What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-14 11:59:48 | Ransomware Attacks are Evolving: What You Need to Know (lien direct) |
One look at all the ransomware attacks from the past few years, and it's clear that crypto-malware actors are attempting to maximize their financial gain. We've observed these threat groups using multiple techniques to profit even more off their victims than in years past. Here are a few tactics that stood out to us.
|
Ransomware Threat | ||
|
2021-06-08 18:47:33 | Webinar: Live Ransomware Attack Simulation (lien direct) |
If you're concerned about ransomware, whether it's beating REvil or DarkSide, stopping data exfiltration, or preventing the latest trend of double extortion, this session is for you!
Join us for a live ransomware attack simulation, where we'll discuss the latest attack trends, walk through a multi-stage ransomware attack. |
Ransomware | ||
|
2021-06-02 18:46:55 | Cybereason vs. REvil Ransomware (lien direct) |
According to reports, meatpacking giant JBS was hit with a serious attack reportedly involving REvil ransomware, shutting down a good portion of the company's production capabilities and threatening to create supply chain disruptions and sharp cost of goods increases. |
Ransomware | ||
|
2021-06-01 12:51:20 | The Line in the Sand: How We Respond Today Impacts Our Security Tomorrow (lien direct) |
In the past few months, we've faced massive attacks with SolarWinds and the HAFNIUM attacks targeting Microsoft Exchange, followed by the unprecedented ransomware attack by DarkSide that crippled US critical infrastructure. It is time to ask ourselves again, what is really going on? More importantly, the time has come for the United States government to do some soul searching on why defenses have failed and how we can prevent similar attacks in the future. |
Ransomware | ||
|
2021-05-26 12:52:12 | Ransomware Trends: Six Notable Ransomware Attacks from 2021 (lien direct) |
The security community witnessed triple-digit growth in the number of publicly disclosed ransomware incidents in 2020. As noted in a previous blog post on Five Things You Need to Know About Ransomware Attacks, ransomware attacks grew 715% in H1 2020 compared to the first half of the previous year. Ransomware incidents for 2020 overall increased by more than 150%. |
Ransomware | ||
|
2021-05-24 20:59:01 | Record Setting $40M Ransom Paid to Attackers (lien direct) |
CNA, one of the largest U.S. commercial and casualty insurance companies, reportedly met a $40 million ransom demand after suffering a ransomware infection earlier in the year. As of this writing, that's the largest ransom demand ever reported to have been paid by a company following a ransomware attack. |
Ransomware | ||
|
2021-05-17 13:48:43 | DarkSide Gang and the New Golden Age of Piracy (lien direct) |
Late on Friday May 7, 2021, Colonial Pipeline, the company that runs the largest gasoline pipeline in the US, shut down operations following a ransomware attack on their systems. It later emerged that a relatively new ransomware-as-a-service criminal organization known as DarkSide was behind the attack - but there was a twist. |
Ransomware | ||
|
2021-05-14 20:21:22 | Solving the Ransomware Crisis (lien direct) |
Ransomware attacks are trivial to execute and there is little, if any, risk and no penalties for the attackers. As a victim, there are no good choices once an organization is hit by ransomware. You can ignore the ransom demand and restore your data from backups and take your chances with the risk of data exposure. At the same time, the reality is that it doesn't pay to pay--it is not a guarantee that you will get all of the data back in a usable state.
In addition, when you pay the ransom you are essentially funding these criminals who are acting as terrorists. The chances are that you are funding additional research and development of the next exploit or ransomware variant, so paying the ransom just makes the problem bigger.
