Security Affairs

MAY 27, 2023

The recently identified Buhti operation targets organizations worldwide with rebranded LockBit and Babuk ransomware variants. Researchers from Symantec discovered a new ransomware operation called Buhti (aka Blacktail ) that is using LockBit and Babuk variants to target Linux and Windows systems worldwide. ” concludes the report.

Ransomware 88

Ransomware Archiving Encryption IT 88

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Ransomware 116

Ransomware Archiving Encryption Cybersecurity 116

Security Affairs

NOVEMBER 10, 2023

The IT giant linked the attacks to the Clop ransomware gang (aka Lace Tempest ). The malware enabled human-operated activity, including lateral movement, data theft, and ransomware deployment. This is typically followed by human-operated activity, including lateral movement, data theft, and ransomware deployment.

Ransomware 101

Ransomware Archiving Access Cybersecurity 101

Krebs on Security

AUGUST 29, 2019

PerCSoft , a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. The ransomware attack hit PerCSoft on the morning of Monday, Aug. West Allis, Wis.-based

Ransomware 230

Ransomware Insurance Encryption Cloud 230

Security Affairs

AUGUST 6, 2021

RansomEXX ransomware operators hit the popular Italian luxury fashion house Ermenegildo Zegna Holding and started leaking stolen files. The RansomEXX ransomware group claims to have stolen 20.74GB of data from the company and leaked 43 archives (42 archives of 500MB in size and 1 archive containing 239.54MB of documents).

Ransomware 116

Ransomware Archiving Retail Manufacturing 116

Security Affairs

JUNE 6, 2023

Researchers from security firm Uptycs reported that threat actors linked to the Cyclops ransomware are offering a Go-based information stealer. The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. ” reads the report.

Ransomware 71

Ransomware Encryption Archiving File names 71

Security Affairs

JUNE 6, 2022

LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. ransomware to evade sanctions. Pierluigi Paganini.

Ransomware 129

Ransomware Cybersecurity Archiving Security 129

Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. zip’). Pierluigi Paganini.

Ransomware 118

Ransomware File names Archiving Encryption 118

Security Affairs

AUGUST 5, 2021

The Conti Ransomware operators offer their services to their affiliates and maintain 20-30% of each ransom payment. Now one of its affiliates leaked the IP addresses for Cobalt Strike C2 servers and an archive of 113 MB that includes training material and tools shared by the Conti operators with its network to conduct ransomware attacks.

Ransomware 124

Ransomware Archiving IT Security 124

Security Affairs

DECEMBER 28, 2020

The American multinational manufacturer and marketer of home appliances Whirlpool was hit by the Nefilim ransomware gang. During the weekend, the Nefilim ransomware operators published the first batch of data that includes documents related to employee benefits, accommodation requests, medical information requests, and other info.

Ransomware 135

Ransomware Manufacturing Marketing Archiving 135

Security Affairs

JANUARY 14, 2022

German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware. Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 116

Ransomware Archiving Encryption Cybersecurity 116

Security Affairs

MARCH 19, 2023

Dutch maritime logistics company Royal Dirkzwager suffered a ransomware attack, the company was hit by the Play ransomware gang. The Play ransomware group hit the Dutch maritime logistics company Royal Dirkzwager. Company CEO Joan Blaas said that the ransomware attack did not impact the operations of the company.

Ransomware 89

Ransomware Archiving Marketing Cloud 89

Security Affairs

SEPTEMBER 5, 2021

Pacific City Bank was hit by AVOS Locker Ransomware operators, the gang claims to have stolen sensitive file from the company and threatens to leak it. The bank was hit by AVOS Locker Ransomware operators who claim to have stolen sensitive documents from the financial institution. SecurityAffairs – hacking, ransomware).

Ransomware 117

Ransomware Financial Services Archiving Security 117

Security Affairs

MARCH 4, 2023

The Play ransomware gang has finally begun to leak the data stolen from the City of Oakland in a recent attack. The Play ransomware gang has begun to leak data they have stolen from the City of Oakland (California) in a recent cyberattack. ” reads the announcement published by the Play ransomware gang on its Tor leak site.

Ransomware 85

Ransomware Archiving Security IT 85

Security Affairs

SEPTEMBER 29, 2022

The recently born Bl00Dy Ransomware gang has started using the recently leaked LockBit ransomware builder in attacks in the wild. The Bl00Dy Ransomware gang is the first group that started using the recently leaked LockBit ransomware builder in attacks in the wild. Ransomware. builder to create its own ransomware.

Ransomware 102

Ransomware Archiving Encryption Passwords 102

Security Affairs

OCTOBER 1, 2020

K-Electric, Pakistan’s largest private power company, did not pay the ransom and the Netwalker ransomware operators have leaked the stolen data. In early September, K-Electric (KE), the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services.

Ransomware 135

Ransomware Archiving Encryption Access 135

Security Affairs

NOVEMBER 28, 2020

The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The ransomware gang announced on November 21, 2020 the leak of stolen data if the chipmaker would not have paid the ransom within the next day. billion in 2019. Pierluigi Paganini.

Ransomware 127

Ransomware Encryption IoT Sales 127

Security Affairs

AUGUST 21, 2020

Experts at threat intelligence firm Cyble came across a post published by Maze ransomware operators claiming to have breached the steel sheet giant Hoa Sen Group. Maze ransomware operators claim to be in possession of the company’s sensitive data and are threatening to release it. SecurityAffairs – hacking, Maze Ransomware Operators).

Ransomware 127

Ransomware Archiving Manufacturing Data breaches 127

Security Affairs

NOVEMBER 27, 2020

Canon finally confirmed that it has suffered a ransomware attack in early August that resulted in the theft of data from its servers. Canon has finally confirmed that it was the victim of a ransomware attack in early August and that the threat actors also stole data from its servers. GB archive called “STRATEGICPLANNINGpart62.zip”

Data breaches 130

Data breaches Ransomware Archiving Access 130

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.

