What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-22 13:27:55 | (Déjà vu) Expert Commentary: LockBit Ransomware Gang Attacks Entrust (lien direct) | The Lockbit Ransomware gang has taken credit for the ransomware attack on Entrust, a digital security giant. In June, Entrust began notifying customers that they suffered a cyberattack where data was stolen from internal systems. The ransomware group attacked Entrust after purchasing access to the corporate network through “network access sellers.” After further research on […] | Ransomware | ||
 |
2022-08-22 10:39:53 | LockBit ransomware blames Entrust for DDoS attacks on leak sites (lien direct) | The LockBit ransomware operation's data leak sites have been shut down over the weekend due to a DDoS attack telling them to remove Entrust's allegedly stolen data. [...] | Ransomware | ||
 |
2022-08-22 09:00:00 | Car Dealership Hit by Major Ransomware Attack (lien direct) | Holdcroft Motor Group says most systems back online now | Ransomware | ||
 |
2022-08-19 17:17:05 | BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing (lien direct) | Version 2.0 of the ransomware group's operation borrows extortion tactics from the LockBit 3.0 group. | Ransomware | ||
 |
2022-08-19 16:24:48 | Joint Cybersecurity Advisory on Zeppelin Ransomware (AA22-223A) (lien direct) | On August 11, 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory on Zeppelin ransomware. The alert provides insight into the tactics, techniques, and procedures (TTPs) along with indicators of compromise used by Zeppelin threat actors. Zeppelin has been operating since 2019 and has targeted organizations across multiple industries as well as critical infrastructure sectors.What is Zeppelin ransomware?Zeppelin is a Delphi-based ransomware and is run as a Ransomware-as-a-Service (RaaS). First reports of Zeppelin ransomware goes back as far as December 2019. Some reports suggest that Zeppelin ransomware originates from the Vegaslocker and Buran strains.According to the CISA advisory, Zeppelin ransomware's infection vectors include RDP exploitation, leveraging vulnerabilities in popular FireWall products and phishing emails. Once a threat actor compromises the victim's network, it steals sensitive information from the victim before starting the file encryption process. Zeppelin ransomware typically adds a ".zeppelin" file extension to the affected files, however other files extensions used were observed. After files are encrypted, the victim is presented with a ransom note that is typically named "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT" containing attacker's contact information (email, Jabber, ICQ or Telegram) as well as a ransom message. Zeppelin victims are threatened that encrypted files will not be recovered, and stolen information will be released to the public if the ransom is not paid.Ransom note from a recent Zeppelin ransomware sampleThe advisory also states that threat actors ran Zeppelin ransomware more than once on the compromised network in some cases, which resulted in multiple decryption keys being required for file decryption.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against known Zeppelin ransomware variants:W32/Zeppelin.FBFD!tr.ransomW32/Buran.H!tr.ransomW32/Agent.H!tr.ransomW32/Filecoder_Buran.J!tr.ransomW32/Kryptik.GOGY!trW32/Kryptik.HIMG!trW32/Kryptik.HJEK!trW32/Generic.AC.171!trW64/Agent.EQ!trW32/Neshta.EW32/CoinMiner.NBX!trW32/PossibleThreatRiskware/Application | Ransomware Threat | ★★ | |
 |
2022-08-19 14:57:16 | THREAT ALERT: Inside the Redeemer 2.0 Ransomware (lien direct) |
The Cybereason Global Security Operations Center (SOC) Team issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. In this article, the Cybereason Research team exposes Redeemer 2.0, an updated version of the original ransomware. |
Ransomware Threat | ||
 |
2022-08-19 13:08:25 | Ransomware Group Threatens to Leak Data Stolen From Security Firm Entrust (lien direct) | LockBit ransomware threat actors have taken credit for the recent attack on cybersecurity firm Entrust and they are threatening to leak the stolen files. | Ransomware Threat | ||
 |
2022-08-19 12:58:42 | Commentaire de Mandiant concernant la récompense de 10 millions de dollars accordée à CONTI par le Département d\'État (lien direct) | Suite à l'offre par le gouvernement américain d'une récompense de 10 millions de dollars en échange d'informations supplémentaires sur les membres du gang de ransomware CONTI (en nommant pour la première fois plusieurs pseudonymes du groupe et en publiant la photo de l'un des acteurs), voici les commentaires de Mandiant sur l'importance d'agir contre ces groupes de cybercriminels et les effets que cela peut avoir : John Hultquist, VP, intelligence analysis, Mandiant : " Nous sommes confrontés à une (...) - Malwares | Ransomware | ||
