Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 121

Ransomware Encryption Blockchain Insurance 121

Security Affairs

AUGUST 15, 2022

The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. In March 2022, SOVA authors released version 3.0 ” reads the analysis published by Cleafy. The malware has been active since 2021 and evolves over time. Oscorp or BRATA ).”

Encryption 98

Encryption Ransomware Access Communications 98

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware group has been active since April 2022 , like other ransomware operations, it implements a double-extortion attack model. A joint research by Elliptic and Corvus Insurance revealed that the group accumulated at least $107 million in Bitcoin ransom payments since early 2022.

Encryption 127

Encryption Ransomware Blockchain Insurance 127

Security Affairs

JUNE 15, 2022

Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. The experts will present their findings at the 31st USENIX Security Symposium that will take place in Boston, 10–12 August 2022. ” reads the website set up to describe the attack.

Encryption 79

Encryption Libraries Security Cybersecurity 79

Krebs on Security

NOVEMBER 17, 2022

He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. “We’ve found someone who can crack the encryption.” Then came the unlikely call from an FBI agent. “Don’t pay,” the agent said.

Ransomware 300

Ransomware Encryption Manufacturing Phishing 300

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT.

Ransomware 128

Ransomware Encryption Metadata Manufacturing 128

eSecurity Planet

JULY 8, 2022

The global cost of ransomware has risen from $325 million to $20 billion from 2016 to 2021, and on average, only 65% of encrypted data was restored after a ransom was paid. Here are our top picks based on our analysis of the DR market. The post Best Disaster Recovery Solutions for 2022 appeared first on eSecurityPlanet.

Ransomware 122

Ransomware Cloud Encryption Marketing 122

Security Affairs

MARCH 25, 2024

The malware StrelaStealer is an email credential stealer that DCSO_CyTec first documented in November 2022. “The JScript file then drops a Base64-encrypted file and a batch file. The Base64-encrypted file is decoded with the certutil -f decode command, resulting in the creation of a Portable Executable (PE) DLL file.”

Encryption 113

Encryption Manufacturing Archiving Phishing 113

Security Affairs

MARCH 9, 2023

IceFire was first detected in March 2022 by researchers from the MalwareHunterTeam , but the group claimed victims via its dark web leak site since August 2022. In an attack observed by the experts, the ransomware successfully encrypted a CentOS host running a vulnerable version of IBM Aspera Faspex file server software.

Ransomware 97

Ransomware Encryption Phishing IT 97

Security Affairs

APRIL 9, 2024

BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022. The developers used AES encryption and implemented techniques to bypass the anti-malware scan interface (AMSI).

Phishing 104

Phishing Sales Encryption Cybersecurity 104

Thales Cloud Protection & Licensing

AUGUST 8, 2022

Verizon’s 2022 Mobile Security Index Report – Confirming what we all suspected. Tue, 08/09/2022 - 05:56. From the foreword of the report, all the way to the end, the analysis indicates that mobile devices pose a greater risk to organizations. Todd Moore | VP, Encryption Products. Identity & Access Management.

Security 71

Security Communications Risk Access 71

Security Affairs

FEBRUARY 16, 2023

. “During analysis, we discovered two hosts with strikingly similar ransom notes dating back to mid-October 2022, just after ESXi versions 6.5 ” Censys reported that two hosts with a similar (but different) ransom note were infected on October 12, 2022. reached end of life.” ” continues the report.

Ransomware 95

Ransomware Encryption IT Security 95

Security Affairs

AUGUST 27, 2023

ransomware builder in 2022 allowed threat actors to create new variants of the threat. Lockbit v3 , aka Lockbit Black , was detected in June 2022, but in September 2022 a builder for this variant was leaked online. The analysis of the timestamp revealed that the binary, builder.exe, was slightly different in both leaks.

Ransomware 98

Ransomware Communications Encryption Security 98

Security Affairs

JUNE 12, 2023

Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022. The developers used AES encryption and implemented techniques to bypass the anti-malware scan interface (AMSI).

Encryption 97

Encryption Security IT Information Security 97

Security Affairs

NOVEMBER 28, 2022

1/9 pic.twitter.com/WyxzCZSz84 — ESET research (@ESETresearch) November 25, 2022. From August 2022, Recorded Future researchers observed a rise in command and control (C2) infrastructure used by Sandworm (tracked by Ukraine’s CERT-UA as UAC-0113). The key is then RSA encrypted and written to aes.bin. Pierluigi Paganini.

Ransomware 124

Ransomware IT Encryption Government 124

Security Affairs

NOVEMBER 21, 2022

The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. The analysis of the code revealed that the startencryption() function implements the capability to search files by enumerating the available directories on the C: drive. ” reads the analysis published by Cyble. .

Ransomware 99

Ransomware Encryption IT Security 99

Security Affairs

MARCH 11, 2024

These include: Magento – CVE-2022-24086 Qlik Sense – CVE-2023-41265, CVE-2023-41266 , and CVE-2023-48365 Ivanti Connect Secure – CVE-2023-46805 and CVE-2024-21887 , CVE-2024-21888 and CVE-2024-21893. The malware uses AES encryption for C2 communication, however, depending on the transmitted data, RSA may also be utilized.

Communications 112

Communications Encryption IT Security 112

Security Affairs

JUNE 13, 2023

Zacks is the leading investment research firm focusing on stock research, analysis, and recommendations. The company attempted to downplay the security breach by telling Have I Been Pwned that threat actors only had access to encrypted passwords. HIBP pointed out that the most recent record in the leaked database is dated May 2020.

Data breaches 96

Data breaches Passwords Encryption Archiving 96

Security Affairs

JULY 23, 2022

In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars.” The Kansas hospital opted to pay approximately a $100,000 ransom in Bitcoin to receive a decryptor e recover the encrypted files. According to the analysis, the malware appears to be human-operated ransomware.

