit by ransomware in past year | Ransomware | ★★ | |
 |
2022-11-30 07:49:00 | South Staffs Water customer data leaked after ransomware attack (lien direct) | Pas de details / No more details | Ransomware | ★★ | |
 |
2022-11-30 02:00:00 | What is Ransom Cartel? A ransomware gang focused on reputational damage (lien direct) | Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil.To read this article in full, please click here | Ransomware Malware | ★★ | |
|
2022-11-30 01:37:55 | Domains Used for Magniber Distribution in Korea (lien direct) | On November 7th, the ASEC analysis team introduced through a blog post the Magniber ransomware which attempted MOTW (Mark of the Web) bypassing. Afterward, using the data left in Zone.Identifier, we conducted an investigation on the sources used for the distribution of Magniber. With the typosquatting method-which exploits typos-when the user accesses the wrongly entered domain, the msi file (Magniber) is downloaded after redirecting to an advertisement page. Examination of Zone.Identifier created at this stage reveals the URL from where... | Ransomware | ★★ | |
|
2022-11-29 17:57:18 | Trigona ransomware spotted in increasing attacks worldwide (lien direct) | A previously unnamed ransomware has rebranded under the name 'Trigona,' launching a new Tor negotiation site where they accept Monero as ransom payments. [...] | Ransomware | ★★ | |
|
2022-11-29 17:00:00 | PII May Have Been Stolen in Virginia County Ransomware Attack (lien direct) | A W-2 form was reportedly published on a dark web forum with stolen, sensitive data | Ransomware | ★★★ | |
 |
2022-11-29 16:00:00 | Anomali Cyber Watch: Caller-ID Spoofing Actors Arrested, Fast-Moving Qakbot Infection Deploys Black Basta Ransomware, New YARA Rules to Detect Cobalt Strike, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Caller-ID spoofing, False-flag, Phishing, Ransomware, Russia, the UK, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Voice-Scamming Site “iSpoof” Seized, 100s Arrested in Massive Crackdown
(published: November 25, 2022)
iSpoof was a threat group offering spoofing for caller phone numbers (also known as Caller ID, Calling Line Identification). iSpoof core group operated out of the UK with presence in other countries. In the 12 months until August 2022 around 10 million fraudulent calls were made globally via iSpoof. On November 24, 2022, Europol announced a joint operation involving Australia, Canada, France, Germany, Ireland, Lithuania, Netherlands, Ukraine, the UK, and the USA, that led to the arrest of 142 suspects and seizure of iSpoof websites.
Analyst Comment: Threat actors can spoof Caller ID (Calling Line Identification) similar to spoofing the “From:” header in an email. If contacted by an organization you should not confirm any details about yourself, take the caller’s details, disconnect and initiate a call back to the organization yourself using a trusted number. Legitimate organizations understand scams and fraud and do not engage in unsolicited calling.
Tags: iSpoof, Teejai Fletcher, United Kingdom, source-country:UK, Caller ID, Calling Line Identification, Voice-scamming, Social engineering
New Ransomware Attacks in Ukraine Linked to Russian Sandworm Hackers
(published: November 25, 2022)
On November 21, 2022, multiple organizations in Ukraine were targeted with new ransomware written in .NET. It was dubbed RansomBoggs by ESET researchers who attributed it to the Russia-sponsored Sandworm Team (aka Iridium, BlackEnergy). Sandworm distributed RansomBoggs from the domain controller using the same PowerShell script (PowerGap) that was seen in its previous attacks. RansomBoggs encrypts files using AES-256 in CBC mode using a randomly generated key. The key is RSA encrypted prior to storage and the encrypted files are appended with a .chsch extension.
Analyst Comment: Ransomware remains one of the most dangerous types of malware threats and even some government-sponsored groups are using it. Sandworm is a very competent actor group specializing in these forms of attack. Organizations with exposure to the military conflict in Ukraine, or considered by the Russian state to be providing support relating to the conflict, should prepare offline backups to minimize the effects of a potential data-availability-denial attack.
MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Obfuscated Files or Information - T1027
Tags: detection:RansomBoggs, detection:Filecoder.Sullivan, malware-type:Ransomware, AES-256, PowerShell, detection:PowerGap, mitre-group:Sandworm Team, actor:Iridium, Russia |
Ransomware Malware Tool Threat Guideline | ★★★★ | |
 |
2022-11-29 13:32:35 | Ransomware Gang Takes Credit for Maple Leaf Foods Hack (lien direct) | The Black Basta ransomware group has taken credit for the recently disclosed attack on Canadian meat giant Maple Leaf Foods. The cybercriminals have made public several screenshots of technical documents, financial information and other corporate files to demonstrate that they gained access to Maple Leaf Foods systems. | Ransomware Hack | ★★★ | |
|
2022-11-29 09:24:02 | Les prévisions de Tenable pour 2023 (lien direct) | Tenable présente ses prévisions pour l'année 2023. Entre désamour des ransomware au profit de l'extorsion pure et simple à la compromission programmée d'un acteur majeur du SaaS en passant par des investissements accrus dans l'OT, les dirigeants de Tenable anticipe une fois de plus une années mouvementée en matière de cybersécurité. - Points de Vue | Ransomware | ★★ | |
 |
2022-11-29 08:30:15 | Sandworm gang launches Monster ransomware attacks on Ukraine (lien direct) | The RansomBoggs campaign is the Russia-linked group's latest assault on the smaller country The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs.… | Ransomware | ★★ | |
|
2022-11-28 23:05:26 | Les pirates du Département des Alpes-Maritimes diffusent 20% des données volées (lien direct) | Les pirates du groupe Play Ransomware donnent 5 jours au Département des Alpes-Maritimes pour payer la rançon réclamée sous peine de diffuser 290gb de fichiers voler. Les hackers malveillants ont déjà diffusé des milliers de fichiers exfiltrés. Même sanction pour deux filiales IKEA.... | Ransomware | ★★ | |
|
2022-11-28 17:45:52 | Virginia County Confirms Personal Information Stolen in Ransomware Attack (lien direct) | Southampton County in Virginia last week started informing individuals that their personal information might have been compromised in a ransomware attack. The incident was identified in September, when a threat actor accessed a server at Southampton and encrypted the data that was stored on it. | Ransomware Threat | ★★★ | |
 |
2022-11-28 15:23:40 | RansomBoggs: New ransomware targeting Ukraine (lien direct) | >ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm's fingerprints all over it | Ransomware | ★★ | |
 |
2022-11-28 14:00:00 | Worms of Wisdom: How WannaCry Shapes Cybersecurity Today (lien direct) | >WannaCry wasn’t a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry “ransomworm” hit networks in 2017, it expanded […] | Ransomware Malware | Wannacry Wannacry | ★★ |
|
2022-11-28 10:45:00 | Belgian Police Under Fire After Major Ransomware Leak (lien direct) | Crime reports dating back 15 years are made public | Ransomware | ★★ | |
|
2022-11-28 10:10:00 | Russian Sandworm Hackers Linked to New Ransomware Blitz (lien direct) | Ukrainian targets are on the receiving end of RansomBoggs variant | Ransomware | ★★ | |
 |
2022-11-28 08:25:04 | RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia (lien direct) | >Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The security firm first detected the attacks on November 21 and immediately alerted the CERT US. The ransomware is written in […] | Ransomware | ★★ | |
|
2022-11-28 05:52:14 | LockBit Ransomware Being Mass-distributed With Similar Filenames (lien direct) | The ASEC analysis team had written about LockBit ransomware being distributed through emails over three blog posts. Through consistent monitoring, we hereby let you know that LockBit 2.0 and LockBit 3.0 are being distributed again with only a change to their filenames. Unlike the previous cases introduced in the blog where Word files or copyright claim emails were used, the recent versions are being distributed through phishing mails disguised as job applications. LockBit Ransomware Being Distributed Using Resume and Copyright-related... | Ransomware | ★★ | |
|
2022-11-28 02:00:00 | Here is why you should have Cobalt Strike detection in place (lien direct) | Google recently released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red teams that has also been adopted by many threat actors, from APT groups to ransomware gangs and other cybercriminals.Living off the land is a common tactic The abuse by attackers of system administration, forensic, or security tools that are either already installed on systems or can be easily deployed without raising suspicion has become extremely common. The use of this tactic, known as living off the land (LOTL), used to be a telltale sign of sophisticated cyberespionage groups who moved laterally through environments using manual hacking and placed great value on stealth.To read this article in full, please click here | Ransomware Threat | ★★★★ | |
|
2022-11-26 09:58:00 | Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations (lien direct) | Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is | Ransomware Malware | ★★ | |
|
2022-11-25 18:54:40 | En pause dans le Darknet depuis juin 2022, les pirates de Play sortent de l\'ombre (lien direct) | Depuis juin 2022, les pirates de Play Ransomware se promenaient de groupes en groupes, passant de Hive à Lockbit ou encore Donuts. Depuis la mi novembre ils décident de faire cavaliers seuls et affichent déjà 22 victimes dont le Conseil Départemental des Alpes-Maritimes.... | Ransomware | ★★ | |
|
2022-11-25 12:18:23 | Vice Society ransomware claims attack on Cincinnati State college (lien direct) | The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack. [...] | Ransomware Threat | ★★ | |
|
2022-11-25 00:51:25 | (Déjà vu) ASEC Weekly Malware Statistics (November 14th, 2022 – November 20th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 14th, 2022 (Monday) to November 20th (Sunday). For the main category, downloader ranked top with 53.2%, followed by backdoor with 24.1%, Infostealer with 21.1%, ransomware with 1.0%, CoinMiner with 0.4%, and banking malware with 0.2%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 30.5%. The malware is... | Ransomware Malware | ★★ | |
|
2022-11-25 00:06:13 | Wiki Ransomware Being Distributed in Korea (lien direct) | Through the AhnLab ASD infrastructure’s history of blocking suspicious ransomware behavior, the ASEC analysis team has identified the distribution of Wiki ransomware, which has been determined to be a variant of Crysis ransomware, disguised as a normal program. Before performing the actual encryption, Wiki ransomware copies itself into the %AppData% or %windir%\system32 paths and undergoes a process of increasing the infection success rate of the ransomware by adding itself to the registry (HKLM\Software\Microsoft\Windows\CurrentVersion\Run) to be registered as one of the... | Ransomware | ||
|
2022-11-24 23:58:36 | Koxic Ransomware Being Distributed in Korea (lien direct) | It has been discovered that Koxic ransomware is being distributed in Korea. It was first identified earlier this year, and recently, the team found that a file with a modified appearance and internal ransom note had been detected and blocked via the ASD infrastructure. When infected, the “.KOXIC_[random string]” extension is added to the names of the encrypted files, and a TXT file ransom note is generated in each directory. The filename of the ransom note is as follows. The... | Ransomware | ||
|
2022-11-24 21:19:37 | RansomExx Ransomware upgrades to Rust programming language (lien direct) | >RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming language. The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language. The move follows the […] | Ransomware | ||
|
2022-11-24 18:55:00 | New RansomExx Ransomware Variant Rewritten in the Rust Programming Language (lien direct) | The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will | Ransomware Threat |
To see everything:
Our RSS (filtrered)