Organizations that pay the ransom also risk putting a bullseye on their backs-making themselves attractive targets for future ransomware attacks because they have established that they're willing to pay. The only good option is to avoid having your data stolen or encrypted in the first place, which is why it needs to be a global priority to solve this crisis. |
Ransomware | ||
|
2021-05-11 22:19:35 | Webinar: Cybereason vs. DarkSide Ransomware (lien direct) |
Colonial Pipeline was recently the victim of a devastating attack that shut down U.S. operations across the East Coast, threatening an already tenuous economic recovery effort. This attack against critical infrastructure by the DarkSide Ransomware gang highlights the urgent need for better ransomware prevention, detection and response. |
Ransomware | ||
|
2021-05-10 19:57:09 | Inside the DarkSide Ransomware Attack on Colonial Pipeline (lien direct) |
On May 8, the Colonial Pipeline Company announced that it had fallen victim to a ransomware attack a day earlier. The pipeline operations include transporting 100 million gallons of fuel daily to meet the needs of consumers across the entire eastern seaboard of the U.S. from Texas to New York, according to the website of the refined products pipeline company. |
Ransomware | ||
|
2021-05-05 13:10:23 | Three Keys to a Reliable Ransomware Defense Strategy (lien direct) |
As we noted in a previous blog post, ransomware attacks are becoming more frequent and more costly. Reports reveal that there were 304 million ransomware attacks in 2020 - 62% more than the total number of ransomware attacks for 2019. The estimated cost of those incidents increased from $11.5 billion to $20 billion during that same time period. Average ransom costs also rose from $5,900 to $8,100 between those two years, with associated downtime losses growing from $141,000 to $283,000. |
Ransomware | ||
|
2021-04-28 12:59:38 | Five Things You Need to Know About Ransomware Attacks (lien direct) |
The digital threat landscape as a whole is constantly changing and evolving. That can make it difficult to keep track of new developments for specific threats like ransomware. Don't worry though, Cybereason has got you covered. |
Ransomware Threat | ||
|
2021-04-27 14:52:51 | Cybereason vs. Avaddon Ransomware (lien direct) |
Over the last few months, the Cybereason Nocturnus Team has been tracking the activity of the Avaddon Ransomware. It has been active since June 2020 and is operating with the Ransomware-as-a-Service (RaaS) and double extortion models, targeting sectors such as healthcare. Avaddon is distributed via malspam campaigns, where the victim is being lured to download the malware loader. |
Ransomware Malware | ||
|
2021-04-22 13:03:55 | Sodinokibi Ransomware Gang Extorts Apple Through Supply Chain Attack (lien direct) |
The Sodinokibi ransomware gang is trying to extort Apple following an attack against one of the tech giant's business partners. According to Bloomberg News, someone using the moniker “Unknown” announced on April 18 that the Sodinokibi/REvil gang was about to disclose their “largest attack ever.” |
Ransomware | ||
|
2021-04-19 13:25:54 | Ransomware Decoded: Preventing Modern Ransomware Attacks (lien direct) |
Many types of malware silently persist on the network, move laterally, communicate with their C2, or obfuscate their behaviors to prevent detection. In contrast to this, traditional ransomware was all about coming in with a big splash and causing immediate damage. |
Ransomware Malware | ||
|
2021-04-14 13:01:39 | Rise of Double-Extortion Shines Spotlight on Ransomware Prevention (lien direct) |
Double extortion is a tactic employed by some ransomware gangs. It begins when a crypto-malware strain steals information stored on a victim's machine before launching its encryption routine. |
Ransomware | ||
|
2021-04-05 17:01:42 | Ransomware Defense: Three Implementations Every Security Team Needs (lien direct) |
Few will be shocked to hear that ransomware attacks are continuing to accelerate at a torrid pace - but the more concerning trend is the effectiveness of ransomware at creating chaos and paralyzing business operations. |
Ransomware | ||
|
2021-04-01 14:02:27 | Cybereason vs. DarkSide Ransomware (lien direct) |
DarkSide is a relatively new ransomware strain that made its first appearance in August 2020. DarkSide follows the RaaS (ransomware-as-a-service) model, and, according to Hack Forums, the DarkSide team recently made an announcement that DarkSide 2.0 has been released. According to the group, it is equipped with the fastest encryption speed on the market, and even includes Windows and Linux versions. |
