What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-25 10:15:01 | The Week in Ransomware - May 24th 2019 - Smacking \'Em Down With Decryptors (lien direct) | We had lots of new variants of existing ransomware and new ransomware found being distributed via malvertising campaigns and RIG exploit kit. The good news is that some of them were smacked down with decryptors! [...] | Ransomware | ||
|
2019-05-22 15:24:03 | GetCrypt Ransomware Brute Forces Credentials, Decryptor Released (lien direct) | A new ransomware called GetCrypt is being installed via the RIG exploit kit. While encrypting a computer it will try to brute force the network credentials of unmapped network shares. [...] | Ransomware | ||
|
2019-05-21 17:01:01 | JSWorm 2.0 Ransomware Decryptor Gets Your Files Back For Free (lien direct) | A decryptor for the JSWorm 2.0 Ransomware has been released by Emsisoft this week that allows victims to decrypt their files for free. If you become infected with JSWorm 2.0, do not pay the ransom and instead follow the instructions below. [...] | Ransomware | ||
|
2019-05-17 17:22:00 | The Week in Ransomware - May 17th 2019 - BTW, It\'s NOT Dead (lien direct) | This week we saw mostly new variant of existing ransomware being released and nothing particular ground breaking released. Of particular interest was a story released by ProPublica about how ransomware recovery companies just pay the ransomware developers rather than actually decrypting your files using their own in-house technology. [...] | Ransomware | ||
|
2019-05-10 17:15:02 | The Week in Ransomware - May 10th 2019 - MegaCortex, Jokeroo, and More (lien direct) | This week the biggest news was the analysis of MegaCortex by Sophos. Then we had Dharma utilizing an ESET Remover tool as a distraction while the ransomware encrypted a victim's files. Finally, we had the Jokeroo RaaS pull an exit scam. [...] | Ransomware Tool | ||
|
2019-05-09 14:24:02 | Jokeroo Ransomware as a Service Pulls an Exit Scam (lien direct) | Since May 7th, 2019, the Tor sites for the Jokeroo Ransomware as a Service (RaaS) have started displaying a notice stating that their server was seized by the Royal Thai Police in conjunction with the Dutch National Police and Europol. It turns out that this notice is fake and the RaaS is performing an exit scam. [...] | Ransomware | ||
|
2019-05-08 10:16:01 | Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims (lien direct) | A new Dharma ransomware strain is using ESET AV Remover installations as a "smoke screen" technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro. [...] | Ransomware Tool | ||
|
2019-05-07 18:45:01 | Local Authorities in Texas and Maryland Hit by Ransomware (lien direct) | The servers of Baltimore City Hall and Amarillo, TX, Potter County were hit by ransomware attacks, with the former having shut down most servers while the latter already got some of its computing systems back online. [...] | Ransomware | ||
|
2019-05-07 11:29:04 | Confluence Servers Hacked to Install Miners and Rootkits (lien direct) | After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency. [...] | Ransomware Malware | ★★★★ | |
|
2019-04-29 09:06:00 | Breaches, ID Theft & Malware: Schools At Risk From Vulnerabilities (lien direct) | K-12 educational institutions aren't fairing well either, as a U.S. school district becomes the victim of a cyberattack approximately every three days. The cyber incidents range from data breaches to phishing scams to ransomware attacks. Many of the incidents are hugely consequential, resulting in the theft of millions of taxpayer do [...] | Ransomware | ||
|
2019-04-26 18:07:04 | The Week in Ransomware - April 26th 2019 - Targeting the Enterprise (lien direct) | This week the biggest news is that MalwareHunterTeam was able to get a sample of the RobbinHood ransomware that targets the enterprise so that it could be analyzed. The other big news is that attackers are hacking into Confluence servers using a recently released vulnerability to install the GandCrab ransomware, miners, and Trojans. [...] | Ransomware Vulnerability | ||
|
2019-04-26 13:45:02 | A Closer Look at the RobbinHood Ransomware (lien direct) | The RobbinHood Ransomware is the latest player in the ransomware scene that is targeting companies and the computers on their network. This ransomware is not being distributed through spam but rather through other methods, which could include hacked remote desktop services or other Trojans that provide access to the attackers. [...] | Ransomware Spam | ||
