What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-07 15:00:00 | Anomali Cyber Watch: EvilProxy Defeats Second Factor, Ragnar Locker Ransomware Hits Critical Infrastructure, Montenegro Blames Russia for Massive Cyberattack, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Critical infrastructure, Crypto mining, Delayed execution, Phishing, Ransomware, Reverse proxy, Russia, and Steganography. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
(published: September 5, 2022)
Resecurity researchers analyzed EvilProxy, a phishing kit that uses reverse proxy and cookie injection methods to bypass two-factor authentication (2FA). EvilProxy uses extensive virtual machine checks and browser fingerprinting. If the victim passes the checks, Evilproxy acts as a proxy between the victim and the legitimate site that asks for credentials. EvilProxy is being sold as a service on the dark web. Since early May 2022, Evilproxy enables phishing attacks against customer accounts of major brands such as Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, Yandex, and others.
Analyst Comment: EvilProxy is a dangerous automation tool that enables more phishing attacks. Additionally, EvilProxy targeting GitHub and npmjs accounts increases risks of follow-up supply-chain attacks. Anomali platform has historic EvilProxy network indicators that can help when investigating incidents affecting 2FA. With 2FA bypass, users need to be aware of phishing risks and pay even more attention to domains that ask for their credentials and 2FA codes.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Supply Chain Compromise - T1195
Tags: EvilProxy, Phishing, Phishing-as-s-service, Reverse proxy, Cookie injection, 2FA, MFA, Supply chain
Ragnar Locker Ransomware Targeting the Energy Sector
(published: September 1, 2022)
Cybereason researchers investigated the Ragnar Locker ransomware that was involved in cyberattack on DESFA, a Greek pipeline company. On August 19, 2022, the Ragnar Locker group listed DESFA on its data leak site. The group has been active since 2019 and it is not the first time it targets critical infrastructure companies with the double-extortion scheme. Their Ragnar Locker ransomware shows the typical abilities of modern ransomware including system information and location collection, deleting shadow copies, identifying processes (antiviruses, backup solutions, IT remote management solutions, and virtual-based software), and encrypting the system with the exception list in mind.
Analyst Comment: Ragnar Locker appears to be an aggressive ransomware group that is not shy attacking critical infrastructure as far as they are not in the Commonwealth of Independent States (Russia and associated countries). Always be on high alert while reading emails, in particular those with attachments, URL redirection, false sense of urgency or poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders. Additionally, it is important to have a comprehensive and teste |
Ransomware Malware Tool Threat Patching Guideline | Yahoo | |
 |
2022-09-07 14:26:10 | The LockBit Ransomware Gang Is Surprisingly Professional (lien direct) | This article makes LockBit sound like a legitimate organization: The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom. LockBitSupp said that the ransomware operator is now looking to add DDoS as an extortion tactic on top of encrypting data and leaking it. “I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and provide triple extortion, encryption + date leak + dudos, because I have felt the power of dudos and how it invigorates and makes life more interesting,” LockBitSupp wrote in a post on a hacker forum... | Ransomware | ||
 |
2022-09-07 13:00:44 | QNAP tells NAS users to “take immediate action” after new wave of DeadBolt ransomware attacks (lien direct) | Owners of QNAP NAS drives have been advised to "take immediate action" in the wake of a new wave of DeadBolt ransomware attacks. | Ransomware | ||
 |
2022-09-07 12:00:00 | Warning issued about Vice Society ransomware targeting the education sector (lien direct) | >Categories: NewsCategories: RansomwareTags: FBI Tags: CISA Tags: StopRansomware Tags: Vice Society Tags: HelloKitty Tags: SonicWall Tags: PrintNightmare Tags: LAUSD The FBI, CISA, and the MS-ISAC have released a joint Cybersecurity Advisory after observing Vice Society threat actors disproportionately targeting the education sector with ransomware attacks. (Read more...) | Ransomware Threat | ||
 |
