What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-13 09:17:43 | US CISA and FBI publish joint alert on DarkSide ransomware (lien direct) | FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption. […] | Ransomware | ||
|
2021-05-11 10:23:45 | (Déjà vu) FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks (lien direct) | The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare. The alert published […] | Ransomware | ||
|
2021-05-10 20:46:58 | FBI confirmed that Darkside ransomware gang hit Colonial Pipeline (lien direct) | The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried out by the Darkside ransomware gang. “The FBI confirms that the Darkside ransomware is […] | Ransomware | ||
|
2021-05-10 13:05:57 | City of Tulsa, is the last US city hit by ransomware attack (lien direct) | The city of Tulsa, Oklahoma, has been hit by a ransomware attack over the weekend that impacted its government's network and shut down its websites. One of the biggest cities in the US by population size, the City of Tulsa, was victim of a ransomware attack that affected its government's network and forced the shutdown […] | Ransomware | ||
|
2021-05-09 18:12:06 | CISA MAR report provides technical details of FiveHands Ransomware (lien direct) | U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye's Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye's Mandiant. At the end of April, researchers […] | Ransomware Malware | ||
|
2021-05-09 08:50:25 | Security Affairs newsletter Round 313 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Cloud hosting provider Swiss Cloud suffered a ransomware attack Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle WeSteal, a shameless commodity cryptocurrency […] | Ransomware | ||
|
2021-05-07 09:57:25 | Connecting the Bots – Hancitor fuels Cuba Ransomware Operations (lien direct) | The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker […] | Ransomware Malware | ||
|
2021-05-04 09:01:06 | Project Signal: a second Iranian State-Sponsored Ransomware Operation (lien direct) | Iran-linked ATP group carried out a ransomware operation through a contracting company based in the country, Flashpoint researchers warn. Researchers from Flashpoint have uncovered a state-sponsored ransomware campaign conducted by Iran's Islamic Revolutionary Guard Corps (IRGC) through an Iranian contracting company called “Emen Net Pasargard” (ENP) (aka “Imannet Pasargad,” “Iliant Gostar Iranian,” “Eeleyanet Gostar Iraniyan”). […] | Ransomware | ||
|
2021-05-02 08:06:06 | Cloud hosting provider Swiss Cloud suffered a ransomware attack (lien direct) | Swiss cloud hosting provider Swiss Cloud has suffered a ransomware attack that seriously impacted its server infrastructure. On April 27 the Swiss cloud hosting provider was hit by a ransomware attack that brought down the company's server infrastructure. The company is currently working to restore operations from its backups with the help of experts from […] | Ransomware | ||
|
2021-05-01 18:38:18 | AgeLocker ransomware operation targets QNAP NAS devices (lien direct) | Taiwanese vendor QNAP is warning its customers of AgeLocker ransomware attacks on their NAS devices. Crooks behind the AgeLocker ransomware operation are targeting QNAP NAS devices, the Taiwanese vendor warns. The vendor doesn’t provide technical details of the attacks, it is not clear if the ransomware gang exploited know vulnerabilities. “The QNAP security team has […] | Ransomware | ||
|
2021-05-01 12:19:53 | Babuk crew announced it will stop ransomware attacks (lien direct) | Babuk ransomware operators shut down their affiliate program and announced to stop using ransomware, the group plans to move on data theft. Recently the Babuk ransomware operators made the headlines for the ransomware attack against the DC Police Department. Experts believe that the decision of the group to leave the ransomware practice could be the […] | Ransomware | ||
|
2021-04-29 18:10:09 | An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos (lien direct) | Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack. Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks, was hit by a cyberattack allegedly carried out by one of the most aggressive ransomware gangs, Darkside. The attack paralyzed the operations at 188 branches […] | Ransomware | ||
|
2021-04-28 10:48:59 | UK rail network Merseyrail hit by ransomware gang (lien direct) | UK rail network Merseyrail was hit by a cyberattack, ransomware operators breached the corporate email system to disclose the attack to employees and journalists. UK rail network Merseyrail, which operates rail services across Merseyside, announced it was a victim of a cyber attack. A ransomware gang has also compromised the email system of the organization to […] | Ransomware | ||