|
2022-08-18 19:06:42 | (Déjà vu) LockBit claims ransomware attack on security giant Entrust, leaks data (lien direct) | The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. [...] | Ransomware | ||
|
2022-08-18 19:06:42 | LockBit claims ransomware attack on security giant Entrust (lien direct) | The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. [...] | Ransomware | ||
 |
2022-08-18 15:24:11 | BlackByte ransomware v2 is out with new extortion novelties (lien direct) | >A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones. BlackByte ransomware Version 2.0 appeared in the threat landscape after a short break, the latest version has a new data leak site. It is interesting to note that the group introduced some novelties in the […] | Ransomware Threat | ★★ | |
|
2022-08-18 14:26:00 | (Déjà vu) Ransomware Roundup: Gwisin, Kriptor, Cuba, and More (lien direct) | The latest edition of the Ransomware Roundup from FortiGuard Labs covers the Gwisin, Kriptor, and Cuba ransomware. Read to learn more about protections against these variants. | Ransomware | ||
 |
2022-08-18 08:00:00 | Ukraine and the fragility of agriculture security (lien direct) |  By Joe Marshall.The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels. To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets. Where there is weakness, there is opportunityRansomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries - they are shrewd and calculating, and understand their victims' weaknesses and industries. H |
Ransomware Threat Guideline Cloud | NotPetya Uber APT 37 APT 32 APT 28 APT 10 APT 21 Guam | |
 |
2022-08-18 06:28:12 | Ransomware attack on UK water company clouded by confusion (lien direct) | Clop gang thought it hit Thames Water – but real victim was elsewhere A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim.… | Ransomware | ||
 |
2022-08-18 00:26:46 | (Déjà vu) ASEC Weekly Malware Statistics (August 8th, 2022 – August 14th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 8th, 2022 (Monday) to August 14th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.9%, followed by backdoor with 38.4%, downloader with 16.8%, ransomware with 2.2%, and CoinMiner with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.1%. It is an info-stealer that leaks... | Ransomware Malware | ||
|
2022-08-17 17:28:33 | BlackByte ransomware gang is back with new extortion tactics (lien direct) | The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. [...] | Ransomware | ||
|
2022-08-17 12:15:24 | UK Water Suppliers Hacked But Hackers Extort Wrong Victim (lien direct) | Hackers attack UK water supplier but extort wrong victim. The Clop ransomware gang claimed to have breach Thames Water supplier by accessing their SCADA systems, which would give them the ability to cause harm to 15 mill customers. However, as Clop published evidence of stolen files, the spreadsheet presented featured South Staff Water and South […] | Ransomware | ||
 |
2022-08-17 12:10:00 | New Deep Instinct partner program targets MSSPs fighting ransomware (lien direct) | Cybersecurity firm Deep Instinct has rolled out a new partner program to provide its endpoint and application protection software to managed security service providers (MSSPs), the company announced Wednesday.The Stratosphere program was initially announced in April, and designed as a simplified channel program that focuses on expected partner margins, instead of set discounts on the product. Volume-based recognition and “medallion tiers” for sales are out. Instead, the company is offering “loyalty points” for achieving a range of different sales-related goals-like creating leads, getting customers certified, or completing business plans.To read this article in full, please click here | Ransomware Guideline | ||
 |
2022-08-17 10:00:00 | A pragmatic approach to risk management & resilience (lien direct) | Cybersecurity starts with the ability to recognize your cyber risk. We will explore several topics related to taking a practical approach to managing risk and achieving cyber resilience. This is a blog series with collective thoughts from Bindu Sundaresan, Director AT&T Cybersecurity, and Nick Simmons, AVP, Cybersecurity. Cybercrime has become increasingly frequent, complex, and costly, posing a risk to all businesses regardless of size. How do you plan to respond when falling victim to a breach? Would you know who to call, how to react, or what to tell your employees, customers, and media? Could your organization absorb the potential financial and reputational impact of a lawsuit? The answer cannot be, "we store