2022-09-07 11:00:19 | Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues (lien direct) |  By Azim Khodjibaev, Colin Grady, Paul Eubanks.Since Aug. 20, 2022, Cisco Talos has been monitoring suspected distributed denial-of-service (DDoS) attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites. While the source and origin of this activity remain unknown, this appears to be a concentrated effort against RaaS leak sites to disrupt their efforts to announce and post new victim information.Actors' responses have varied, with LockBit and ALPHV implementing new measures to counteract DDoS attacks against their sites while other groups like Quantum have simply resorted to redirecting web traffic elsewhere. LockBit also appears to have co-opted this technique by advertising that they are now adding DDoS as an extortion tactic in addition to encrypting and leaking data.RaaS leak sites experience intermittent outagesIn late August, Talos became aware of several prominent ransomware operations, such as ALPHV (also referred to as BlackCat) and LockBit, experiencing suspected DDoS attacks against their public data leak sites. These leak sites are typically hosted on Tor hidden services where, in a tactic known as double extortion, RaaS affiliates post victim information if the ransom demand is not met. On Aug. 26, we also observed at least seven more RaaS leak sites for LV, Hive, Everest, BianLian, Yanluowang, Snatch and Lorenz become inaccessible and go offline intermittently and/or experience slow traffic. Security researchers have also identified additional RaaS leak sites for Ragnar Locker and Vice Society which may have also been affected by this activity. However, we have only verified the Ragnar Locker claim at this time, as their leak site continues to experience outages. At the time of analysis, many of the aforementioned groups are still affected by connectivity issues and continue to face a variety of intermittent outages to their data leak sites, including frequent disconnects and unreachable hosts, suggesting that this is part of a sustained effort to thwart updates to those sites. On Aug. 20, a LockBit representative, "LockBitSupp", reported that nearly 1,000 servers were targeting the LockBit data leak sites, with nearly 400 requests per second. After reporting that their leak sites became unavailable due to a DDoS attack, LockBit provided screenshots alleging that the attack began as soon as they started to publish data to their leak site for Entrust, a digital security company LockBit targeted in July. |
Ransomware | ||
 |
2022-09-07 10:36:00 | Global companies say supply chain partners expose them to ransomware (lien direct) | Global organizations say they are increasingly at risk of ransomware compromise via their extensive supply chains. Out of 2,958 IT decision makers across 26 countries in North and South America, Europe, and APAC, 79% believe their partners and customers are making their organization a more attractive ransomware target, according to the latest research by Trend Micro. Fifty-two percent of the global organizations surveyed say they have a supply chain partner that has been hit by ransomware. Supply chain and other partners include providers of IT hardware, software and services, open-source code repositories, and non-digital suppliers ranging from law firms and accountants to building maintenance providers. They make for a web of interdependent organizations. To read this article in full, please click here | Ransomware | ||
 |
2022-09-07 09:26:49 | What is a cyberattack? Why knowing adversary tactics helps prepare for threats (lien direct) | >To the public at large, last year's HSE ransomware incident was the highest profile example of a cyberattack in Ireland. Conti, the group behind the attack, may have since disbanded but its legacy is still with us in the tactics, techniques and procedures it used to infiltrate victims. So while the risk remains, what can ... | Ransomware | ||
 |
2022-09-07 08:30:00 | (Déjà vu) FBI K-12 Ransomware Warning as LAUSD is Hit (lien direct) | Second-largest US school district compromised over the weekend | Ransomware | ||
 |
2022-09-07 08:26:53 | (Déjà vu) Etude Cohesity : La dépendance à l\'égard des technologies historiques (legacy) empêche les organisations de se protéger efficacement contre les attaques de ransomware (lien direct) | Le legacy : une porte d'entrée royale pour les ransomwares ? – Nouvelle étude cybersécurité de Cohesity. Selon une étude Cohesity, près d'une entreprise sur deux s'appuie sur une infrastructure de sauvegarde et de restauration de données obsolète, datant dans certains cas des années 1990, bien avant l'émergence des cyberattaques sophistiquées d'aujourd'hui. - Investigations | Ransomware | ||
 |
2022-09-07 07:00:00 | Google says former Conti ransomware members now attack Ukraine (lien direct) | Google says some former Conti cybercrime gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations (NGOs). [...] | Ransomware Threat | ||