|
2021-04-27 11:50:29 | Ransomware hit Guilderland Central School District near Albany (lien direct) | Officials revealed that the school district near Albany was hit by a ransomware attack that forced students in grades 7 through 12 into all-remote learning on Monday. The Guilderland Central School District near Albany was hit by a ransomware attack that forced students in grades 7 through 12 into all-remote learning on Monday, the news […] | Ransomware | ||
|
2021-04-23 16:54:40 | New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days (lien direct) | A new ransomware strain dubbed Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom payment. Experts are warning of a new strain of ransomware named Qlocker that is infecting hundreds of QNAP NAS devices on daily bases. The malware moves all files stored on the device to password-protected 7zip […] | Ransomware Malware | ||
|
2021-04-23 07:18:57 | Darkside Ransomware gang aims at influencing the stock price of their victims (lien direct) | The Darkside ransomware gang is enhancing its extortion tactics to interfere with the valuation of stocks of companies that are listed on NASDAQ or other stock markets. The Darkside ransomware operators are stepping up their extortion tactics targeting companies that are listed on NASDAQ or other stock markets with a new technique. The group announced […] | Ransomware | ||
|
2021-04-22 05:49:21 | Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang (lien direct) | During an undercover interview, a CyberNews researcher tricked ransomware operators affiliated with Ragnar Locker into revealing their ransom payout structure, cash out schemes, and target acquisition strategies. From a relatively rare threat just a few years ago to one of the biggest moneymakers for cybercriminals today – the meteoric rise of ransomware has cast a shadow of […] | Ransomware Threat | ||
|
2021-04-21 13:12:46 | REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack (lien direct) | The REvil ransomware operators are attempting to blackmail Apple after they has allegedly stolen product blueprints of the IT giant from its business partner. REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded event threatening to sell stolen blueprints belonging to the IT giant that were stolen from Quanta Computer. Quanta […] | Ransomware Hack | ||
|
2021-04-19 08:32:13 | Nitroransomware demands gift codes as ransom payments (lien direct) | A new ransomware dubbed ‘NitroRansomware’ has appeared in the threat landscape, it demands a Discord Nitro gift code to decrypt files. Researchers from BleepingComputer reported infections of a new singular ransomware dubbed NitroRansomware which demands a Discord Nitro gift code to the victims to decrypt their files. Discord is a free VoIP, instant messaging and […] | Ransomware Threat | ||
|
2021-04-11 09:04:58 | Security Affairs newsletter Round 309 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak […] | Ransomware Malware | ||
|
2021-04-07 22:04:37 | New Cring ransomware deployed targeting unpatched Fortinet VPN devices (lien direct) | Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Threat actors are actively exploiting the CVE-2018-13379 vulnerability in Fortinet VPNs to deploy a new piece of ransomware, tracked as Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom), to organizations in the industrial sector. […] | Ransomware Vulnerability Threat | ||
|
2021-04-05 13:27:31 | 33.4% of ICS computers hit by a cyber attack in H2 2020 (lien direct) | H2 2020 – Kaspersky observed an increase in ransomware attacks on industrial control system (ICS) systems in developed countries. Cybersecurity firm Kaspersky has published the Industrial Control System Threat Landscape report for H2 2020 which is based on statistical data collected by the distributed antivirus Kaspersky Security Network (KSN). The data analyzed by the experts were received […] | Ransomware Threat | ||
|
2021-04-04 11:54:37 | (Déjà vu) Clop Ransomware operators plunder US universities (lien direct) | Clop ransomware gang leaked online data stolen from Stanford Medicine, University of Maryland Baltimore, and the University of California. Clop ransomware operators have leaked the personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California.. Data were stolen by the ransomware gang by compromising the Accellion File […] | Ransomware | ||
|
2021-04-03 07:24:18 | Evolution and rise of the Avaddon Ransomware-as-a-Service (lien direct) | The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020. In August 2020, cybersecurity intelligence firm Kela was the first to report that […] | Ransomware Malware Threat | ||
|