Ransomware Hack | ||
|
2021-03-30 17:26:15 | DearCry Ransomware and the HAFNIUM Attacks – What You Need to Know (lien direct) |
The widespread HAFNIUM attacks were just the beginning of the problems stemming from multiple vulnerabilities in Microsoft's Exchange offering that were recently disclosed. According to Bleeping Computer, users began submitting new ransomware attack reports to the ID-Ransomware identification site on March 9 that site creator Michael Gillespie later determined had likely originated on Microsoft Exchange servers. |
Ransomware | ||
|
2021-03-23 16:54:20 | Sodinokibi/REvil Ransomware Gang Hit Acer with $50M Ransom Demand (lien direct) |
The Sodinokibi/REvil ransomware gang has reportedly infected Taiwanese multinational electronics corporation Acer and demanded a ransom of $50 million. Those responsible for the Sodinokibi ransomware strain announced on their data leaks website that they had breached the computer giant. |
Ransomware | ||
|
2021-03-12 16:31:30 | Webinar: The State of Ransomware (lien direct) |
Ransomware continues to evolve and despite what many in the industry had thought was a lull in the use of ransomware by cyber criminals; it hasn't gone away and has returned with a vengeance. |
Ransomware | ||
|
2021-02-19 13:40:58 | Kia Motors America: Ransomware Not Behind Extended Systems Outage (lien direct) |
Kia Motors America stated that a ransomware attack was not the apparent cause of an extended systems outage affecting the automobile dealer's IT systems. It all started with an error message… |
Ransomware | ||
|
2021-02-16 13:00:00 | Cybereason vs. NetWalker Ransomware (lien direct) |
The NetWalker ransomware has been one of the most notorious ransomware families over the course of the past year, targeting organizations in the US and Europe including several healthcare organizations, despite several known threat actors publicly claiming to abstain from targeting such organizations due to COVID-19. |
Ransomware Threat | ||
|
2021-02-08 18:47:37 | Extortionists Publish Data Stolen from Two Healthcare Service Providers (lien direct) |
An attacker group published information stolen from two healthcare service providers in a reported attempt to extort them for money. On February 5, NBC News reported that a well-known ransomware group had published tens of thousands of files to a data leaks website on the dark web. Among those files were scanned diagnostic results, letters to health insurers and a folder containing background checks on employees. |
Ransomware | ||
|
2021-01-26 14:00:00 | (Déjà vu) Cybereason vs. RansomEXX Ransomware (lien direct) |
Research by: Daniel Frank |
Ransomware | ||
|
2021-01-12 14:03:32 | (Déjà vu) Cybereason vs. Conti Ransomware (lien direct) |
Research by: Lior Rochberger |
Ransomware | ||
|
2021-01-11 21:35:00 | Cybereason and Intel Introduce Hardware-Enabled Ransomware Protections for Businesses (lien direct) |
Ransomware can literally put organizations and lives at risk, as witnessed in 2020 with the continuous onslaught of attacks against the healthcare industry, research organizations working on COVID-19 vaccines, telecommunication centers, financial institutions, the public sector and companies across every industry vertical. |
Ransomware | ||
|
2020-12-23 14:00:00 | Cybereason vs. Clop Ransomware (lien direct) |
Research by: Daniel Frank |
Ransomware | ||
|
2020-12-10 16:00:31 | Cybereason vs. Ryuk Ransomware (lien direct) |
Ryuk ransomware has been infecting victims since around 2018, and is believed to be based on the source code of Hermes ransomware, which was sold on an internet hacking forum back in 2017. Since its inception, Ryuk has been used to target large organizations to great effect, having accumulated as much as $61.26 million (as of Feb 2020) in ransom payments according to federal investigations. |
Ransomware | ||
|
2020-11-26 01:51:59 | Cybereason vs. Egregor Ransomware (lien direct) |
Research by: Lior Rochberger |
Ransomware | ||
|
2020-11-19 16:19:51 | Cybereason vs. MedusaLocker Ransomware (lien direct) |
Research by: Tom Fakterman and Assaf Dahan |
Ransomware | ||
|
2020-10-30 19:55:19 | Law Enforcement Warns of Imminent Ransomware Threat to U.S. Hospitals (lien direct) |
On October 29, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) published a joint alert with the Federal Bureau of Investigations (FBI) and the Department of Health and Human Services (HHS). In it, the organizations claimed to “have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” CISA, the FBI and HHS attributed the threat to the digital criminal enterprise behind TrickBot, malware which is capable of targeting victims with ransomware. |
