Schneier on Security

NOVEMBER 21, 2022

“If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files! . “If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files!” ” they wrote. Technical details.

Encryption 92

Encryption Ransomware IT Cybersecurity 92

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. LockFile ransomware gang started its operations last month, recently it was spotted targeting Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

Encryption 113

Encryption Ransomware Financial Services Manufacturing 113

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption 95

Encryption Ransomware Paper Blockchain 95

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption 122

Encryption Ransomware Blockchain Libraries 122

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 120

Ransomware Encryption Blockchain Insurance 120

Data Breach Today

JUNE 11, 2021

The latest edition of the ISMG Security Report features an analysis of lawmakers' grilling of Colonial Pipeline CEO Joseph Blount over his handling of the DarkSide ransomware attack. Also featured: How the FBI helped trick criminals into using an encrypted communications service that it was able to monitor.

Ransomware 221

Ransomware Encryption Communications Security 221

Security Affairs

FEBRUARY 13, 2024

Authorities in Romania reported that at least 100 hospitals went offline after a ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed that a ransomware attack that targeted the Hipocrate Information System (HIS) has disrupted operations for at least 100 hospitals. The threat actors demand the payment of 3.5

Ransomware 119

Ransomware Cleanup Encryption Cybersecurity 119

Data Breach Today

APRIL 5, 2019

The latest edition of the ISMG Security Report offers an in-depth look at the ever-changing ransomware threat. Other topics: filling the DevSecOps skills gap and the repercussions of Australia's encryption-busting law.

Ransomware 163

Ransomware Encryption Security 163

eSecurity Planet

OCTOBER 6, 2021

Ransomware attacks are a huge concern these days, especially for corporate networks. Indeed, when the ransomware reaches its target, it’s practically game over. The malware encrypts files and spreads to the entire system to maximize damage, which forces companies to lock down the whole network to stop the propagation.

Encryption 85

Encryption Ransomware Communications Access 85

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The activity of the gang was relatively quiet during the COVID-19 outbreak since May 4, when the ransomware operators launched a massive campaign that targeted organizations worldwide.

Encryption 103

Encryption Ransomware Cybersecurity Archiving 103

Security Affairs

DECEMBER 6, 2022

Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption window, turning it as a wiper.

Ransomware 128

Ransomware Encryption Libraries IT 128

Security Affairs

AUGUST 18, 2021

Researchers conducted a new analysis of the Diavol ransomware and found new evidence of the link with the gang behind the TrickBot botnet. In July, researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider , the cybercrime gang behind the TrickBot botnet.

Ransomware 101

Ransomware Encryption Communications Security 101

Security Affairs

DECEMBER 19, 2022

Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language. ” reads the analysis published by Trend Micro. AGENDA.THIAFBB.”

Ransomware 130

Ransomware Encryption Passwords Education 130

IBM Big Data Hub

JANUARY 22, 2024

It’s the news no organization wants to hear―you’ve been the victim of a ransomware attack, and now you’re wondering what to do next. Over 17 percent of all cyberattacks involve ransomware —a type of malware that keeps a victim’s data or device locked unless the victim pays the hacker a ransom.

Ransomware 113

Ransomware Encryption Analytics Data breaches 113

Security Affairs

JANUARY 6, 2023

Microsoft warns of different ransomware families (KeRanger, FileCoder, MacRansom, and EvilQuest) targeting Apple macOS systems. Microsoft Security Threat Intelligence team warns of four different ransomware families ( KeRanger , FileCoder , MacRansom , and EvilQuest ) that impact Apple macOS systems.

Ransomware 95

Ransomware Encryption Libraries Security 95

Security Affairs

JUNE 3, 2023

Experts noticed that the new Linux ransomware BlackSuit has significant similarities with the Royal ransomware family. Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in Dallas, Texas. Extension: blacksuit.

Ransomware 98

Ransomware Encryption File names Cybersecurity 98

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. ” continues the analysis. ” reads the report published by Sophos.

