What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-08 21:38:08 | U.S. Charges Ukrainian Hacker for Kaseya Attack; Seizes $6 Million from REvil Gang (lien direct) | The U.S. government on Monday charged a Ukrainian suspect, arrested in Poland last month, with deploying REvil ransomware to target multiple businesses and government entities in the country, including perpetrating the attack against software company Kaseya, marking the latest action to crack down on the cybercrime group and curb further attacks.
According to unsealed court documents, |
Ransomware | ||
|
2021-11-08 19:41:04 | Suspected REvil Ransomware Affiliates Arrested in Global Takedown (lien direct) | Romanian law enforcement authorities have announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, dealing a severe blow to one of the most prolific cybercrime gangs in history.
The suspects are believed to have orchestrated more than 5,000 ransomware attacks and extorted close to $600,000 from victims, according to Europol. The arrests, which |
Ransomware | ||
|
2021-11-08 06:10:37 | BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups (lien direct) | A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns.
BlackBerry's research and intelligence team dubbed the entity "Zebra2104," with the group responsible for offering a means of a digital approach to ransomware syndicates |
Ransomware Threat | ||
|
2021-11-05 02:36:51 | U.S. Offers $10 Million Reward for Information on DarkSide Ransomware Group (lien direct) | The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands.
On top of that, the State Department is offering bounties of up to $5 million for intel and tip-offs that could result in the arrest and/or conviction in any country |
Ransomware Guideline | ||
|
2021-11-03 08:24:34 | BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released (lien direct) | An analysis of new samples of BlackMatter ransomware for Windows and Linux has revealed the extent to which the operators have continually added new features and encryption capabilities in successive iterations over a three-month period.
No fewer than 10 Windows and two Linux versions of the ransomware have been observed in the wild to date, Group-IB threat researcher Andrei Zhdanov said in a |
Ransomware Threat | ||
|
2021-10-30 11:28:44 | Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide (lien direct) | 12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups.
The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting in the seizure of cash |
Ransomware | ||
|
2021-10-28 00:05:43 | Malicious NPM Libraries Caught Installing Password Stealer and Ransomware (lien direct) | Malicious actors have yet again published two more typosquatted libraries to the official NPM repository that mimic a legitimate package from Roblox, the game company, with the goal of distributing stealing credentials, installing remote access trojans, and infecting the compromised systems with ransomware.
The bogus packages - named "noblox.js-proxy" and "noblox.js-proxies" - were found to |
Ransomware | ||
|
2021-10-25 01:19:44 | Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware (lien direct) | Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems.
CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully |
Ransomware Vulnerability Threat | ||
|
2021-10-23 01:49:01 | Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline (lien direct) | The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem.
The takedown was first reported by Reuters, quoting multiple private-sector cyber experts working with the |
Ransomware | ||
|
2021-10-22 06:46:50 | Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks (lien direct) | The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme.
"With FIN7's latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity |
Ransomware Guideline | ||
|
2021-10-18 01:21:01 | Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting (lien direct) | Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences."
"From malign operations against local health providers that endanger patient care, to |
Ransomware Threat | ||
|
2021-10-18 00:17:42 | REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised (lien direct) | REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus.
The development, first spotted by Recorded Future's Dmitry Smilyanets, comes after a member affiliated with the REvil operation posted on the XSS hacking |
Ransomware | ||
|
2021-10-15 07:40:55 | Attackers Behind Trickbot Expanding Malware Distribution Channels (lien direct) | The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak), |
Ransomware Malware Threat Guideline | ||
|
2021-10-15 07:10:54 | CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems (lien direct) | The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021.
"This activity-which includes attempts to compromise system integrity via unauthorized access-threatens the ability of WWS facilities to provide |
Ransomware | ||
|
2021-10-14 07:48:00 | VirusTotal Releases Ransomware Report Based on Analysis of 80 Million Samples (lien direct) | As many as 130 different ransomware families have been found to be active in 2020 and the first half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most affected territories, a comprehensive analysis of 80 million ransomware-related samples has revealed.
Google's cybersecurity arm VirusTotal attributed a |
Ransomware | ||
|
2021-10-08 06:41:27 | Ransomware Group FIN12 Aggressively Going After Healthcare Targets (lien direct) | An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks.