2021-04-02 14:26:47 | Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools (lien direct) | Ransomware gang demanded a $40,000,000 ransom to the Broward County Public Schools district, Florida. It is just the last attack of a long string against the sector. Ransomware operators continue to target organizations worldwide and school districts particularly exposed to these malicious campaigns. Recently the Broward County Public Schools district announced that it was victim […] | Ransomware | ||
|
2021-03-29 19:56:31 | London-based academies Harris Federation hit by ransomware attack (lien direct) | Harris Federation, the multi-academy trust of 50 primary and secondary academies in and around London, was hit by a ransomware attack. A ransomware attack hit the IT systems of London-based nonprofit multi-academy trust Harris Federation on Saturday, March 27. Harris Federation is a multi-academy trust of 50 primary and secondary academies in and around London […] | Ransomware | ||
|
2021-03-29 08:32:59 | Ziggy ransomware admin announced it will refund victims who paid the ransom (lien direct) | Administrator of Ziggy ransomware recently announced the end of the operation, and now is promising that its victims will have back their money. In an unusual move, the administrator of Ziggy ransomware after the announcement of the end of the operation now is promising that they will give back their money. Ziggy ransomware ceased the […] | Ransomware | ||
|
2021-03-27 20:43:09 | Clop Ransomware gang now contacts victims\' customers to force victims into pay a ransom (lien direct) | Clop ransomware operators now email victim’s customers and ask them to demand a ransom payment to protect their privacy to force victims into paying the ransom. Clop ransomware operators are switching to a new tactic to force victims into paying the ransom by emailing their customers and asking them to demand a ransom payment to […] | Ransomware | ||
|
2021-03-26 18:37:31 | Hades ransomware gang targets big organizations in the US (lien direct) | Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an analysis of the latest campaign conducted by financially motivated threat group Hades which have been operating since at least December 2020. Experts discovered that threat actors targeted […] | Ransomware Threat | ||
|
2021-03-26 08:17:18 | FBI published a flash alert on Mamba Ransomware attacks (lien direct) | The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives. […] | Ransomware Tool | ||
|
2021-03-24 13:37:27 | Black Kingdom ransomware is targeting Microsoft Exchange servers (lien direct) | Security experts reported that a second ransomware gang, named Black Kingdom, is targeting Microsoft Exchange servers. After the public disclosure of ProxyLogon vulnerabilities, multiple threat actors started targeting vulnerable Microsoft Exchange servers exposed online. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. Last crew […] | Ransomware Threat | ||
|
2021-03-23 19:09:33 | Sierra Wireless halted production at its manufacturing sites due to ransomware attack (lien direct) | This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production. Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. The company sells mobile computing and machine-to-machine (M2M) communications products that work over cellular […] | Ransomware | ||
|
2021-03-20 15:01:53 | REvil ransomware gang hacked Acer and is demanding a $50 million ransom (lien direct) | Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom. Taiwanese computer giant Acer was victim of the REvil ransomware attack, the gang is demanding the payment of a $50,000,000 ransom, the largest one to date. Acer is the world’s 6th-largest PC vendor by unit sales as of […] | Ransomware | ||
|
2021-03-17 12:01:31 | (Déjà vu) FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK (lien direct) | The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. In March 2020, CERT France cyber-security […] | Ransomware | ||
|
2021-03-15 08:54:11 | NCSC is not aware of ransomware attacks compromising UK orgs through Microsoft Exchange bugs (lien direct) | The UK’s National Cyber Security Centre (NCSC) urges UK organizations to install the patches for the recently disclosed vulnerabilities in Microsoft Exchange. The UK’s National Cyber Security Centre is urging UK organizations to install security patches for their Microsoft Exchange installs. The UK agency revealed to have helped UK organisations to secure their installs, around […] | Ransomware | ||
|
2021-03-14 13:36:46 | Security Affairs newsletter Round 305 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange REvil Ransomware gang uses DDoS attacks and voice […] | Ransomware | ||
|
2021-03-13 10:13:04 | New variant for Mac Malware XCSSET compiled for M1 Chips (lien direct) | Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware […] | Ransomware Malware | ||
