What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-28 15:02:13 | The strange link between Industrial Spy and the Cuba ransomware operation (lien direct) | >The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the following wallpaper that promotes […] | Ransomware Malware | ||
|
2022-05-22 17:32:55 | Security Affairs newsletter Round 366 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Asian media company Nikkei suffered a ransomware attack Russia-linked Sandworm continues to conduct attacks against […] | Ransomware | ||
|
2022-05-21 22:21:10 | (Déjà vu) Asian media company Nikkei suffered a ransomware attack (lien direct) | >The media company Nikkei has disclosed a ransomware attack and revealed that the incident might have impacted customer data. The Japanese-based media company Nikkey is focused on the business and financial industry, it is the world’s largest financial newspaper. This week the company disclosed a security breach, ransomware infected one of its servers at a […] | Ransomware | ||
|
2022-05-20 22:11:35 | QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices (lien direct) | >Taiwanese vendor QNAP warned customers of a new wave of DeadBolt ransomware attacks and urges them to install the latest updates. Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. The company issued the alert in response to a new wave of DeadBolt […] | Ransomware | ||
|
2022-05-20 10:10:32 | Conti ransomware is shutting down operations, what will happen now? (lien direct) | >The Conti ransomware gang shut down its operation, and some of its administrators announced a branding of the gang. Advanced Intel researcher Yelisey Boguslavskiy announced the that Conti Ransomware gang shuts its infrastructure and some of its administrators announced a rebranding of the popular RaaS operation. The news was reported by BleepingComputer that citing Boguslavskiy confirmed […] | Ransomware | ||
|
2022-05-18 09:54:41 | Conti Ransomware gang threatens to overthrow the government of Costa Rica (lien direct) | >The Conti ransomware gang is threatening to ‘overthrow’ the new government of Costa Rica after last month’s attack. Last month, the Conti ransomware gang claimed responsibility for the attack on Costa Rica government infrastructure after that the government refused to pay a ransom. “The Costa Rican state will not pay anything to these cybercriminals.” said […] | Ransomware | ||
|
2022-05-17 19:10:57 | Venezuelan cardiologist accused of operating and selling Thanos ransomware (lien direct) | >The U.S. Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. The U.S. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling the Thanos ransomware. Thanos ransomware (a.k.a. Hakbit ransomware) has been developed by Nosophoros (aka Aesculapius, and Nebuchadnezzar), a threat actor offering for sale the malware […] | Ransomware Malware Threat | ||
|
2022-05-16 05:28:25 | Eternity Project: You can pay $260 for a stealer and $490 for a ransomware (lien direct) | >Researchers from threat intelligence firm Cyble analyzed the Eternity Project Tor website which offers any kind of malicious code. Researchers at cybersecurity firm Cyble analyzed a Tor website named named 'Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. The experts discovered the marketplace during a […] | Ransomware Threat | ||
|
2022-05-13 06:52:53 | Iran-linked COBALT MIRAGE group uses ransomware in its operations (lien direct) | Iranian group used Bitlocker and DiskCryptor in a series of attacks targeting organizations in Israel, the US, Europe, and Australia. Researchers at Secureworks Counter Threat Unit (CTU) are investigating a series of attacks conducted by the Iran-linked COBALT MIRAGE APT group. The threat actors have been active since at least June 2020 and are linked […] | Ransomware Threat | APT 15 APT 15 | ★★★★ |
|
2022-05-08 20:58:14 | Conti ransomware claims to have hacked Peru MOF – Dirección General de Inteligencia (DIGIMIN) (lien direct) | Conti Ransomware gang claims to have hacked the Peru MOF – Dirección General de Inteligencia (DIGIMIN) and stolen 9.41 GB. The Conti ransomware gang added the Peru MOF – Dirección General de Inteligencia (DIGIMIN) to the list of its victims on its Tor leak site. The National Directorate of Intelligence is the premier intelligence agency […] | Ransomware | ||
|
2022-05-08 11:10:10 | US agricultural machinery manufacturer AGCO suffered a ransomware attack (lien direct) | The American agricultural machinery manufacturer AGCO announced that has suffered a ransomware attack that impacted its production facilities. AGCO, one of the most important agricultural machinery manufacturers, announced that a ransomware attack impacted some of its production facilities. The company was forced to shut down portions of its IT systems in response to the incident. AGCO did […] | Ransomware | ||
|
2022-05-08 08:01:13 | US DoS offers a reward of up to $15M for info on Conti ransomware gang (lien direct) | The US Government offers up to $15 million for information that helps identify and locate leadership and co-conspirators of the Conti ransomware gang. The US Department of State offers up to $15 million for information that helps identify and locate leadership and co-conspirators of the Conti ransomware gang. The reward is offered under the Department […] | Ransomware Guideline | ||