Encryption 106

Encryption Ransomware Energy and Utilities File names 106

Security Affairs

JULY 7, 2022

US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. Pierluigi Paganini.

Ransomware 126

Ransomware Encryption Government Cybersecurity 126

Security Affairs

JULY 20, 2022

Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. A notable example includes BlackCat and Hive.

Ransomware 130

Ransomware Encryption IT Security 130

Security Affairs

JANUARY 17, 2022

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020 , it was observed targeting only Windows systems. Recently, Rising captured the Linux platform variant of the ransomware.”

Ransomware 144

Ransomware Encryption Libraries Communications 144

Security Affairs

NOVEMBER 21, 2022

Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt, and Alice Ransomware. ” continues Cyble. .”

Ransomware 97

Ransomware Encryption IT Security 97

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. SecurityAffairs – hacking, ransomware).

Ransomware 145

Ransomware Encryption Access Security 145

Security Affairs

JULY 15, 2022

Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. The ransomware targets a limited types of files, including log files (.log),

Ransomware 124

Ransomware Encryption File names Risk 124

Security Affairs

NOVEMBER 24, 2022

RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming language. The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language.

Ransomware 99

Ransomware Encryption Manufacturing Government 99

Security Affairs

OCTOBER 16, 2023

Microsoft thwarted a large-scale hacking campaign carried out by Akira ransomware operators targeting an unknown industrial organization. According to the IT giant, its cyber defense solution is able to automatically disrupt human-operated attacks like ransomware without needing to deploy any other capabilities.

Ransomware 114

Ransomware Education Encryption Access 114

Security Affairs

SEPTEMBER 9, 2022

Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices.

Encryption 126

Encryption Ransomware Access Passwords 126

Security Affairs

JUNE 29, 2021

Researchers analyzed a recently discovered threat, the Lorenz ransomware, and developed a free decryptor for the victims of this new operation. The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims. Lorenz.sz40’.”

Ransomware 116

Ransomware Encryption Passwords Cybersecurity 116

Security Affairs

MARCH 9, 2023

The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. to deploy the ransomware.

Ransomware 96

Ransomware Encryption Phishing IT 96

Security Affairs

OCTOBER 5, 2022

The security firm discovered a bug in the encryption process implemented by the Hades ransomware that can be used to recover the files encrypted by some variants. “We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom.

Ransomware 95

Ransomware Encryption Passwords IT 95

Security Affairs

MAY 12, 2023

The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021.

Ransomware 98

Ransomware Encryption Cloud Cybersecurity 98

Security Affairs

JULY 23, 2022

DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. ” Earlier this month, the FBI, CISA, and the U.S.

Ransomware 136

Ransomware Encryption Cybersecurity Government 136

Security Affairs

JANUARY 18, 2022

A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. scrypt.txt.” .

Ransomware 141

Ransomware Encryption Passwords IT 141

Security Affairs

MAY 9, 2021

CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye’s Mandiant.

Ransomware 130

Ransomware Encryption Cybersecurity Risk 130

Security Affairs

FEBRUARY 9, 2023

Experts warn of new ESXiArgs ransomware attacks using an upgraded version that makes it harder to recover VMware ESXi virtual machines. Experts spotted a new variant of ESXiArgs ransomware targeting VMware ESXi servers, authors have improved the encryption process, making it much harder to recover the encrypted virtual machines.

Ransomware 95

Ransomware Encryption IT Security 95

Security Affairs

APRIL 20, 2023

Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware. Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. _locked” extension to the filename of encrypted files.

Ransomware 92

Ransomware Encryption Cybersecurity Education 92

Security Affairs

JULY 5, 2023

RedEnergy is a sophisticated stealer-as-a-ransomware that was employed in attacks targeting energy utilities, oil, gas, telecom, and machinery sectors. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors.

Energy and Utilities 92

Energy and Utilities Ransomware Encryption Manufacturing 92

Security Affairs

NOVEMBER 5, 2021

A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware.

Ransomware 133

Ransomware Encryption Access IT 133