Ransomware 75

Ransomware Encryption Access Archiving 75

Security Affairs

AUGUST 14, 2020

Maze ransomware operators have leaked online the unencrypted files allegedly stolen from Canon during a recent ransomware attack. Now the Maze ransomware operators have published unencrypted files allegedly stolen the Canon during the ransomware attack. GB archive called “STRATEGICPLANNINGpart62.zip”

Ransomware 123

Ransomware Archiving Military Encryption 123

Security Affairs

AUGUST 27, 2021

Ragnarok ransomware operators are ceasing their operations and released the master key that can allow their victims to decrypt files for free. The Ragnarok ransomware group has been active since at least January 2020 and hit dozens of organizations worldwide. A decryptor for #Ragnarok #ransomware will be released very shortly.

Ransomware 106

Ransomware Archiving Security IT 106

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. Pierluigi Paganini.

Ransomware 132

Ransomware Encryption Archiving Security 132

Security Affairs

MAY 22, 2021

QNAP warns customers of updating the HBS 3 disaster recovery app to prevent Qlocker ransomware attack. Taiwanese vendor QNAP is warning its customers of updating the HBS 3 disaster recovery app running on their Network Attached Storage (NAS) devices to prevent Qlocker ransomware infections. Pierluigi Paganini.

Ransomware 124

Ransomware Archiving Passwords IT 124

Security Affairs

OCTOBER 15, 2020

The Egregor ransomware gang has hit the game developer Crytek and leaked files allegedly stolen from the systems of the gaming firm Ubisoft. A previously unknown ransomware gang dubbed Egregor has hit the game developer Crytek and leaked files allegedly stolen from the internal network of another leading gaming firm, Ubisoft.

Ransomware 133

Ransomware Phishing Archiving Encryption 133

Security Affairs

FEBRUARY 9, 2022

The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums. The master decryption keys for the Maze , Egregor, and Sekhmet ransomware families were released on the BleepingComputer forums by the alleged malware developer.

Ransomware 93

Ransomware Archiving Encryption IT 93

Security Affairs

MARCH 2, 2022

A Ukrainian researcher leaked the source for the Conti ransomware and components for the control panels. Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. SecurityAffairs – hacking, Conti Ransomware).

Ransomware 94

Ransomware Passwords Archiving Communications 94

Security Affairs

SEPTEMBER 17, 2020

University Hospital New Jersey (UHNJ) has suffered a ransomware attack, SunCrypt ransomware operators also leaked the data they have stolen. Systems at the University Hospital New Jersey (UHNJ) were encrypted with the SunCrypt ransomware, threat actors also stolen documents from the institution and leaked it online.

Ransomware 137

Ransomware Data breaches Archiving Encryption 137

Security Affairs

JUNE 16, 2022

The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide.

Ransomware 100

Ransomware Archiving Access Encryption 100

Security Affairs

MAY 27, 2023

While the City of Augusta revealed that a cyberattack caused the recent IT outage, the BlackByte ransomware gang has claimed responsibility for the attack. “Recent media reports regarding Augusta, Georgia being held hostage for $50 million in a ransomware attack are incorrect.” The group has leaked a zip archive of 8.1

Ransomware 78

Ransomware Archiving Access IT 78

Security Affairs

JULY 20, 2020

Another telco company was hit by a ransomware, roughly 18,000 computers belonging to Telecom Argentina were infected over the weekend. Telecom Argentina , one of the largest internet service providers in Argentina, was hit by a ransomware attack. SecurityAffairs – hacking, REVil ransomware). million ransom. Pierluigi Paganini.

Ransomware 123

Ransomware Archiving Access IT 123

Security Affairs

APRIL 23, 2021

A new ransomware strain dubbed Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom payment. Experts are warning of a new strain of ransomware named Qlocker that is infecting hundreds of QNAP NAS devices on daily bases. If anyone's dealing with the QLocker QNAP NAS ransomware, feel free to DM me.

Ransomware 117

Ransomware Archiving Passwords Encryption 117

Security Affairs

SEPTEMBER 4, 2020

A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. We have now confirmed a data breach occurred.

Data breaches 106

Data breaches Ransomware Archiving Encryption 106

Security Affairs

JANUARY 16, 2022

QNAP NAS devices are under attack, experts warn of a new Qlocker ransomware campaign that hit devices worldwide. A new wave of Qlocker ransomware it targeting QNAP NAS devices worldwide, the new campaign started on January 6 and it drops ransom notes named !!!READ_ME.txt READ_ME.txt on infected devices.

Ransomware 111

Ransomware Encryption Passwords Manufacturing 111

Security Affairs

SEPTEMBER 13, 2020

Fairfax County Public Schools (FCPS), one of the largest school divisions in the US, was hit by Maze ransomware operators. Fairfax County Public Schools (FCPS) was victim of an attack carried out by the Maze ransomware operators. “FCPS recently learned that ransomware was placed on some of our technology systems. .

Ransomware 100

Ransomware Archiving IT Security 100

eSecurity Planet

NOVEMBER 19, 2021

In a year in which ransomware attacks seem to get worse by the day, companies have made surprising progress defending themselves against attacks. Ransomware protection spending (source: Cymulate). Where the greatest optimism comes in is in what tends to happen when a company is hit with ransomware, according to the report.

Ransomware 130

Ransomware Cybersecurity Cloud Security 130

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. Now, we have information that their data may have possibly been leaked by Hive – a new ransomware group. SecurityAffairs – hacking, ransomware). Here’s what we know.

Ransomware 101

Ransomware File names Archiving Encryption 101