everything in the cloud, so we are good." Who owns the risk? Could your brand's image survive? What is acceptable, and how do you know your current plan will suffice? What more could your company do to understand better and manage the risk? These questions are all top of mind and need to be addressed from an overall business perspective. This blog summarizes the fundamental steps and offers suggestions to understand, manage, and respond to risk. Beyond technology, focus on risk and resilience It can be easy to deploy security technology and think you've mitigated risk to your business. Unfortunately, technology investment is no guarantee of protection against the latest threats. It is critical to take a risk-based approach to security, meaning leaders must identify and focus on specific elements of cyber risk to decrease enterprise risk. Specifically, the many components of cyber risk must be understood and prioritized for enterprise cybersecurity efforts. Organizations are increasingly aiming to shift from cybersecurity to cyber resilience, and the following recommendations can help forge this path: Understand the threats Measure the potential financial impact of cyber exposures compared to the company's risk appetite level; and Proactively manage cyber risks with clear action plans based on their capabilities and capacities to protect against cybercrime Risk-based approach Cyber resiliency requires a risk-based approach, accomplishing two critical things at once. First, it designates risk reduction as the primary goal, enabling the organization to prioritize investment, including implementation-related problem solving based squarely on a cyber program's effectiveness at reducing risk. Second, the program distills top management's risk-reduction targets into pragmatic implementation programs with precise alignment from senior executives to the front line. Following the risk-based approach, a company will no longer "build the control everywhere"; rather, the focus will be on building the appropriate controls for the worst vulnerabilities to defeat the most significant threats that target the business' most critical areas. The risk-based approach to cybersecurity is thus ultimately interactive and a dynamic tool to support strategic decision-making. Focused on business value, utilizing a common language among the interested parties, and directly linking enterprise risks to controls, the approach helps translate executive decisions about risk reduction into control implementation. The power of the risk-based approach to optimize risk reduction at any level of investment is enhanced by its flexibility, adjusting to an evolving risk-appetite strategy as needed. A risk-based approach recognizes that there are no perfect security solutions. Still, those that strategically balance security, scalability, access, usability, and cost can ultimately provide the best long-term protection against an evolving adversary. Fundamentally, risk transformation changes security strategy from an outside-in perspective, where external threats and regulations drive strategy, to an | Ransomware Data Breach Tool Vulnerability Threat Patching Guideline | ||
 |
2022-08-17 09:00:00 | Ransomwater confusion, does the criminal know who the victim is? (lien direct) | >Categories: NewsCategories: RansomwareTags: ransomware Tags: Clop Tags: Thames Water Tags: hoax Tags: South Staffs Water Tags: vital infrastructure The Clop ransomware gang made a mistake in identifying who exactly their victim was, but they got it right in the end (Read more...) | Ransomware | ||
 |
2022-08-17 07:40:23 | Ransomwares : hausse de 42 % en France (lien direct) | Un rapport sur les menaces pour le deuxième trimestre 2022 révèle une forte augmentation des attaques de ransomware dans le monde, soit 24 % de plus qu'au premier trimestre 2022. Parmi les cibles "faciles" des pirates, les cabinets d'architectures. | Ransomware | ||
|
2022-08-17 02:00:00 | Ransomware safeguards for small- to medium-sized businesses (lien direct) | The Institute for Security and Technology (IST) recently released a “Blueprint for Ransomware Defense.” The guide includes recommendations of defensive actions for small- and medium-sized businesses (SMBs) to protect against and respond to ransomware and other common cyberattacks. It focuses on the identify, protect, respond, and recover format that aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework. IST's guidelines do not include one item from the NIST framework: the detect function. The authors recommends that SMBs should work with a cybersecurity services provider for that function.To read this article in full, please click here | Ransomware | ||
|
