Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks.

Ransomware 144

Ransomware Encryption File names Passwords 144

Security Affairs

MARCH 26, 2021

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . Experts discovered that threat actors targeted a large US transportation & logistics organization, a large US consumer products organization, and a global manufacturing organization.

Ransomware 143

Ransomware Encryption File names Manufacturing 143

Security Affairs

OCTOBER 18, 2022

The attacks detailed by Cybereason targeted technology and manufacturing companies primarily located in East Asia, Western Europe, and North America. ” reads the analysis published by Symantec. Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content.

File names 115

File names Encryption Manufacturing Libraries 115

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ReadMe file name: README.BlackSuit.txt. ” reads the analysis published by TrendMicro.

Ransomware 98

Ransomware Encryption File names Cybersecurity 98

Security Affairs

JULY 8, 2019

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. Technical Analysis. Extracting the content of the ISO image, we encounter an EXE file named “po-ima0948436.exe”. Encrypted payload, stored in Resource section.

File names 70

File names Encryption Archiving Phishing 70

Security Affairs

APRIL 28, 2020

Now, Shellbot has re-appeared in the threat landscape in a recent campaign, targeting organizations worldwide with a new IRC server and new Monero pools, so we decided to deepen the analysis. Technical Analysis. The script looks like the following: Figure 5: Content of the “a” file. The initial script is the file named “ a ”.

Mining 103

Mining File names Honeypots IT 103

eSecurity Planet

APRIL 6, 2023

Ransomware is a type of malicious program, or malware, that encrypts files, documents and images on a computer or server so that users cannot access the data. These keys are available to the attacker, and the encryption can only be decrypted using a private key. How Does Ransomware Work?

Ransomware 88

Ransomware Encryption Cybersecurity Risk 88