|
2022-05-04 12:39:23 | Experts linked multiple ransomware strains North Korea-backed APT38 group (lien direct) | Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. The ransomware was employed in attacks on financial institutions, experts estimated that APT38 (Unit 180 of North Korea’s cyber-army Bureau 121) has stolen at hundreds of million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […] | Ransomware Medical | APT 38 | |
|
2022-05-04 09:58:57 | An expert shows how to stop popular ransomware samples via DLL hijacking (lien direct) | A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. The security researcher John Page aka (hyp3rlinx) discovered that malware from multiple ransomware operations, including Conti, REvil, LockBit, AvosLocker, and Black Basta, are affected by flaws that could be exploited block file encryption. Page shared its findings through its […] | Ransomware Malware | ||
|
2022-05-02 14:30:49 | The mystery behind the samples of the new REvil ransomware operation (lien direct) | The REvil ransomware gang has resumed its operations, experts found a new encryptor and a new attack infrastructure. The REvil ransomware operation shut down in October 2021, in January the Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string of attacks against large organizations, such as Kaseya and JBS […] | Ransomware | ||
|
2022-04-27 07:15:07 | Conti ransomware operations surge despite the recent leak (lien direct) | Conti ransomware gang continues to target organizations worldwide despite the massive data leak has shed light on its operations. Researchers from Secureworks state that the Conti ransomware gang, tracked as a Russia-based threat actor Gold Ulrick, continues to operate despite the recent data leak on its internal activities. The group’s activity returned to the levels […] | Ransomware Threat | ||
|
2022-04-26 09:36:30 | Stormous ransomware gang claims to have hacked Coca-Cola (lien direct) | The Stormous ransomware gang claims to have hacked the multinational beverage corporation Coca-Cola Company. The Stormous ransomware gang announced with a post on its leak site to have hacked the multinational beverage corporation Coca-Cola Company. The extortion group announced to have hacked some servers of the company and stole 161GB. The group recently launched a poll asking members […] | Ransomware | ||
|
2022-04-25 08:52:35 | BlackCat Ransomware gang breached over 60 orgs worldwide (lien direct) | At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. FBI. The U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November. […] | Ransomware | ||
|
2022-04-22 22:51:34 | Conti ransomware claims responsibility for the attack on Costa Rica (lien direct) | Conti ransomware gang claimed responsibility for a ransomware attack that hit the government infrastructure of Costa Rica. Last week a ransomware attack has crippled the government infrastructure of Costa Rica causing chaos. The Conti ransomware gang claimed responsibility for the attack, while the Costa Rican government refused to pay a ransom. “The Costa Rican state […] | Ransomware | ||
|
2022-04-19 12:29:55 | Kaspersky releases a free decryptor for Yanluowang ransomware (lien direct) | Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for free. Researchers from Kaspersky discovered a vulnerability in the encryption process of the Yanluowang ransomware that can be exploited to recover the files encrypted by the malware without paying the ransom. The Yanluowang ransomware was […] | Ransomware Malware Vulnerability | ||
|
2022-04-15 19:49:36 | Conti Ransomware Gang claims responsibility for the Nordex hack (lien direct) | The Conti ransomware gang has claimed responsibility for the recent attack against Nordex, one of the largest manufacturers of wind turbines. The Conti ransomware gang claimed responsibility for the cyberattack that hit the manufacturer of wind turbines Nordex on March 31, 2022. Nordex Group shut down “IT systems across multiple locations and business units” as […] | Ransomware Hack | ||
|
2022-04-15 08:25:20 | Analysis of the SunnyDay ransomware (lien direct) | The analysis of a recent sample SunnyDay ransomware revealed some similarities with other ransomware, such as Ever101, Medusa Locker, Curator, and Payment45. Segurança-Informatica published an analysis of a recent sample of SunnyDay ransomware. As a result of the work, some similarities between other ransomware samples such as Ever101, Medusa Locker, Curator, and Payment45 were found. […] | Ransomware | ||
|
2022-04-10 09:08:13 | NB65 group targets Russia with a modified version of Conti\'s ransomware (lien direct) | NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia. According to BleepingComputer, NB65 hacking group is targeting Russian organizations with ransomware that they have developed using the leaked source code of the Conti ransomware. The NB65 hacking group, since the beginning of the invasion, the […] | Ransomware | ||
|
2022-04-04 05:38:05 | Borat RAT, a new RAT that performs ransomware and DDoS attacks (lien direct) | Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system. Unlike other RATs, the Borat RAT provides Ransomware and DDOS services […] | Ransomware Threat | ||
|
