Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-09-07 14:19:11 |
REvil ransomware\'s servers mysteriously come back online (lien direct) |
The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. It is unclear if this marks their ransomware gang's return or the servers being turned on by law enforcement. [...] |
Ransomware
|
|
|
|
2021-09-07 02:28:34 |
Ransomware gang threatens to leak data if victim contacts FBI, police (lien direct) |
The Ragnar Locker ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities, like the FBI. Ragnar Locker has previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payments. [...] |
Ransomware
|
|
|
|
2021-09-06 06:00:00 |
Ransomware gangs target companies using these criteria (lien direct) |
Ransomware gangs increasingly purchase access to a victim's network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks. [...] |
Ransomware
Threat
|
|
|
|
2021-09-03 16:17:10 |
The Week in Ransomware - September 3rd 2021 - Targeting Exchange (lien direct) |
Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks. [...] |
Ransomware
Threat
|
|
|
|
2021-09-03 11:22:01 |
Babuk ransomware\'s full source code leaked on hacker forum (lien direct) |
A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum. [...] |
Ransomware
Threat
|
|
|
|
2021-09-03 09:21:32 |
Conti ransomware now hacking Exchange servers with ProxyShell exploits (lien direct) |
The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. [...] |
Ransomware
Vulnerability
|
|
|
|
2021-09-02 17:10:45 |
Translated Conti ransomware playbook gives insight into attacks (lien direct) |
Almost a month after a disgruntled Conti affiliate leaked the gang's attack playbook, security researchers shared a translated variant that clarifies on any misinterpretation caused by automated translation. [...] |
Ransomware
|
|
★★
|
|
2021-09-02 13:52:55 |
FBI warns of ransomware gangs targeting food, agriculture orgs (lien direct) |
The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain. [...] |
Ransomware
|
|
|
|
2021-08-31 13:52:41 |
FBI, CISA: Ransomware attack risk increases on holidays, weekends (lien direct) |
The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays to released a joint cybersecurity advisory issued earlier today. [...] |
Ransomware
|
|
|
|
2021-08-26 18:36:35 |
Ragnarok ransomware releases master decryptor after shutdown (lien direct) |
Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware. [...] |
Ransomware
|
|
|
|
2021-08-26 14:28:38 |
FBI shares technical details for Hive ransomware (lien direct) |
The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. [...] |
Ransomware
|
|
|
|
2021-08-24 14:16:16 |
Ransomware gang\'s script shows exactly the files they\'re after (lien direct) |
A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack. [...] |
Ransomware
|
|
|
|
2021-08-23 18:17:49 |
FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020 (lien direct) |
The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. [...] |
Ransomware
Threat
|
|
|
|
2021-08-23 12:16:54 |
Nokia subsidiary discloses data breach after Conti ransomware attack (lien direct) |
SAC Wireless, a US-based and independently-operating Nokia company subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. [...] |
Ransomware
Data Breach
|
|
|
|
2021-08-21 11:05:27 |
(Déjà vu) Microsoft Exchange servers being hacked by new LockFile ransomware (lien direct) |
A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. [...] |
Ransomware
|
|
|
|
2021-08-21 11:05:27 |
LockFile ransomware attacks Microsoft Exchange with ProxyShell exploits (lien direct) |
A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. [...] |
Ransomware
|
|
|
|
2021-08-20 18:42:24 |
The Week in Ransomware - August 20th 2021 - Exploiting Windows (lien direct) |
Ransomware gangs continue to attack schools, companies, and even hospitals worldwide with little sign of letting up. Below we have tracked some of the ransomware stories that we are following this week. [...] |
Ransomware
|
|
|
|
2021-08-20 15:07:51 |
LockFile ransomware uses PetitPotam attack to hijack Windows domains (lien direct) |
At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. [...] |
Ransomware
Threat
|
|
|
|
2021-08-20 14:02:45 |
SynAck ransomware decryptor lets victims recover files for free (lien direct) |
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. [...] |
Ransomware
|
|
|
|
2021-08-19 15:32:48 |
CEO tried funding his startup by asking insiders to deploy ransomware (lien direct) |
Likely inspired by the LockBit ransomware gang, a Nigerian threat actor tried their luck with a $1 million payment lure to recruit an insider to detonate a ransomware payload on the company servers. [...] |
Ransomware
Threat
|
|
|
|
2021-08-19 08:00:00 |
CISA shares guidance on how to prevent ransomware data breaches (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. [...] |
Ransomware
|
|
|
|
2021-08-18 09:55:32 |
Japanese insurer Tokio Marine discloses ransomware attack (lien direct) |
Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. [...] |
Ransomware
|
|
|
|
2021-08-18 07:52:00 |
Diavol ransomware sample shows stronger connection to TrickBot gang (lien direct) |
A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware. [...] |
Ransomware
|
|
|
|
2021-08-17 15:27:54 |
Conti ransomware prioritizes revenue and cyberinsurance data theft (lien direct) |
Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software seek out cyber insurance policies. [...] |
Ransomware
|
|
|
|
2021-08-17 09:36:53 |
Brazilian government discloses National Treasury ransomware attack (lien direct) |
The Brazilian Ministry of Economy has disclosed a ransomware attack that hit some of its computing systems on Friday night, right before the start of the weekend. [...] |
Ransomware
|
|
|
|
2021-08-16 19:06:36 |