2022-08-17 01:43:10 | (Déjà vu) ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 1st, 2022 (Monday) to August 7th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.4%, followed by backdoor with 22.6%, downloader with 20.0%, ransomware with 6.8%, banking with 2.6%, and CoinMiner with 0.5%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 25.8%. It is... | Ransomware Malware | ||
|
2022-08-16 19:08:11 | Clop Ransomware Gang Breaches Water Utility, Just Not the Right One (lien direct) | South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company. | Ransomware | ||
 |
2022-08-16 17:11:43 | BazarCall attack increasingly used by ransomware threat actors (lien direct) | Already three independent threat groups are using it to heavily target companies. | Ransomware Threat | ||
 |
2022-08-16 15:06:00 | Anomali Cyber Watch: Ransomware Module Added to SOVA Android Trojan, Bitter APT Targets Mobile Phones with Dracarys, China-Sponsored TA428 Deploys Six Backdoors at Once, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, China, Cyberespionage, India, Malspam, Ransomware, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
APT-C-35: New Windows Framework Revealed
(published: August 11, 2022)
The DoNot Team (APT-C-35) are India-sponsored actors active since at least 2016. Morphisec Labs researchers discovered a new Windows framework used by the group in its campaign targeting Pakistani government and defense departments. The attack starts with a spearphishing RTF attachment. If opened in a Microsoft Office application, it downloads a malicious remote template. After the victim enables editing (macroses) a multi-stage framework deployment starts. It includes two shellcode stages followed by main DLL that, based on victim fingerprinting, downloads a custom set of additional information-stealing modules.
Analyst Comment: The described DoNot Team framework is pretty unique in its customisation, fingerprinting, and module implementation. At the same time, the general theme of spearphishing attachment that asks the targeted user to enable editing is not new and can be mitigated by anti-phishing training and Microsoft Office settings hardening.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497 | [MITRE ATT&CK] Template Injection - T1221 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Data from Local System - T1005 | [MITRE ATT&CK] Data from Removable Media - T1025 | [MITRE ATT&CK] Data from Network Shared Drive - T1039 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Data Staged - T1074 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059
Tags: APT-C-35, DoNot Team, APT, India, source-country:IN, Government, Military, Pakistan, target-country:PK, Windows |
Ransomware Malware Tool Vulnerability Threat Guideline Medical | APT 38 | |
|
2022-08-16 14:45:00 | CISA and FBI issue alert about Zeppelin ransomware (lien direct) | >Categories: NewsCategories: RansomwareTags: Zeppelin Tags: ransomware Tags: RDP Tags: Sonicwall Tags: phishing Tags: malvertising Tags: backups Tags: authentication Tags: mfa Tags: patching Tags: EDR The FBI and CISA have issued a joint Cybersecurity Advisory (CSA) to raise awareness about Zeppelin ransomware (Read more...) | Ransomware | ||
 |
2022-08-16 14:30:01 | U.K. Water Supplier Hit with Clop Ransomware Attack (lien direct) | The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. | Ransomware | ||
|
2022-08-16 13:53:13 | Ransomware Group Claims Access to SCADA in Confusing UK Water Company Hack (lien direct) | A ransomware group has hit at least one water company in the United Kingdom, but there is some confusion over whose systems were actually breached. | Ransomware Hack | ||
 |
2022-08-16 13:34:25 | (Déjà vu) CyberheistNews Vol 12 #33 [Eye Opener] Recent Cisco Hack by Ransomware Group Started Because of a Phishing Attack (lien direct) |
|
Ransomware Hack | ||
|
2022-08-16 12:54:19 | The “Cyber Insurance Gap” Is Threatening Most Companies (lien direct) | A new study by BlackBerry and Corvus Insurance confirms a “cyber insurance gap” is growing, with a majority of businesses in North America either uninsured or underinsured against a rising tide of ransomware attacks and other cyber threats. Only 19% of all businesses surveyed have ransomware coverage limits above the median ransomware demand amount ($600,000) […] | Ransomware | ||
|
2022-08-16 12:45:07 | (Déjà vu) Argentina\'s Judiciary Of Córdoba Hit By PLAY Ransomware Attack (lien direct) | In response to reports that Argentina’s Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack at the hands. of the new ‘Play’ ransomware operation, cyber security experts reacted below. | Ransomware | ||
|