 |
2022-09-06 19:51:08 | As LA Unified Battles Ransomware, CISA Warns About Back-to-School Attacks (lien direct) | Hours after Los Angeles Unified School District hit with ransomware attack, CISA issued an alert that threat actors are actively targeting the education sector. | Ransomware Threat | ||
 |
2022-09-06 18:33:30 | The Los Angeles Unified School District hit by a ransomware attack (lien direct) | >One of the US largest School districts, the Los Angeles Unified School District, suffered a ransomware attack during the weekend. The Los Angeles Unified School District is one of the largest school distinct in the US, it was hit by a ransomware attack during the Labor Day weekend. The security breach took place a few […] | Ransomware | ||
|
2022-09-06 17:51:16 | Critical QNAP NAS Zero-Day Bug Exploited to Deliver DeadBolt Ransomware (lien direct) | This is the fourth DeadBolt campaign this year against QNAP customers, but it differs from previous attacks in exploiting an unpatched bug instead of a known vulnerability. | Ransomware | ||
 |
2022-09-06 17:45:09 | (Déjà vu) Ransomware gang hits second-largest US school district (lien direct) | FBI and CISA on-site to assist with incident response over Labor Day weekend Cybercriminals hit the Los Angeles Unified School District (LAUSD) over the holiday weekend with a ransomware attack that temporarily shut down email, computer systems, and applications.… | Ransomware | ||
 |
2022-09-06 14:40:00 | What is the Role of an MSSP In a Ransomware Attack? (lien direct) | As customers look to MSSPs for help protecting against ransomware attacks, MSSPs should consider solutions that provide a broad, integrated and automated approach. Read more. | Ransomware | ||
 |
2022-09-06 14:20:24 | RansomOps vs. Extended Detection and Response (lien direct) |
With nearly four out of ten global organizations admitting to being victims of a ransomware attack in 2021 alone, it's apparent that complex ransomware operations–or RansomOps–are only going to become a bigger part of the cybersecurity dialogue than they already are. |
Ransomware | ||
|
2022-09-06 13:00:00 | Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration (lien direct) | Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready. | Ransomware Vulnerability | ||
|
2022-09-06 12:00:00 | Half of Firms Report Supply Chain Ransomware Compromise (lien direct) | Study highlights threat detection challenge for many organizations | Ransomware Threat | ||
|
2022-09-06 11:54:30 | Cyberdéfense après l\'attaque par ransomware contre Kaseya, mieux vaut prévenir que guérir. (lien direct) | Un an s'est écoulé depuis l'une des plus grandes cyberattaques de l'histoire. Pour Vectra AI, il est temps de repenser les stratégies de sécurité pour contrer les RansomOps modernes. Une partie du travail des responsables de la cybersécurité consiste à examiner des événements distincts et à établir des liens entre eux. Dégager des tendances, avoir une vue d'ensemble, et aller au-delà des avertissements alarmants, vers des stratégies pour un avenir numérique plus radieux. L'attaque par ransomware contre (...) - Malwares | Ransomware | ||
 |
2022-09-06 10:00:00 | Shikitega - New stealthy malware targeting Linux (lien direct) | Executive summary
AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.
Key takeaways:
The malware downloads and executes the Metasploit’s “Mettle” meterpreter to maximize its control on infected machines.
Shikitega exploits system vulnerabilities to gain high privileges, persist and execute crypto miner.
The malware uses a polymorphic encoder to make it more difficult to detect by anti-virus engines.
Shikitega abuse legitimate cloud services to store some of its command and control servers (C&C).
Figure 1. Shikitega operation process.
Background
With a rise of nearly 650% in malware and ransomware for Linux this year, reaching an all-time high in the first half year of 2022, threat actors find servers, endpoints and IoT devices based on Linux operating systems more and more valuable and find new ways to deliver their malicious payloads. New malwares like BotenaGo and EnemyBot are examples of how malware writers rapidly incorporate recently discovered vulnerabilities to find new victims and increase their reach.
Shikitega uses an infection chain in multiple layers, where the first one contains only a few hundred bytes, and each module is responsible for a specific task, from downloading and executing Metasploit meterpreter, exploiting Linux vulnerabilities, setting persistence in the infected machine to downloading and executing a cryptominer.