|
2019-04-19 11:00:05 | The Week in Ransomware - April 19th 2019 - RobbinHood, Samba, and More (lien direct) | This week introduced a new ransomware player that is targeting companies called RobbinHood. This ransomware recently took down the City of Greenville's computer systems and offers two different ransom payments; a price per computer or one for the entire network. [...] | Ransomware | ||
|
2019-04-18 05:25:02 | DLL Cryptomix Ransomware Variant Installed Via Remote Desktop (lien direct) | The CryptoMix ransomware is still alive and kicking as a new variant has been spotted being spread in the wild. This new version appends the .DLL extension to encrypted files and is said to be installed through hacked remote desktop services. [...] | Ransomware | ||
|
2019-04-04 03:34:00 | New Xwo Web Scanner Helps MongoLock Ransomware Find Victims (lien direct) | Code and infrastructure from two known malware families have been observed with a new threat named Xwo, which helps operators of the MongoLock ransomware discover unprotected web services reachable over the internet. [...] | Ransomware Malware Threat | ||
|
2019-03-28 05:30:00 | UNNAM3D Ransomware Locks Files in Protected Archives, Demands Gift Cards (lien direct) | A new ransomware called Unnam3d R@nsomware is being distributed via email that will move a victim's files into password protected RAR archives. The ransomware then demands a $50 Amazon gift card code in order to get the archive password. [...] | Ransomware | ||
|
2019-03-28 03:14:03 | Ransomware Hits Garage of Canadian Domain Registration Authority (lien direct) | The parking system used by employees of the Canadian Internet Registration Authority (CIRA) went out of service after getting infected with ransomware. [...] | Ransomware | ||
|
2019-03-25 13:05:00 | Emsisoft has Released a Decryptor for the Hacked Ransomware (lien direct) | A decryptor for the Hacked Ransomware was released today by Emsisoft that allows victims to recover their files for free. This ransomware was active in 2017 and targeted English, Turkish, Spanish, and Italian users. [...] | Ransomware | ||
|
2019-03-22 18:41:05 | 70% of Ransomware Attacks Targeted SMBs, BEC Attacks Increased by 130% (lien direct) | Beazley Breach Response (BBR) Services found that 71% of ransomware attacks targeted small businesses, with an average ransom demand of $116,324 and a median of $10,310, after analyzing 3,300 incidents involving its clients in 2018 [...] | Ransomware | ||
|
2019-03-22 16:59:02 | The Week in Ransomware - March 22nd 2019 - LOCKERGOGA! (lien direct) | This week has been dominated by the news of aluminum producer Norsk Hydro being crippled by the LockerGoga Ransomware. Since then, it has been constant news coverage regarding the ransomware and more in-depth analysis. [...] | Ransomware | ||
|
2019-03-21 06:01:00 | Fake CDC Emails Warning of Flu Pandemic Push Ransomware (lien direct) | A new malspam campaign is being conducted that is pretending to be from the Centers for Disease Control and Prevention (CDC) about a new Flu pandemic. Attached to the emails are a malicious attachment that when opened will install the GandCrab v5.2 Ransomware on the target's computer. [...] | Ransomware | ||
|
2019-03-15 17:19:05 | The Week in Ransomware - March 15th 2019 - STOP, Decryptors, and More (lien direct) | This week we have seen a new decryptor released by both Emsisoft and Avast for the BigBobRoss ransomware. We also saw a lot of new variants released for existing ransomware, expecially the STOP Ransomware. [...] | Ransomware | ||
|
2019-03-12 04:30:04 | Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits (lien direct) | A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours. [...] | Ransomware | ||
|
2019-03-10 17:30:03 | STOP Ransomware Installing Password Stealing Trojans on Victims (lien direct) | In addition to encrypting a victim's files, the STOP ransomware family has also started to install the Azorult password-stealing Trojan on victim's computer to steal account credentials, cryptocurrency wallets, desktop files, and more. [...] | Ransomware | ||
|
2019-03-09 13:20:03 | Ransomware Attack on Jackson County Gets Cybercriminals $400,000 (lien direct) | A ransomware attack hit the computers of Jackson County, Georgia, reducing government activity to a crawl until officials decided to pay cybercriminals $400,000 in exchange for the file decryption key. [...] | Ransomware | ||