Hive ransomware attacks Memorial Health System, steals patient data (lien direct) |
In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. [...] |
Ransomware
|
|
|
|
2021-08-16 07:23:27 |
Colonial Pipeline reports data breach after May ransomware attack (lien direct) |
Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. [...] |
Ransomware
Data Breach
|
|
|
|
2021-08-13 16:00:51 |
The Week in Ransomware - August 13th 2021 - The rise of LockBit (lien direct) |
This week we saw an existing operation rise in attacks while existing ransomware operations turn to Windows vulnerabilities to elevate their privileges. [...] |
Ransomware
|
|
|
|
2021-08-13 11:20:23 |
SynAck ransomware releases decryption keys after El_Cometa rebrand (lien direct) |
The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group. [...] |
Ransomware
|
|
|
|
2021-08-13 05:42:22 |
Vice Society ransomware joins ongoing PrintNightmare attacks (lien direct) |
The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims' networks. [...] |
Ransomware
Vulnerability
|
|
|
|
2021-08-12 05:03:11 |
Ransomware gang uses PrintNightmare to breach Windows servers (lien direct) |
Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads. [...] |
Ransomware
|
|
|
|
2021-08-11 12:22:06 |
Accenture confirms hack after LockBit ransomware data leak threats (lien direct) |
Accenture, a global IT consultancy giant has likely been hit by a ransomware cyberattack. The ransomware group LockBit is threatening to publish data on its leak site within hours, as seen by BleepingComputer. [...] |
Ransomware
Hack
|
|
|
|
2021-08-10 15:45:12 |
Crytek confirms Egregor ransomware attack, customer data theft (lien direct) |
Game developer and publisher Crytek has confirmed that the Egregor ransomware gang breached its network in October 2020, encrypting systems and stealing files containing customers' personal info later leaked on the gang's dark web leak site. [...] |
Ransomware
|
|
|
|
2021-08-10 08:10:35 |
eCh0raix ransomware now targets both QNAP and Synology NAS devices (lien direct) |
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. [...] |
Ransomware
|
|
|
|
2021-08-09 17:22:46 |
Microsoft adds Fusion ransomware attack detection to Azure Sentinel (lien direct) |
Microsoft says that the Azure Sentinel cloud-native SIEM (Security Information and Event Management) platform is now able to detect potential ransomware activity using the Fusion machine learning model. [...] |
Ransomware
|
|
|
|
2021-08-09 09:12:17 |
Synology warns of malware infecting NAS devices with ransomware (lien direct) |
Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks. [...] |
Ransomware
Malware
|
|
|
|
2021-08-08 10:00:00 |
Australian govt warns of escalating LockBit ransomware attacks (lien direct) |
The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. [...] |
Ransomware
|
|
|
|
2021-08-06 17:16:56 |
The Week in Ransomware - August 6th 2021 - Insider threat edition (lien direct) |
If there is one thing we learned this week, it's that not only are corporations vulnerable to insider threats but so are ransomware operations. [...] |
Ransomware
Threat
|
|
|
|
2021-08-06 12:09:58 |
Computer hardware giant GIGABYTE hit by RansomEXX ransomware (lien direct) |
Taiwanese motherboard maker Gigabyte has suffered a RansomEXX ransomware attack where threat actors threaten to release 112 GB of data if a ransom is not paid. [...] |
Ransomware
Threat
|
|
|
|
2021-08-05 17:32:11 |
Linux version of BlackMatter ransomware targets VMware ESXi servers (lien direct) |
The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. [...] |
Ransomware
|
|
|
|
2021-08-05 17:05:27 |
CISA teams up with Microsoft, Google, Amazon to fight ransomware (lien direct) |
CISA has announced the launch of Joint Cyber Defense Collaborative (JCDC), a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats. [...] |
Ransomware
|
|
|
|
2021-08-05 14:29:44 |
Angry Conti ransomware affiliate leaks gang\'s attack playbook (lien direct) |
A disgruntled Conti affiliate has leaked the gang's training material when conducting attacks, including information about one of the ransomware's operators. [...] |
Ransomware
|
|
|
|
2021-08-05 09:57:04 |
(Déjà vu) Prometheus TDS: The $250 service behind recent malware attacks (lien direct) |
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks. [...] |
Ransomware
Malware
Guideline
|
|
|
|
2021-08-05 09:57:04 |
Prometheus: The $250 service behind recent malware attacks (lien direct) |
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks. [...] |
Ransomware
Malware
Guideline
|
|
|
|
2021-08-04 17:34:44 |
Energy group ERG reports minor disruptions after ransomware attack (lien direct) |
Italian energy company ERG reports "only a few minor disruptions" affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems. [...] |
Ransomware
|
|
|
|
2021-08-04 12:19:27 |
LockBit ransomware recruiting insiders to breach corporate networks (lien direct) |
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. [...] |
Ransomware
|
|
|
|
2021-08-03 14:13:49 |
RansomEXX ransomware hits Italy\'s Lazio region, affects COVID-19 site (lien direct) |
The Lazio region in Italy has suffered a RansomEXX ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal. [...] |
Ransomware
|
|
|
|
2021-07-31 15:13:53 |
DarkSide ransomware gang returns as new BlackMatter operation (lien direct) |
Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. [...] |
Ransomware
|
|
|
|
2021-07-31 11:12:41 |
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil (lien direct) |
A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations. [...] |
Ransomware
|
|
|
|
2021-07-30 19:43:44 |
The Week in Ransomware - July 30th 2021 - €1 billion saved (lien direct) |
Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands. [...] |
Ransomware
Threat
|
|
|