2022-03-28 20:23:47 | Hive ransomware ports its encryptor to Rust programming language (lien direct) | The Hive ransomware gang ported its encryptor to the Rust programming language and implemented new features. The Hive ransomware operation has developed a Rust version of their encryptor and added new features to prevent curious from snooping on the victim’s ransom negotiations. According to BleepingComputer, which focused on Linux VMware ESXi encryptor, the Hive ransomware […] | Ransomware | ||
|
2022-03-22 21:01:56 | A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices  (lien direct) | Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that […] | Ransomware | ||
|
2022-03-21 13:03:34 | Hacker leaked a new version of Conti ransomware source code on Twitter (lien direct) | A Ukrainian security researcher has leaked more source code from the Conti ransomware operation to protest the gang’s position on the conflict. Hacker leaked a new version of the Conti ransomware source code on Twitter as retaliation of the gang’s support to Russia The attack against the Conti ransomware and the data leak is retaliation […] | Ransomware | ||
|
2022-03-20 13:48:25 | Security Affairs newsletter Round 358 by Pierluigi Paganini (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. EU and US agencies warn that Russia could attack satellite communications networks Avoslocker ransomware […] | Ransomware | ||
|
2022-03-19 17:03:21 | Avoslocker ransomware gang targets US critical infrastructure (lien direct) | The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infrastructure. The advisory was published in coordination with the US Treasury Department and the Financial Crimes Enforcement Network […] | Ransomware | ||
|
2022-03-19 13:15:26 | Exotic Lily initial access broker works with Conti gang (lien direct) | Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation. Initial access brokers play an essential role in the cybercrime ecosystem, they provide access to previously […] | Ransomware Threat | ||
|
2022-03-19 10:51:07 | Emsisoft releases free decryptor for the victims of the Diavol ransomware (lien direct) | Cybersecurity firm Emsisoft released a free decryptor that allows the victims of the Diavol ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom. In January, the FBI officially linked the Diavol ransomware operation to the infamous TrickBot […] | Ransomware Tool | ||
|
2022-03-13 10:08:56 | LockBit ransomware group claims to have hacked Bridgestone Americas (lien direct) | LockBit ransomware gang claimed to have hacked Bridgestone Americas, one of the largest manufacturers of tires. LockBit ransomware gang claimed to have compromised the network of Bridgestone Americas, one of the largest manufacturers of tires, and stolen data from the company. The Bridgestone Americas family of enterprises includes more than 50 production facilities and 55,000 […] | Ransomware | ||
|
2022-03-11 06:15:24 | Vodafone investigates claims of a data breach made by Lapsus$ gang (lien direct) | Vodafone is investigating a recently suffered cyberattack, after a ransomware gang Lapsus$ claimed to have stolen its source code. Vodafone announced to have launched an investigation after the Lapsus$ cybercrime group claimed to have stolen its source code. The Lapsus$ gang claims to have stolen approximately 200 GB of source code files, allegedly contained in […] | Ransomware Data Breach | ||
|
2022-03-10 16:10:10 | CISA added 98 domains to the joint alert related to Conti ransomware gang (lien direct) | The U.S. CISA has updated the alert on Conti ransomware and added 98 domain names used by the criminal gang. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware operations, the agency added 100 domain names used by the group. The joint report published by CISA, the Federal Bureau […] | Ransomware | ||
|
2022-03-08 15:01:53 | (Déjà vu) Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors (lien direct) | The US FBI warns that the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors. The US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn that the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations across […] | Ransomware | ||
|
2022-03-05 22:11:44 | Lapsus$ gang leaks data allegedly stolen from Samsung Electronics (lien direct) | The Lapsus$ ransomware group claimed to have hacked Samsung Electronics and leaked alleged stolen confidential data. The Lapsus$ ransomware gang claims to have stolen a huge trove of sensitive data from Samsung Electronics and leaked 190GB of alleged Samsung data as proof of the hack. The gang announced the availability of the sample data on […] | Ransomware | ||
|
2022-03-03 22:51:03 | Avast released a free decryptor for the HermeticRansom that hit Ukraine (lien direct) | Avast released a decryptor for the HermeticRansom ransomware used in recent targeted attacks against Ukrainian entities. Avast has released a free decryptor for the HermeticRansom ransomware employed in targeted attacks against Ukrainian systems since February 23. The security firms aim at helping Ukrainians victims in recovering their file for free. The HermeticRansomware was one of […] | Ransomware | ||
|