2022-08-15 20:06:24 | Argentina\'s Judiciary of Córdoba hit by PLAY ransomware attack (lien direct) | Argentina's Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new 'Play' ransomware operation. [...] | Ransomware | ||
|
2022-08-15 17:33:24 | Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace (lien direct) | The top ransomware gangs have become so relentless that it's not unusual for two or more of them to attack the same company within a few days – or even a few hours. Related: How ‘IABs’ foster ransomware And if … (more…) | Ransomware | ||
|
2022-08-15 15:22:28 | SOVA Android malware now also encrypts victims\' files (lien direct) | Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time. The latest version of the […] | Ransomware Malware | ||
|
2022-08-15 15:12:41 | Cisco Confirms Hack: Yanluowang Ransom Gang Claims 2.8GB Of Data (lien direct) | Talos Intelligence Group confirmed that Cisco had been hacked by the Yanluowang ransomware group. The confirmation in a Talos blog posting, stated Cisco first learned of the compromise on May 24. Excerpts follow: On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been […] | Ransomware | ||
|
2022-08-15 14:46:50 | NHS IT Supplier Held To Ransom By Hackers (lien direct) | Following news that a cyber-attack on a major IT provider of the NHS, Advanced, has been confirmed as a ransomware attack (NHS IT supplier held to ransom by hackers – BBC News), Information Security Experts explains further about attacks on healthcare providers. | Ransomware | ||
 |
2022-08-15 12:00:45 | (Déjà vu) IT threat evolution in Q2 2022. Mobile statistics (lien direct) | In Q2 2022, we detected 405,684 mobile malware installation packages, of which 55,614 packages were related to mobile banking trojans, and 3,821 packages were mobile ransomware trojans. | Ransomware Malware Threat | ||
|
2022-08-15 12:00:34 | IT threat evolution Q2 2022 (lien direct) | ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families. | Ransomware Threat | ||
 |
2022-08-15 09:27:31 | Credential Theft Is (Still) A Top Attack Method (lien direct) | Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals. The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations | Ransomware | ||
|
2022-08-14 06:52:55 | CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks (lien direct) | >The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The Zeppelin ransomware first appeared on the threat landscape in November 2019 […] | Ransomware Threat | ||
|
2022-08-13 10:12:06 | SOVA malware adds ransomware feature to encrypt Android devices (lien direct) | The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices. [...] | Ransomware Malware | ★★★ | |
|
2022-08-12 22:00:00 | Cybercriminals Weaponizing Ransomware Data For BEC Attacks (lien direct) | Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks. | Ransomware Threat | ||
|
2022-08-12 19:30:13 | US reveals \'Target\' pic of Conti man with $10m reward offer (lien direct) | Fashion Police chipping in on the bounty related to costliest strain of ransomware on record The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew.… | Ransomware | ||
|
2022-08-12 18:20:38 | Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics (lien direct) | The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities. | Ransomware Malware | ||
|
2022-08-12 14:58:10 | Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan (lien direct) | Unusually, SOVA, which targets US users, now allows lateral movement for deeper data access. Version 5 adds an encryption capability. | Ransomware | ★★★ | |
|
2022-08-12 13:06:23 | Emergency services call-handling provider: Ransomware forced it to pull servers offline (lien direct) | Advanced's infrastructure still down and out, recovery to take weeks or more Advanced, the MSP forced to shut down some of its servers last week after identifying an "issue" with its infrastructure hosting products, has confirmed a ransomware attack and says recovery will be in the order of weeks.… | Ransomware | ||
|
2022-08-12 10:30:00 | US Unmasks Suspected Conti Ransomware Actor (lien direct) | State Department offers $10m reward for info on notorious group | Ransomware | ||
 |
2022-08-12 10:14:24 | Recovery From NHS Attack Could Take Weeks (lien direct) | Last week, Advanced, a key NHS IT partner was hit by a ransomware attack. The IT company has said that it could take three to four weeks for systems to resume normal service. Advanced runs several key systems within the health service. One of its most important clients is the NHS 111 service. The UK […] | Ransomware | ||
|
2022-08-12 09:30:00 | Zeppelin Ransomware Victims May Need Multiple Decryption Keys (lien direct) | CISA issues new alert about RaaS variant | Ransomware |
To see everything:
Our RSS (filtrered)