Ransomware 138

Ransomware Encryption Cybersecurity Government 138

Security Affairs

OCTOBER 19, 2022

The Ransom Cartel operation was launched in December 2022, and security experts at MalawareHunterTeam were among the first research teams to speculate a possible link with Revil. demonslay335 @VK_Intel [link] — MalwareHunterTeam (@malwrhunterteam) January 21, 2022. ” reads the report published by Unit42. ” . .

Ransomware 121

Ransomware Encryption Access IT 121

Security Affairs

SEPTEMBER 8, 2023

The state-sponsored hackers exploited the CVE-2022-47966 RCE vulnerability in Zoho ManageEngine. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The vulnerability was addressed by the company on October 27th, 2022.

Cybersecurity 128

Cybersecurity Access Security Encryption 128

Security Affairs

SEPTEMBER 19, 2023

Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS. ” continues the report.

IT 111

IT Encryption Authentication Communications 111

The Last Watchdog

FEBRUARY 20, 2024

In 2022, 88% of users relied on chatbots when interacting with businesses. Health care relies on it for intelligent symptom analysis and health information dissemination. This helps them improve their performance over time by gaining data from interactions. These tools saved 2.5 per interaction. Using MFA can prevent 99.9%

Cybersecurity 218

Cybersecurity Authentication Communications Privacy 218

Security Affairs

JULY 15, 2022

RedAlert is human-operated ransomware, the ransomware uses NTRUEncrypt public key encryption algorithm for encryption. crypt[Random number] ” extension to the filenames of encrypted files. lilith” extension to the filenames of encrypted files. ” reads the analysis published by Cyble. log), swap files(.vswp),

Ransomware 124

Ransomware Encryption File names Risk 124

Security Affairs

OCTOBER 13, 2023

The APT group was discovered in June 2022 by Kaspersky which linked it to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. “Our investigation started with an e-mail sent in September 2022 to a Vietnamese telecom company and was uploaded to VirusTotal.

Government 113

Government IT Encryption Libraries 113

Security Affairs

SEPTEMBER 7, 2022

” reads the analysis published by Unit 42. “As a variant, MooBot inherits Mirai’s most significant feature – a data section with embedded default login credentials and botnet configuration – but instead of using Mirai’s encryption key, 0xDEADBEEF, MooBot encrypts its data with 0x22.”

Encryption 105

Encryption Passwords Security IT 105

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library. ” reads the advisory published by the CVE-2022-3786. SecurityAffairs – hacking, encryption). The flaws impact versions 3.0.0 through 3.0.6

Libraries 111

Libraries Encryption Authentication Communications 111

Security Affairs

OCTOBER 20, 2022

The malicious document was uploaded from Jordan on August 25, 2022. . ” reads the analysis published by SafeBreach. The command is encrypted using AES-256 CBC. The analysis of the ID count revealed that the attackers C2 have compromised a total of 70 computers. posing as a LinkedIn-based job application.

Encryption 140

Encryption Cybersecurity Phishing IT 140

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. ” reads the analysis published by Rising.AFR-6fyvilv #Sfile #Ransomware New Sample: 6E029B9B0A600CDC1E75A4F7228B332B pic.twitter.com/tB27dM8tjd — dnwls0719 (@fbgwls245) January 9, 2022.

Ransomware 145

Ransomware Encryption Libraries Communications 145

Security Affairs

APRIL 19, 2022

The initial stage for the deployment of the malware is an EXE file larger than 250MB, a so large file size was used to avoid an automated sandbox or AV analysis. The sample analyzed by the experts was compiled in February 2022, a circumstance that suggests the artifacts are part of new development.

Encryption 97

Encryption Cybersecurity Passwords Communications 97

Security Affairs

NOVEMBER 24, 2022

It requires a list of target directories to encrypt to be passed as command line parameters and then encrypts files using AES-256, with RSA used to protect the encryption keys.” ” reads the analysis published by IBM Security X-Force. ” concludes the report.

Ransomware 99

Ransomware Encryption Manufacturing Government 99

Security Affairs

JUNE 28, 2023

The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT. “New analysis from NCC Group’s Global Threat Intelligence team has revealed that ransomware attacks are soaring, with 436 victims in May. .”

Ransomware 96

Ransomware Encryption Manufacturing Business Services 96

Security Affairs

APRIL 27, 2023

The encryptor uses a combination of ECDH on Curve25519 (asymmetric encryption) and Chacha20 (symmetric encryption) to encrypt files. The researchers discovered that the samples contain a self-delete mechanism which is invoked once the victim’s device is encrypted. ” reads the analysis published by Uptycs.

Encryption 96

Encryption Ransomware Education Access 96

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Also read: Best Antivirus Software of 2022. The 2022 SonicWall Cyber Threat Report found that all types of cyberattacks increased in 2021. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4

Ransomware 137

Ransomware Cybersecurity Phishing Encryption 137

Security Affairs

JULY 30, 2022

The ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022. of all the stolen data contains GDPR personal data based on this analysis; In 95.3% The findings are worrisome.

Ransomware 96

Ransomware GDPR Personal data Encryption 96

Security Affairs

JUNE 3, 2023

Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in Dallas, Texas. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars.

Ransomware 98

Ransomware Encryption File names Cybersecurity 98

Security Affairs

JANUARY 6, 2024

The analysis conducted on the ransomware revealed it was designed to look like ransomware but was wiper malware designed for sabotage purposes. Unlike other ransomware, Petya does not encrypt files on the infected systems but targets the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable.

Insurance 118

Insurance Healthcare Manufacturing Ransomware 118