|
2021-03-09 21:45:56 | Another French hospital hit by a ransomware attack (lien direct) | A ransomware attack hit the Oloron-Sainte-Marie hospital in southwest France, it is the third such attack in the last month. A ransomware attack paralyzed the systems at the Oloron-Sainte-Marie hospital in southwest France. The incident took place on Monday, the ransomware gang is demanding the payment of a ransom of $50,000 worth of Bitcoin. The […] | Ransomware | ||
|
2021-03-07 09:48:53 | REvil Ransomware gang uses DDoS attacks and voice calls to make pressure on the victims (lien direct) | The REvil ransomware operators are using DDoS attacks and voice calls to journalists and victim’s business partners to force victims to pay the ransom. The REvil/Sodinokibi ransomware operators announced that they are using DDoS attacks and voice calls to victim’s business partners and journalists to force the victims into pay the ransom. The announcement shows […] | Ransomware | ||
|
2021-03-05 11:03:13 | Managed Services provider CompuCom by Darkside ransomware (lien direct) | US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its operations, experts believe it was a ransomware attack. US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its services and some of its operations. Even if the company initially did not provide technical details about […] | Ransomware | ||
|
2021-03-04 11:52:48 | Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150% (lien direct) | Group-IB published a report titled “Ransomware Uncovered 2020-2021”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware Uncovered 2020-2021”. The research dives deep into the global ransomware outbreak in 2020 and analyzes major players' TTPs (tactics, techniques, and procedures). By […] | Ransomware Threat | ||
|
2021-03-03 23:14:44 | Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys (lien direct) | Cybersecurity firm Qualys seems to have suffered a data breach, threat actors allegedly exploited zero-day flaw in their Accellion FTA server. Cybersecurity firm Qualys is the latest victim of a cyber attack, the company was likely hacked by threat actors that exploited a zero-day vulnerability in their Accellion FTA server. A couple of weeks ago, security experts […] | Ransomware Vulnerability Threat | ||
|
2021-03-02 08:37:23 | Distributor of Asian food JFC International hit by Ransomware (lien direct) | JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware attack. The ransomware attack only impacted JFC International's Europe Group, the malware caused the disruption of some of its IT […] | Ransomware Malware | ||
|
2021-03-01 22:15:13 | Gootkit delivery platform Gootloader used to deliver additional payloads (lien direct) | The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. Experts from Sophos documented the evolution of the “Gootloader,” the framework used for delivering the Gootkit RAT banking Trojan. The framework was improved to deploy a wider range of malware, including ransomware payloads. “In recent years, almost […] | Ransomware | ||
|
2021-02-27 17:18:41 | (Déjà vu) Hotarus Corp gang hacked Ecuador\'s Ministry of Finance and Banco Pichincha (lien direct) | ‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. A cybercrime group called ‘Hotarus Corp’ has breached the Ecuador’s largest private bank, Banco Pichincha, and the local Ministry of Finance (the Ministerio de Economía y Finanzas de Ecuador). The group claims to have also stolen data from […] | Ransomware | ||
|
2021-02-26 23:16:23 | New Ryuk ransomware implements self-spreading capabilities (lien direct) | French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute […] | Ransomware | ||
|
2021-02-26 09:06:50 | Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack (lien direct) | Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang. On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) […] | Ransomware | ||
|
2021-02-24 08:48:26 | Airplane manufacturer Bombardier has disclosed a security breach, data leaked online (lien direct) | Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day […] | Ransomware | ||
|
2021-02-15 09:23:52 | French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine (lien direct) | An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the Egregor RaaS. Some affiliated with the Egregor RaaS, not the main ransomware gang, have been arrested as a result of a joint operation conducted by law enforcement in Ukraine and France. Authorities did not reveal […] | Ransomware Guideline | ||
|
2021-02-11 22:50:56 | Avaddon ransomware decryptor released, but operators quickly reacted (lien direct) | An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Yuste is a student at […] | Ransomware Malware Tool |
To see everything:
Our RSS (filtrered)