Analysis
The main dropper of the malware is a very small ELF file, where its total size is around only 370 bytes, while its actual code size is around 300 bytes. (figure 2)
Figure 2. Malicious ELF file with a total of only 376 bytes.
The malware uses the “Shikata Ga Nai” polymorphic XOR additive feedback encoder, which is one of the most popular encoders used in Metasploit. Using the encoder, the malware runs through several decode loops, where one loop decodes the next layer, until the final shellcode payload is decoded and executed. The encoder stud is generated based on dynamic instruction substitution and dynamic block ordering. In addition, registers are selected dynamically. Below we can see how the encoder decrypts the first two loops: (figures 3 and 4)
Figure 3. First “Shikata Ga Nai” decryption loop.
Figure 4. Second “Shikata Ga Nai” decryption loop created by the first one.
After several decryption loops, the final payload shellcode will be decrypted and executed. As the malware doe |
Ransomware Malware Vulnerability Threat | ★★★ | |
 |
2022-09-06 08:41:00 | QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw (lien direct) | QNAP has issued a new advisory urging users of its network-attached storage (NAS) devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software. The Taiwanese company said it detected the attacks on September 3 and that "the campaign appears to target QNAP NAS devices running Photo | Ransomware | ||
|
2022-09-06 08:10:00 | BlackCat Ransomware Linked to Italy\'s Energy Services Firm Hack (lien direct) | The ransomware group claimed to have downloaded 700GB of data from GSE | Ransomware Hack | ||
|
2022-09-06 08:00:00 | Researcher Spotlight: How Asheer Malhotra looks for \'instant gratification\' in threat hunting (lien direct) | The India native has transitioned from a reverse-engineer hobbyist to a public speaker in just a few years By Jon Munshaw. Ninety percent of Asheer Malhotra's work will never see the light of day. But it's that 10 percent that keeps him motivated to keep looking for something new. The Talos Outreach researcher spends most of his days looking into potential new threats. Many times, that leads to dead ends of threats that have already been discovered and blocked or don't have any additional threads to pull on. But eventually, the “lightbulb goes off,” as he puts it, which indicates something is a new threat the wider public needs to know about. During his time at Talos, Malhotra has spent much of his time looking into cyber attacks and state-sponsored threat actors in Asia, like the Transparent Tribe group he's written about several times. “At some point, I say 'Hey, I don't think I've seen this before.' I start analyzing public disclosures, and slowly start gaining confidence and being able to craft a narrative around the motivations and tactics around a specific threat actor or malware campaign,” he said. In the case of Transparent Tribe, Malhotra's tracked their growth as a major player in the threat landscape in Asia, as they've added several remote access trojans to their arsenal, targeted high-profile government-adjacent entities in India and expanded their scope across the region. When he's not threat hunting, Malhotra also speaks to Cisco customers about the current state of cybersecurity in briefings and delivers presentations at conferences around the world (mainly virtually during the COVID-19 pandemic).  “I always try to find the latest and new stuff to talk about. … I've been honing my skills and trying to speak more confidently publicly, but the confidence is backed up with the right kind of knowledge and the threat intelligence, that's what helps me succeed,” he said. Malhotra is a native of India and spent most of his life there before coming to the U.S. for his master's degree at Mississippi State University. Mississippi was a far cry from everything else he had known up until that point, but he quickly adjusted. “That was the 'Deep South,'” he said. “So there was a culture shock, but the southern hospitality is such a real thing, and it felt very normal there.” Growing up, Malhotra always knew he wanted to work with computers, starting out as a teenager reverse-engineering exploits he'd see others talk about on the internet or just poking at smaller applications. His additional interest in politics and national security made it natural for him to combine the two and focus his research on state-sponsored actors. He enjoys continuing his research in the Indian subcontinent and sees many parallels between the state of security in India and the U.S. “Th |
