Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption 102

Encryption Ransomware Financial Services Manufacturing 102

Security Affairs

SEPTEMBER 19, 2022

In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware. The discovery of the recent attacks is important because on November 6th, 2021, TeamTNT communicated via Twitter a farewell note. ” reads the analysis published by AquaSec. be on IP 93[.]95[.]229[.]203).”

Encryption 94

Encryption Honeypots Mining Communications 94

eSecurity Planet

SEPTEMBER 10, 2021

CloudPassage’s 2021 AWS Cloud Security Report found that misconfiguration of cloud platforms (71 percent), exfiltration of sensitive data (59 percent), and insecure APIs (54 percent) are the top cloud security threats facing cybersecurity professionals. Does the provider encrypt data while in transit and at rest?

Cloud 105

Cloud Security Encryption Risk 105

Thales Cloud Protection & Licensing

NOVEMBER 11, 2021

Don't Encrypt Everything; Protect Intelligently. Thu, 11/11/2021 - 09:30. And though you likely cannot calculate exactly how much data your organization holds; you know it is going to be a big and costly problem to “Encrypt Everything.”. Encrypting everything is time intensive because of explosive data growth.

Encryption 71

Encryption Unstructured data Risk Cloud 71

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. ” continues the report.

Government 85

Government Access Libraries Education 85

Security Affairs

AUGUST 18, 2021

Researchers conducted a new analysis of the Diavol ransomware and found new evidence of the link with the gang behind the TrickBot botnet. reads the analysis published by Fortinet. The sample analyzed by IBM X-Force was submitted to Virus Total on January 27, 2021 and has a reported compilation date of March 5, 2020.

Ransomware 99

Ransomware Encryption Communications Security 99

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” Forensic Analysis.

Ransomware 97

Ransomware Encryption Insurance Cloud 97

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. in) used by the attackers. Pierluigi Paganini.

Encryption 126

Encryption Authentication Access IT 126

eSecurity Planet

JUNE 24, 2021

The increasing mobility of data, as it ping-pongs between clouds, data centers and the edge, has made it an easier target of cybercrime groups, which has put a premium on the encryption of that data in recent years. Since then, interest in fully homomorphic encryption (FHE) has increased, largely paralleling the rise of cloud computing.

Encryption 86

Encryption Cloud Libraries Privacy 86

IT Governance

JANUARY 10, 2022

For many, 2021 was a year to forget. You can read more about that attack, along with the year’s other biggest stories, in our 2021 cyber security review of the year. 2021 got off to an inauspicious start when cyber security researchers reported a huge leak of Brazilian residents’ data. First came the Colonial Pipeline hack.

Security 115

Security Data breaches Ransomware Phishing 115

Security Affairs

OCTOBER 15, 2021

In all the attacks the ransomware encrypting files on the infected systems and in one of the security incidents threat actors compromised a system used to control the SCADA industrial equipment. In July 2021, cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer.

Ransomware 92

Ransomware Access Cybersecurity Encryption 92

The Last Watchdog

DECEMBER 2, 2021

As we’ve seen with major attacks like Kaseya and Colonial Pipeline, cybercriminals have continued to innovate, developing new tools and tactics to encrypt and exfiltrate data. Ransomware attacks have reached a record high this year, with nearly 250 attacks recorded to date and months to go. Related: Kaseya breach worsens supply chain worries.

Ransomware 224

Ransomware Cybersecurity Risk Encryption 224

Security Affairs

JULY 7, 2022

The attacks against Healthcare and Public Health (HPH) Sector organizations started in May 2021 and government experts observed multiple cases that involved the use of the Maui ransomware. The joint report refers to an industry analysis of a sample of Maui provided in Stairwell Threat Report: Maui Ransomware.

Ransomware 117

Ransomware Encryption Government Cybersecurity 117

Security Affairs

FEBRUARY 9, 2023

Experts spotted a new variant of ESXiArgs ransomware targeting VMware ESXi servers, authors have improved the encryption process, making it much harder to recover the encrypted virtual machines. The attack exploits a heap-overflow vulnerability in VMware ESXi and is tracked as CVE-2021-21974 which was patched in February 2021.

Ransomware 88

Ransomware Encryption IT Security 88

Security Affairs

SEPTEMBER 19, 2023

Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS. ” continues the report.

IT 98

IT Encryption Authentication Communications 98

eSecurity Planet

OCTOBER 8, 2021

With a multi-layered approach to endpoint protection, the ESET PROTECT Advanced solution fits small to medium-sized businesses and offers advanced EPP capabilities, full disk encryption , and an automated sandbox for dynamic threat analysis. Full Disk Encryption. Read more: 19 Best Encryption Software & Tools of 2021.

Encryption 117

Encryption Cloud MDM Cybersecurity 117

Security Affairs

SEPTEMBER 7, 2022

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. ” reads the analysis published by Unit 42.

Encryption 100

Encryption Passwords Security IT 100

Security Affairs

JANUARY 18, 2022

#Ransomware Hunt: "White Rabbit" with extension " scrypt", drops note for each encrypted file with "<filename> scrypt.txt" with victim-specific information: [link] "Follow the White Rabbit…" pic.twitter.com/lhzHi5t1KK — Michael Gillespie (@demonslay335) December 14, 2021.

Ransomware 133

Ransomware Encryption Passwords IT 133

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability ( CVE-2021-44228 ) to deliver the new Khonsari ransomware on Windows machines. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES. ” reads the analysis published by Bitdefender. 94/zambo/groenhuyzen.exe.

Ransomware 142

Ransomware Encryption Access Security 142

Security Affairs

JUNE 15, 2022

Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. “Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis. ” continues the post.