|
2019-03-08 15:33:03 | The Week in Ransomware - March 8th 2019 - OpJerusalem, Jokeroo, and More (lien direct) | This week we had some interesting stories, with the two biggest being an alleged new Ransomware-as-a-Service called Jokeroo and the #OpJerusalem attack conducted against Israeli sites. [...] | Ransomware | ||
|
2019-03-05 04:30:00 | CryptoMix Clop Ransomware Says It\'s Targeting Networks, Not Computers (lien direct) | A new CryptoMix Ransomware variant has been discovered that appends the .CLOP or .CIOP extension to encrypted files. Of particular interest, is that this variant is now indicating that the attackers are targeting entire networks rather than individual computers. [...] | Ransomware | ★★★ | |
|
2019-03-04 16:48:02 | #OpJerusalem Targeted Israeli Windows Users with JCry Ransomware (lien direct) | Over the weekend, hundreds of popular Israeli sites were targeted by an attack called #OpJerusalem whose goal was to infect Windows users with the JCry ransomware. Thankfully, a mistake in the attacker's code caused the page to show a defacement rather than causing the ransomware to be distributed. [...] | Ransomware | ||
|
2019-03-02 13:56:03 | Ransomware Pretends to Be Proton Security Team Securing Data From Hackers (lien direct) | A recent variant of the GarrantyDecrypt ransomware has been found that pretends to be from the security team for Proton Technologies, the company behind ProtonMail and ProtonVPN. [...] | Ransomware | ||
|
2019-03-01 18:45:01 | The Week in Ransomware - March 1st 2019 - Cr1ptT0r, B0r0nt0K, and More (lien direct) | Over the past two weeks, there has been some interesting ransomware news regarding a new GandCrab decryptor and two new ransomware infections. [...] | Ransomware | ||
|
2019-02-24 15:02:01 | B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers (lien direct) | A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows. [...] | Ransomware | ||
|
2019-02-22 06:18:05 | (Déjà vu) Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems (lien direct) | A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it. [...] | Ransomware | ||
|
2019-02-22 06:18:05 | (Déjà vu) Cr1ptT0r Ransomware Targets Embedded Systems, Infects D-Link NAS Gear (lien direct) | A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it. [...] | Ransomware | ||
|
2019-02-21 06:39:01 | GandCrab Ransomware Affiliates Continue to Push Decryptable Versions (lien direct) | GandCrab Ransomware affiliates are doing their victims a favor by screwing up and distributing a version of the ransomware that can be decrypted for free. [...] | Ransomware | ||
|
2019-02-20 13:13:03 | Formjacking Surpasses Ransomware and Cryptojacking as Top Threat of 2018 (lien direct) | A new year in review report from Symantec shows that formjacking accompanied by supply chain attacks were the fastest growing threats of 2018, while living-off-the-land (LotL) attacks saw a large boost in adoption from threat actors, with PowerShell scripts usage, for example, seeing a formidable 1000% increase. [...] | Ransomware Threat | ||
|
2019-02-16 10:30:04 | The Week in Ransomware - February 15th 2019 - Attack on MSPs (lien direct) | It has been a really dead week with ransomware, which we are always happy to see. Not much new variants released, other than the standard ones such as Matrix and Dharma. The biggest news this week has been GandCrab affiliates targeting vulnerabilities in MSP software that allows them to infect all the clients they manage. [...] | Ransomware | ||
|
2019-02-14 11:53:01 | Ransomware Attacks Target MSPs to Mass-Infect Customers (lien direct) | Ransomware distributors have started to target managed service providers (MSPs) in order to mass-infect all of their clients in a single attack. Recent reports indicate that multiple MSPs have been hacked recently, which has led to hundreds, if not thousands, of clients being infected with the GandCrab Ransomware. [...] | Ransomware | ||
|
2019-02-08 15:35:00 | The Week in Ransomware - February 8th 2019 - Shady Data Recovery Companies (lien direct) | This week was mostly filled with new variants of existing ransomware such as STOP, Dharma, and Jigsaw ransomware. We did though have some interesting news, such as a ransomware downloader being created from the pixels of images and shady data recovery companies partnering with GandCrab to make extra profits. [...] | Ransomware | ||