Cybersecurity firm Mandiant attributed the intrusions to a |
Ransomware Threat | ||
|
2021-10-05 00:36:08 | Ransomware Hackers Who Attacked Over 100 Companies Arrested in Ukraine (lien direct) | Law enforcement agencies have announced the arrest of two "prolific ransomware operators" in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents.
The joint exercise was undertaken on September 28 by officials from the French National |
Ransomware | ||
|
2021-09-21 23:16:44 | US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs (lien direct) | The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies.
"Virtual currency exchanges such as |
Ransomware | ||
|
2021-09-21 06:00:03 | Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug (lien direct) | Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack.
The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a |
Ransomware Threat | ||
|
2021-09-09 02:57:24 | Russian Ransomware Group REvil Back Online After 2-Month Hiatus (lien direct) | The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.
Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, |
Ransomware | ||
|
2021-08-28 09:37:18 | LockFile Ransomware Bypasses Protection Using Intermittent File Encryption (lien direct) | A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption."
Called LockFile, the operators of the ransomware has been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only |
Ransomware Malware | ||
|
2021-08-24 04:10:57 | Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc (lien direct) | Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims.
"While the ransomware crisis appears poised to get worse |
Ransomware Threat | ||
|
2021-08-22 02:51:51 | Microsoft Exchange Under Attack With ProxyShell Flaws; Over 1900 Servers Hacked! (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems.
Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL |
Ransomware | ||
|
2021-08-20 03:38:09 | Cybercrime Group Asking Insiders for Help in Planting Ransomware (lien direct) | A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the |
Ransomware Threat | ||
|
2021-08-19 03:30:47 | Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang (lien direct) | Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate.
The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer |
Ransomware Malware Threat | ||
|
2021-08-13 05:54:59 | Why Is There A Surge In Ransomware Attacks? (lien direct) | The U.S. is presently combating two pandemics--coronavirus and ransomware attacks. Both have partially shut down parts of the economy. However, in the case of cybersecurity, lax security measures allow hackers to have an easy way to rake in millions.
It's pretty simple for hackers to gain financially, using malicious software to access and encrypt data and hold it hostage until the victim pays |
Ransomware | ||
|
2021-08-13 01:32:51 | Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities (lien direct) | Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.
"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will |
Ransomware Vulnerability Threat | ||
|
2021-08-12 00:26:50 | IT Giant Accenture Hit by LockBit Ransomware; Hackers Threaten to Leak Data (lien direct) | Global IT consultancy giant Accenture has become the latest company to be hit by the LockBit ransomware gang, according to a post made by the operators on their dark web portal, likely filling a void left in the wake of DarkSide and REvil shutdown.
"These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider," read a message posted on |
Ransomware | ||
|
2021-07-29 23:13:31 | Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers (lien direct) | An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems.
The attacks - dubbed "BazaCall" - eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are |
Ransomware Malware | ||
|
2021-07-29 03:09:56 | New Ransomware Gangs - Haron and BlackMatter - Emerge on Cybercrime Forums (lien direct) | Two new ransomware-as-service (RaaS) programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil, the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months.
"The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," the |
Ransomware Threat | ||
|
2021-07-22 21:40:56 | Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims (lien direct) | Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data.
"On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the |
Ransomware | ||
|
2021-07-15 03:21:33 | Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances (lien direct) | Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being |
Ransomware | ||
|
2021-07-14 04:01:50 | REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks (lien direct) | REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down.
Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, and payment portals, remained |
Ransomware Guideline | ||
|
2021-07-11 21:37:09 | Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack (lien direct) | Florida-based software vendor Kaseya on Sunday rolled out software updates to address critical security vulnerabilities in its Virtual System Administrator (VSA) software that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack.
Following the incident, the company had urged on-premise VSA customers to shut |
Ransomware | ||
|
2021-07-06 00:03:08 | Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly (lien direct) | U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware.
While initial reports raised speculations that the ransomware gang might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious |
Ransomware | ||
|
2021-07-05 02:48:45 | TrickBot Botnet Found Deploying A New Ransomware Called Diavol (lien direct) | Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named "Diavol," according to the latest research.
Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this month, researchers from Fortinet's FortiGuard Labs said last week.
TrickBot, a banking Trojan first |
Ransomware Threat | ||
|
2021-07-04 22:22:23 | REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom (lien direct) | Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack.
The Dutch Institute for Vulnerability Disclosure (DIVD) on Sunday revealed it had alerted Kaseya to a number of zero-day vulnerabilities |
Ransomware Vulnerability | ||
|
2021-07-03 01:00:30 | Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware (lien direct) | The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack.
"Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA |
Ransomware Threat | ||
|
2021-07-01 02:14:34 | 3 Steps to Strengthen Your Ransomware Defenses (lien direct) | The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines.
For the industry experts who track the evolution of this threat, the increased frequency, sophistication, and destructiveness of ransomware |
Ransomware | ||
|
2021-06-30 05:56:11 | [Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web (lien direct) | Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems.
Today, there are hundreds of groups devoted to infiltrating almost every industry, |
Ransomware Spam | ||
|
2021-06-28 00:02:48 | DMARC: The First Line of Defense Against Ransomware (lien direct) | There has been a lot of buzz in the industry about ransomware lately. Almost every other day, it's making headlines. With businesses across the globe holding their breath, scared they might fall victim to the next major ransomware attack, it is now time to take action.
The FBI IC3 report of 2020 classified Ransomware as the most financially damaging cybercrime of the year, with no major |
Ransomware | ||
|
2021-06-24 23:58:15 | Clop Gang Partners Laundered $500 Million in Ransomware Payments (lien direct) | The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities.
"The group - also known as FANCYCAT - has been running multiple criminal activities: distributing cyber attacks; operating a |
Ransomware | ||
|
2021-06-23 02:33:00 | [Whitepaper] Automate Your Security with Cynet to Protect from Ransomware (lien direct) | It seems like every new day brings with it a new ransomware news item – new attacks, methods, horror stories, and data being leaked.
Ransomware attacks are on the rise, and they've become a major issue for organizations across industries. A recent report estimated that by 2031, ransomware attacks would cost the world over $260 billion.
A new whitepaper from XDR provider Cynet demonstrates how |
Ransomware | ||
|
2021-06-22 03:02:28 | Wormable DarkRadiation Ransomware Targets Linux and Docker Instances (lien direct) | Cybersecurity researchers have disclosed a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications.
"The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from Trend Micro said in |
Ransomware | ||
|
2021-06-21 07:17:48 | 5 Critical Steps to Recovering From a Ransomware Attack (lien direct) | Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities.
A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Venture predicts that a ransomware attack will occur every 11 seconds in 2021.
Businesses must prepare for the possibility of a ransomware attack affecting their |
Ransomware Tool | ||
|
2021-06-16 07:44:16 | Ukraine Police Arrest Cyber Criminals Behind Clop Ransomware Attacks (lien direct) | Ukrainian law enforcement officials on Wednesday announced the arrest of the Clop ransomware gang, adding it disrupted the infrastructure employed in attacks targeting victims worldwide since at least 2019.
As part of a joint operation between the National Police of Ukraine and authorities from the Republic of Korea and the U.S., six defendants have been accused of running a double extortion |
Ransomware | ||
|
2021-06-16 02:14:53 | Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets (lien direct) | As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets.
"Ransomware operators often buy access from independent cybercriminal groups who infiltrate major |
Ransomware Hack Threat | ||
|
2021-06-15 06:05:51 | Experts Shed Light On Distinctive Tactics Used by Hades Ransomware (lien direct) | Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER.
"In many ways, the GOLD WINTER threat group is a typical post-intrusion ransomware threat group that pursues high-value targets to |
Ransomware Threat | ||
|
2021-06-10 03:51:05 | Emerging Ransomware Targets Dozens of Businesses Worldwide (lien direct) | An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational, riding on the coattails of a notorious ransomware syndicate.
First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organizations in the Middle |
Ransomware Threat | ||
|
2021-06-09 22:46:05 | Beef Supplier JBS Paid Hackers $11 Million Ransom After Cyberattack (lien direct) | Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month.
"In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated," |
Ransomware |
To see everything:
Our RSS (filtrered)