Ransomware Malware Threat Guideline | APT 36 | |
|
2022-09-06 07:41:11 | Second largest U.S. school district LAUSD hit by ransomware (lien direct) | Los Angeles Unified (LAUSD), the second largest school district in the U.S., disclosed that a ransomware attack hit its Information Technology (IT) systems over the weekend. [...] | Ransomware | ||
 |
2022-09-06 00:00:00 | Play Ransomware\'s Attack Playbook Unmasks it as Another Hive Affiliate like Nokoyawa (lien direct) | Play is a new ransomware that takes a page out of Hive and Nokoyawa's playbook. The many similarities among them indicate that Play, like Nokoyawa, may be a Hive affiliate. | Ransomware | ||
|
2022-09-05 20:43:48 | QNAP warns new Deadbolt ransomware attacks exploiting zero-day (lien direct) | >QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. The attacks started on Saturday meantime the Taiwanese vendor has addressed the vulnerability. “QNAP Systems, Inc. today […] | Ransomware Vulnerability Threat | ||
|
2022-09-05 17:56:00 | Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus (lien direct) | A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question ("mhyprot2.sys") is signed with a valid certificate, | Ransomware | ||
 |
2022-09-05 13:03:03 | New Ransomware Hits Windows, Linux Servers Of Chile Govt Agency (lien direct) | Following the news that: New ransomware hits Windows, Linux servers of Chile govt agency New ransomware hits Windows, Linux servers of Chile govt agency | Vumetric Cyber Portal | Ransomware | ||
|
2022-09-05 11:44:19 | Windows Defender identified Chromium, Electron apps as Hive Ransomware (lien direct) | >Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware. Multiple users reported […] | Ransomware Malware | ||
 |
2022-09-02 23:04:57 | Cyber insurance costs soar amid ransomware attacks (lien direct) | >Ransomware attacks and recurring breaches cause insurers to rethink risk as prices rise and policies get increasingly harder to obtain. That cyberattacks have been on the rise is one fact we unfortunately read every year. The cost of these attacks has also been rising steadily, standing at a global average of $4.35 million, according to […] | Ransomware | ||
|
2022-09-02 18:56:28 | Researchers Spot Snowballing BianLian Ransomware Gang Activity (lien direct) | The operators of the emerging cross-platform ransomware BianLian increased their command and control infrastructure this month, indicating an acceleration in their operational pace. | Ransomware | ||
|
2022-09-02 17:03:00 | (Déjà vu) Ransomware Roundup: Snatch, BianLian and Agenda (lien direct) | The latest edition of the Ransomware Roundup from FortiGuard Labs covers the Snatch, BianLian and Agenda ransomware. Read to learn more about protections against these variants. | Ransomware | ||
|
2022-09-02 16:05:55 | BlackCat ransomware claims attack on Italian energy agency (lien direct) | The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy's energy agency Gestore dei Servizi Energetici SpA (GSE) over the weekend. [...] | Ransomware | ||
 |
2022-09-02 15:01:30 | Another European nation hit by hackers, Montenegro grapples with ongoing ransomware attack (lien direct) | >The wave of digital assaults on Montenegro includes a ransomware attack that's crippled multiple government services. | Ransomware | ||
|
2022-09-02 14:36:00 | Examining the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) (lien direct) | Between now and September 2025, the Cybersecurity and Infrastructure Security Agency (CISA) will be developing standards that require certain entities to report cyber incidents and ransomware payments. Learn the basics of what the Act is going to require and what you should be doing now to prepare. | Ransomware | ||
|
2022-09-02 13:26:40 | Another Ransomware For Linux Likely In Development (lien direct) | >Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware […] | Ransomware Threat | ||
|
2022-09-02 13:25:31 | Ragnar Locker Brags About TAP Air Portugal Breach (lien direct) | TAP assures its customers that it stopped data theft in a recent cyberattack, but the Ragnar Locker ransomware group says it made off with user info. | Ransomware | ||
|
2022-09-02 13:18:37 | Montenegro is the Victim of a Cyberattack (lien direct) | Details are few, but Montenegro has suffered a cyberattack: A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country's electrical utility to switch to manual control. […] But the attack against Montenegro's infrastructure seemed more sustained and extensive, with targets including water supply systems, transportation services and online government services, among many others. Government officials in the country of just over 600,000 people said certain government services remained temporarily disabled for security reasons and that the data of citizens and businesses were not endangered... | Ransomware | ||