|
2019-02-08 13:14:01 | Mail Attachment Builds Ransomware Downloader from Super Mario Image (lien direct) | A malicious spreadsheet has been discovered that builds a PowerShell command from individual pixels in a downloaded image of Mario from Super Mario Bros. When executed, this command will download and install malware such as the GandCrab Ransomware and other malware. [...] | Ransomware | ||
|
2019-02-01 16:17:03 | The Week in Ransomware - February 1st 2019 - LockerGoga, MalSpam, and More (lien direct) | The biggest ransomware news this week is the cyber attack on Altran that was supposedly hit by the LockerGoga Ransomware. In addition, huge malspam campaigns were pushing Troldesh on Russia and GandCrab on Japanese victims. [...] | Ransomware | ||
|
2019-01-30 03:03:00 | New LockerGoga Ransomware Allegedly Used in Altran Attack (lien direct) | Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and its assets, Altran decided to shut down its network and applications. [...] | Ransomware Malware | ||
|
2019-01-29 18:00:02 | Theoretical Ransomware Attack Could Lead to Global Damages Says Report (lien direct) | According to a speculative cyber risk scenario prepared by Cambridge University for risk management purposes, a ransomware strain that would manage to impact more than 600,000 businesses worldwide within 24 hours would potentially lead to damages of billions not covered by insurers [...] | Ransomware Guideline | ||
|
2019-01-25 15:57:03 | The Week in Ransomware - January 25th 2019 - STOP Won\'t Stop! (lien direct) | This week we see STOP Ransomware becoming the most widespread ransomware targeting consumers and the enterprise that we have seen in a long time. This is due to a constant stream of variants being released, with a large amount of victims being infected through adware bundles promoted through crack sites. [...] | Ransomware | ||
|
2019-01-24 03:30:00 | Beware of Exit Map Spam Pushing GandCrab v5.1 Ransomware (lien direct) | A new malspam campaign pretending to be the current emergency exit map for the recipient's building is being used to install the GandCrab Ransomware. These spam emails contain malicious Word documents that download and install the infection from a remote computer. [...] | Ransomware Spam | ||
|
2019-01-23 06:02:05 | (Déjà vu) New Anatova Ransomware Supports Modules for Extra Functionality (lien direct) | A new ransomware family popped on the radar of analysts, who see it as a serious threat created by skilled authors that can turn it into a multifunctional piece of malware. [...] | Ransomware Threat | ||
|
2019-01-23 06:02:05 | (Déjà vu) New Ransomware Anatova Has Potential for Extended Functionality (lien direct) | A new ransomware family popped on the radar of analysts, who see it as a serious threat created by skilled authors that can turn it into a multifunctional piece of malware. [...] | Ransomware Threat | ||
|
2019-01-21 19:14:03 | New Rumba STOP Ransomware Being Installed by Software Cracks (lien direct) | The STOP ransomware has seen very heavy distribution over the last month using adware installers disguised as cracks. This campaign continues with a new variant released over the past few days that appends the .rumba extension to the names of encrypted files. [...] | Ransomware | ||
|
2019-01-21 17:24:01 | Ransomware Attacks May Soon Require Disclosure in North Carolina (lien direct) | Attorney General Josh Stein and Rep. Jason Saine proposed legislation designed to strengthen the state's identity theft protection legislation, targeting prevention and consumer protection boost in the face of breaches. [...] | Ransomware | ||
|
2019-01-18 16:57:02 | The Week in Ransomware - January 18th 2019 - Devs Back from Vacation (lien direct) | The ransomware developers must be back from vacation as there were a lot of new releases this week. In addition to new variants of existing ransomware such as Dharma, Scarab, Matrix, and more, we also had a few new variants pop up. [...] | Ransomware | ||
|
2019-01-17 17:48:04 | BlackRouter Ransomware Promoted as a RaaS by Iranian Developer (lien direct) | A ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previousl distributed another ransomware called Blackheart and promotes other infections such as a RAT. [...] | Ransomware | ★★★ |
To see everything:
Our RSS (filtrered)