2022-03-02 15:36:17 | (Déjà vu) NVIDIA discloses data breach after the recent ransomware attack (lien direct) | Chipmaker giant Nvidia confirmed a data breach after the recently disclosed security incident, proprietary information stolen. The chipmaker giant Nvidia was recentty victim of a ransomware attack that impacted some of its systems for two days. The security breach is not connected to the ongoing crisis in Ukraine, according to a person familiar with the […] | Ransomware Data Breach | ||
|
2022-03-02 09:27:19 | Ukrainian researcher leaked the source code of Conti Ransomware (lien direct) | A Ukrainian researcher leaked the source for the Conti ransomware and components for the control panels. Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. He was able to access the database XMPP chat server of the Conti group. Clearly, the […] | Ransomware | ||
|
2022-02-28 14:35:52 | Researcher leaked Conti\'s internal chat messages in response to its support to Russia (lien direct) | A Ukrainian researcher leaked tens of thousands of internal chat messages belonging to the Conti ransomware operation. A Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. Researchers from cybersecurity firm Hold Security confirmed that the researcher was able to access […] | Ransomware | ||
|
2022-02-27 09:45:09 | Chipmaker giant Nvidia hit by a ransomware attack (lien direct) | The chipmaker giant Nvidia was the victim of a ransomware attack that took down some of its systems for two days. The chipmaker giant Nvidia was victim of a ransomware attack that impacted some of its systems for teo days. The security breach is not connected to the ongoing crisis in Ukraine, according to a […] | Ransomware | ||
|
2022-02-25 20:33:55 | Ukraine calls on independent hackers to defend against Russia, Russian underground responds (lien direct) | While Ukraine calls for hacker underground to defend against Russia, ransomware gangs make their moves. Ukraine’s government is asking for volunteers from the hacker underground to provide their support in protecting critical infrastructure and carry out offensive operations against Russian state-sponsored hackers, reported Reuters which cited two e experts involved in the project. The call […] | Ransomware | ||
|
2022-02-24 19:28:49 | Data wiper attacks on Ukraine were planned at least in November and used ransomware as decoy (lien direct) | Experts reported that the wiper attacks that yesterday hit hundreds of systems in Ukraine used a GoLang-based ransomware decoy. Yesterday, researchers from cybersecurity firms ESET and Broadcom's Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine. A tweet from ESET revealed that the company's telemetry shows […] | Ransomware Malware | ||
|
2022-02-24 15:55:50 | (Déjà vu) Deadbolt Ransomware targets Asustor and QNap NAS Devices (lien direct) | Deadbolt ransomware operators are targeting Asustor NAS (network-attached storage) appliances. Storage solutions provider Asustor is warning its customers of a wave of Deadbolt ransomware attacks targeting its NAS devices. Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the […] | Ransomware | ||
|
2022-02-23 15:57:05 | Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp? (lien direct) | The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. Experts from Sophos analyzed the code of Entropy ransomware employed in two distinct attacks. “A pair of incidents at different organizations in which attackers deployed a […] | Ransomware | ||
|
2022-02-21 08:16:50 | A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files (lien direct) | Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. The Hive ransomware operation has been active […] | Ransomware | ||
|
2022-02-20 09:52:00 | Trickbot operation is now controlled by Conti ransomware (lien direct) | The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. TrickBot operation has arrived at the end of the journey, according to AdvIntel some of its top members move under the Conti ransomware gang, which is planning to replace the popular banking Trojan with the stealthier BazarBackdoor. TrickBot is […] | Ransomware Malware | ||
|
2022-02-18 15:21:14 | Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability (lien direct) | Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus, Charming Kitten […] | Ransomware Vulnerability Conference | APT 35 | |
|
2022-02-15 16:32:33 | BlackCat gang claimed responsibility for Swissport ransomware attack (lien direct) | The BlackCat ransomware group (aka ALPHV), claimed responsibility for the attack on Swissport that interfered with its operations. The BlackCat ransomware group (aka ALPHV), has claimed responsibility for the cyberattack on Swissport that impacted its operations, causing flight delays. Swissport International Ltd. is an aviation services company providing airport ground,lounge hospitality and cargo handling services owned by an international group of investors. […] | Ransomware | ||
|
2022-02-14 21:11:03 | (Déjà vu) BlackByte ransomware breached at least 3 US critical infrastructure organizations (lien direct) | The US Federal Bureau of Investigation (FBI) said that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors. The US Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory with the US Secret Services which revealed that the BlackByte ransomware group has breached at least three organizations from US critical […] | Ransomware |
To see everything:
Our RSS (filtrered)