Encryption 66

Encryption Libraries Security Cybersecurity 66

Security Affairs

JUNE 30, 2022

The agency released an executable along with a user manual that provides step-by-step instructions to recover encrypted data for free. According to a report published by blockchain analytics company Chainalysis, the Hive ransomware is one of the top 10 ransomware strains by revenue in 2021.

Ransomware 105

Ransomware Cybersecurity Encryption Blockchain 105

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. “Based on the analysis, the Cyble research team found that Nucleus Software is the first victim of the BlackCocaine ransomware group.”

Ransomware 122

Ransomware Encryption File names Financial Services 122

Security Affairs

APRIL 1, 2024

Vultur was first spotted in late March 2021, it gains full visibility on victims’ devices via VNC (Virtual Network Computing) implementation taken from AlphaVNC. In July 2021, ThreatFabric researchers discovered the Android version of Vultur, which uses screen recording and keylogging to capture login credentials. .

Access 103

Access Encryption Communications Cloud 103

Security Affairs

NOVEMBER 5, 2021

The attacks spotted by Cisco Talos were carried out by a Babuk ransomware affiliate tracked as Tortilla that has been active since at least July 2021. 229 @58_158_177_102 @sugimu_sec pic.twitter.com/LcuNw88fOo — TG Soft (@VirITeXplorer) October 14, 2021. ” reads the analysis published by Talos.

Ransomware 121

Ransomware Encryption Access IT 121

Security Affairs

NOVEMBER 12, 2021

The attackers exploited a XNU privilege escalation vulnerability ( CVE-2021-30869 ) unpatched in macOS Catalina. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. ” reads the analysis published by Google.

Encryption 130

Encryption IT Security Information Security 130

Security Affairs

JULY 23, 2022

” In May 2021, threat actors infected the servers of the medical center in the District of Kansas. The Kansas hospital opted to pay approximately a $100,000 ransom in Bitcoin to receive a decryptor e recover the encrypted files. According to the analysis, the malware appears to be human-operated ransomware.

Ransomware 125

Ransomware Encryption Cybersecurity Government 125

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. ” reads the analysis published by Rising.AFR-6fyvilv #Sfile #Ransomware New Sample: 6E029B9B0A600CDC1E75A4F7228B332B pic.twitter.com/tB27dM8tjd — dnwls0719 (@fbgwls245) January 9, 2022. as the suffix name.

Ransomware 139

Ransomware Encryption Libraries Communications 139

Security Affairs

OCTOBER 19, 2021

Karma ransomware is a new threat that was first spotted in June of 2021, it is important to distinguish it from a different threat with the same name that is active since 2016. The analysis of the compilation dates of the samples suggests that the Karma ransomware is still under active development.

Ransomware 84

Ransomware Encryption IT Security 84

Security Affairs

OCTOBER 19, 2022

The REvil group was one of the most active ransomware gangs in the first half of 2021, in October 2021 the gang shut down its operations due to the pressure of law enforcement. The analysis of the decrypted REvil configuration revealed the use of the same JSON format, but the REvil configuration has more values than Ransom Cartel.

Ransomware 106

Ransomware Encryption Access IT 106

Security Affairs

MARCH 9, 2023

In an attack observed by the experts, the ransomware successfully encrypted a CentOS host running a vulnerable version of IBM Aspera Faspex file server software. The ransomware encrypts files and appends the “.ifire” IceFire doesn’t encrypt the files with “.sh” IceFire doesn’t encrypt the files with “.sh”

Ransomware 89

Ransomware Encryption Phishing IT 89

Security Affairs

JULY 15, 2022

RedAlert is human-operated ransomware, the ransomware uses NTRUEncrypt public key encryption algorithm for encryption. crypt[Random number] ” extension to the filenames of encrypted files. lilith” extension to the filenames of encrypted files. ” reads the analysis published by Cyble. log), swap files(.vswp),

Ransomware 121

Ransomware Encryption File names Risk 121

eSecurity Planet

OCTOBER 27, 2021

We here at eSecurity Planet have our own views and methodology on this much-debated issue, and present to you our reviews of the Best Antivirus Software of 2021. The company stopped only 63% of threats in last year’s MITRE testing in our analysis, but with a strong R&D team, Kaspersky will use that knowledge to keep improving.

Ransomware 97

Ransomware Marketing Mining Cybersecurity 97

Security Affairs

MAY 9, 2021

CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye’s Mandiant.

Ransomware 117

Ransomware Encryption Cybersecurity Risk 117

Security Affairs

JULY 4, 2021

” states the analysis published by Avast. Experts also discovered that tainted versions of the official MonPass client were distributed between February 8 and March 3, 2021. The analysis of the extracted code is a Cobalt Strike beacon. ” concludes the analysis. ” concludes the analysis.

Encryption 121

Encryption Security IT Cybersecurity 121

eSecurity Planet

DECEMBER 13, 2021

Germany-based G Data CyberDefense released software designed to trick the STOP ransomware variant into believing that a targeted system has already been compromised and keeping it from encrypting files after the device has been infected. But STOP ransomware will not encrypt files anymore if the system has the vaccine.”.

Ransomware 138

Ransomware Cybersecurity Encryption IT 138

Security Affairs

APRIL 27, 2023

The new variant of the encryptor targets Linux, NAS, and ESXi hosts, it appears to be based on the source code of Babuk ransomware that was leaked online in 2021. The encryptor uses a combination of ECDH on Curve25519 (asymmetric encryption) and Chacha20 (symmetric encryption) to encrypt files.

Encryption 86

Encryption Ransomware Education Access 86

Security Affairs

JULY 30, 2022

The ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022. of all the stolen data contains GDPR personal data based on this analysis; In 95.3% The findings are worrisome.

Ransomware 84

Ransomware GDPR Personal data Encryption 84