Ransomware Malware Threat | ||
|
2020-10-30 10:54:33 | Ryuk Ransomware: Mitigation and Defense Action Items (lien direct) |
The FBI, DHS, and HHS are warning of imminent Ryuk ransomware attacks targeting hospitals in the US. The story is being covered broadly by the industry media, including Krebs and various media outlets. |
Ransomware | ||
|
2020-09-24 18:56:25 | German Ransomware Attack: A Rallying Cry for Bullish Diligence (lien direct) |
According to recent reports, a woman in Germany died after a ransomware attack against a hospital system forced her to be rerouted to a more remote facility, delaying critical treatment by an hour. This event is undoubtedly a tragedy for the woman, her family, for Germany, and for the security community. |
Ransomware | ||
|
2020-07-06 19:13:11 | What Modern Ransomware Looks Like (lien direct) |
Over the past year, we have seen many different types of ransomware attacks evolving, especially evolving into multistage ransomware that not only ransoms data, but also exfiltrates as much data as possible. Below is a brief overview of three of the most common modern ransomware attacks we are seeing today. |
Ransomware | ||
|
2020-06-30 16:27:31 | Ransomware: Weapons of Mass Disruption (lien direct) |
May 12th 2020 marked the 3 year anniversary of the WannaCry ransomware attack. Estimated to have affected hundreds of thousands of endpoints across 150 countries all around the world, the total damages as a result of the WannaCry attack have reached up to 4 billion USD, according to some accounts. |
Ransomware | Wannacry | |
|
2020-06-24 16:18:05 | How to Design a Prevention Stack to Stop Ransomware (lien direct) |
Today, any random Google search for “ransomware attack” will result in a new story of an organization impacted by ransomware, and usually not for the first time. Ransomware attacks are an efficient and effective weapon for criminals who want to harm any business through crucial data loss, damaged productivity, and injured brand reputation. These attacks often have a big price tag attached to them, a combination of the business paying the ransom and the actual downtime the business suffers because of the attack. |
Ransomware | ||
|
2020-06-11 04:15:00 | Cybereason\'s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert (lien direct) |
Introduction
Earlier this year, Cybereason launched its latest honeypot to analyze the tactics, techniques, and procedures used by state-sponsored groups and cyber crime actors to target critical infrastructure providers. This honeypot was a follow up to a previous successful honeypot launched two years ago in 2018 looking at the same industry. The honeypot was built to look like an electricity company with operations in North America and Europe.
In this new research, the Cybereason team identified multiple attackers executing ransomware operations involving data theft, the stealing of user credentials, and lateral movement across the victims network to compromise as many endpoints as possible. This includes critical assets like the domain controllers, which could take between several minutes to several hours to properly infiltrate.
Ransomware capabilities were deployed early on in the hacking operation, but it was not immediately detonated. The ransomware was designed to detonate only after preliminary stages of the attack finished across all compromised endpoints in order to achieve maximum impact on the victim.
This operational attack pattern attempts to impact as many victim assets as possible, representing a higher risk to organizations compared to ransomware attacks that impact the single machine they initially access. However, this operational pattern also represents an opportunity for defenders with a rapid detection and response process to detect the attack at its early stages and respond effectively before ransomware is able to impact the environment.
Given the results of this research, we conclude that multistage ransomware attacks on critical infrastructure providers are increasingly dangerous and more prevalent.
Check out a condensed, high level version of this report on our threat alerts page.
Background
We live in a world of insecurity where hackers have the advantage over the vast majority of enterprises trying to protect their computer networks. No where is that more evident than with critical infrastructure providers, who are facing a constant barrage of cyberattacks from motivated and oftentimes well-funded groups of cybercriminals and state-sponsored actors. |
Ransomware |
To see everything:
Our RSS (filtrered)