|
2022-09-02 12:25:17 | Hive ransomware hits Damart clothing store with $2 million ransom (lien direct) | Damart, a French clothing company with over 130 stores across the world, is being extorted for $2 million after a cyberattack from the Hive ransomware gang. [...] | Ransomware | ||
|
2022-09-02 11:00:00 | New Ransomware Group BianLian Activity Exploding (lien direct) | The threat actor using the common Go programming language and a custom toolkit claims twenty victims | Ransomware Threat | ||
|
2022-09-02 09:12:27 | San Francisco 49ers: Blackbyte ransomware gang stole info of 20K people (lien direct) | NFL's San Francisco 49ers are mailing notification letters confirming a data breach affecting more than 20,000 individuals following a ransomware attack that hit its network earlier this year. [...] | Ransomware | ||
|
2022-09-02 08:30:00 | Chile and Montenegro Floored by Ransomware (lien direct) | Governments reveal system compromise in separate incidents | Ransomware | ||
|
2022-09-01 18:25:00 | Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks (lien direct) | The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in | Ransomware | ★★★★★ | |
|
2022-09-01 15:45:00 | Ragnar Locker Ransomware Targets Energy Sector, Cybereason Suggests (lien direct) | The malware can also check if specific products are installed, particularly security software | Ransomware Malware | ||
|
2022-09-01 15:27:41 | Ragnar Locker ransomware gang claims to have stolen data from TAP Air Portugal (lien direct) | >The Ragnar Locker ransomware gang claims to have hacked the Portuguese state-owned flag carrier airline TAP Air Portugal and stolen customers’ data. The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal to its leak site and claims to have stolen customers’ data. On August 26, the Portugues company announced via […] | Ransomware | ||
|
2022-09-01 14:00:25 | (Déjà vu) Pleins feux sur les menaces : plus d\'1,2 million d\'attaques de ransomwares par mois ! Un rapport de recherche produit par Barracuda analyse les schémas (lien direct) | Pleins feux sur les menaces : plus d'1,2 million d'attaques de ransomwares par mois ! Un rapport de recherche produit par Barracuda analyse les schémas. d'attaques par ransomware ayant eu lieu entre août 2021 et juillet 2022 Barracuda, partenaire de confiance et fournisseur leader de solutions de sécurité pour le cloud, publie aujourd'hui son quatrième rapport annuel de recherche sur les menaces liées aux ransomwares. Ce nouveau rapport de recherche analyse les schémas d'attaques par ransomware ayant eu lieu entre août 2021 et juillet 2022. - Malwares | Ransomware Guideline | ||
|
2022-09-01 14:00:00 | Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation (lien direct) | Cloud breaches are inevitable - and so is cloud ransomware. (Second of two parts.) | Ransomware | ||
|
2022-09-01 13:30:00 | Ragnar Locker continues trend of ransomware targeting energy sector (lien direct) | The recent attack on Greece's largest natural gas transmission operator DESFA by ransomware gang Ragnar Locker is the latest on a growing list of incidents where ransomware groups attacked energy companies. This gang seems to prefer critical infrastructure sectors, having targeted over 50 such organizations in the U.S. over the past two years.According to a new analysis by researchers from Cybereason, Ragnar Locker is a growing threat that uses layers of encryption to hide instructions in its binary and kills various processes associated with remote login and support.To read this article in full, please click here | Ransomware Threat | ||
 |
2022-09-01 12:59:12 | Ransomware Gang Claims Customer Data Stolen in TAP Air Portugal Hack (lien direct) | The Ragnar Locker ransomware gang says it has exfiltrated customer data in a cyberattack on Portuguese state-owned flag carrier airline TAP Air Portugal. The incident was initially disclosed on August 26, when TAP announced on Twitter that it managed to foil the cyberattack before the threat actor could access any customer data. | Ransomware Hack Threat | ||
|
2022-09-01 10:00:00 | THREAT ANALYSIS REPORT: Ragnar Locker Ransomware Targeting the Energy Sector (lien direct) |
|
Ransomware |
To see everything:
Our RSS (filtrered)
