eSecurity Planet

OCTOBER 6, 2021

The malware encrypts files and spreads to the entire system to maximize damage, which forces companies to lock down the whole network to stop the propagation. Encryption is the Key. Encryption is used everywhere. Encrypting is neither hashing nor obfuscating files. What Happens During Ransomware Encryption?

Encryption 86

Encryption Ransomware Communications Access 86

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption 121

Encryption Communications Sales Passwords 121

Security Affairs

AUGUST 24, 2021

The FBI shared info about OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. The alert includes tactics, techniques, and procedures (TTP), along with indicators of compromise related to group. The flash alert also provides mitigation measures.

Ransomware 124

Ransomware Encryption Phishing Communications 124

eSecurity Planet

OCTOBER 25, 2022

Still, as a recent breach of an Indian power company by a different ransomware group demonstrates, the extra effort of stealing data doesn’t always pay off for the attackers — even when it leads to embarrassing data leaks for the victim. Exbyte then searches for document files (.txt,doc,pdf), When Extortion Fails and Data Leaks.

Ransomware 107

Ransomware Encryption Cloud Risk 107

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. In June, VMware Carbon Black researchers observed an intensification of the activity associated with a stealthy ransomware group named 8Base. and Brazil.

Ransomware 123

Ransomware Encryption Metadata Manufacturing 123

Security Affairs

AUGUST 21, 2022

In October 2021, a report released by the Amnesty International revealed that the Donot Team group employed Android applications posing as secure chat application and malicious emails in attacks aimed at a prominent Togolese human rights defender. In the past, the Donot Team spyware was found in attacks outside of South Asia.

IT 95

IT Phishing Military Encryption 95

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Ransomware 337

Ransomware Security Agriculture Cybersecurity 337

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. Snake Ransomware is suspected to have been employed in a ransomware attacks that hit Fresenius Group, Europe’s largest hospital provider, and the Japanese carmaker Honda.

Encryption 97

Encryption Ransomware Cybersecurity Archiving 97

Security Affairs

MARCH 15, 2023

Top aviation company Safran Group left itself vulnerable to cyberattacks, likely for well over a year, underlining how vulnerable big aviation firms are to threat actors, according to research by Cybernews. According to its own estimates, Safran Group ’s revenue for 2022 was above €19 billion.

Manufacturing 89

Manufacturing Access Risk IT 89

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach. ” reported the SwissInfo website.

Communications 110

Communications Ransomware Data breaches Manufacturing 110

Info Source

SEPTEMBER 1, 2020

Newest working group member to enhance the TWAIN Direct specification with consulting and development services. P3iD develops key technologies that address such concerns, and form part of the mission of the company to bring intelligent insight to the TWAIN Working Group through secure, easy and effective document capture. “A

Authentication 80

Authentication Digital transformation Encryption Cloud 80

Security Affairs

SEPTEMBER 28, 2021

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. ” The attackers use the version.dll DLL to load FoggyWeb which is stored in the encrypted file Windows.Data.TimeZones.zh-PH.pri. Follow me on Twitter: @securityaffairs and Facebook.

Encryption 86

Encryption Military Government Access 86

Security Affairs

FEBRUARY 19, 2024

The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric. The gang also published several pictures of passports and company documents as proof of the hack. Cactus Ransomware has just posted Schneider Electric.

Ransomware 102

Ransomware Digital transformation Encryption Retail 102

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. It’s not clear how much this law enforcement operation by Ukrainian authorities will affect the overall operations of the CLOP group.

Ransomware 309

Ransomware Encryption Cybersecurity Access 309

Schneier on Security

NOVEMBER 1, 2022

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones.

Metadata 132

Metadata Encryption Communications Access 132

Security Affairs

SEPTEMBER 23, 2020

Researchers from threat hunting and intelligence firm Group-IB have detected a successful attack by a ransomware gang tracked as OldGremlin. Group-IB , a global threat hunting and intelligence company headquartered in Singapore, has detected a successful attack by a ransomware gang, codenamed OldGremlin. Unsought invoice.

Ransomware 101

Ransomware Phishing Encryption Authentication 101

Security Affairs

APRIL 18, 2021

Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially motivated group FIN7, aka Carbanak. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak. The man is suspected to be a supervisor of the group.

Systems administration 115

Systems administration Encryption Communications Security 115

Security Affairs

OCTOBER 15, 2023

The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. The group is known to have a role for its affiliated that prohibits attacking healthcare organizations.

Ransomware 122

Ransomware Encryption Data breaches IT 122

Krebs on Security

DECEMBER 8, 2022

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. Holden’s team gained visibility into discussions among members of two different ransom groups: CLOP (a.k.a. “ Cl0p ” a.k.a. Last month, the U.S.

Ransomware 251

Ransomware Metadata Insurance Encryption 251

OneHub

AUGUST 5, 2022

Organizations need to make sure the software they select supports a set of best practices in online document storage and sharing that, together, yield the best benefits to users and the businesses they work for. Why risk your data and documents with anything less? No surprise: the best online document sharing tools are easy to use.

Communications 52

Communications Sales Risk Access 52

Security Affairs

FEBRUARY 26, 2024

. “The IT security of Automotive Body Solutions recognized the incident early on and has now contained the danger with the IT security of the Thyssenkrupp Group ,” Veit told the website Golem.de. On December 28, 2020, ThyssenKrupp Materials group of companies based in U.S.

Ransomware 101

Ransomware Encryption Access Security 101

Security Affairs

MARCH 24, 2021

The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware 138

Ransomware Encryption Security IT 138

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. The malware was found inside of a document that offered an employment contract at the multinational bank HSBC.

Security 267

Security Encryption Passwords IT 267

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new cyber espionage campaign carried out by the Russia-linked group APT28 (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ”).

Phishing 116

Phishing Computer and Electronics Communications Encryption 116

Security Affairs

FEBRUARY 29, 2024

Experts warn that the LockBit ransomware group has started using updated encryptors in new attacks, after the recent law enforcement operation. The LockBit ransomware group appears to have fully recovered its operations following the recent law enforcement initiative, code-named Operation Cronos , which aimed to disrupt its activities.

IT 97

IT Ransomware Encryption Government 97

Security Affairs

DECEMBER 7, 2019

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement. The Gamaredon group.

Military 58

Military Government Phishing Archiving 58

eSecurity Planet

SEPTEMBER 8, 2021

The Ragnar Locker group posted on its darknet leak site a note outlining the warning, putting even more pressure on target companies (which the group calls “clients”) and increasing attention on the already high-profile debate about organizations paying ransoms. To Pay or Not to Pay?

Ransomware 98

Ransomware Manufacturing Risk Encryption 98

Security Affairs

APRIL 30, 2021

China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor. A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. The documents were used to deliver a previously undocumented backdoor, tracked as PortDoor.

Phishing 128

Phishing Encryption Security IT 128

Security Affairs

JUNE 28, 2023

Researchers warn of a massive spike in May and June 2023 of the activity associated with the ransomware group named 8Base. VMware Carbon Black researchers observed an intensification of the activity associated with a stealthy ransomware group named 8Base. The 8BASE group claims to be composed of honest pentesters. “We

Ransomware 88

Ransomware Encryption Manufacturing Business Services 88

The Last Watchdog

AUGUST 8, 2023

Steel “Modern cryptography management and cryptographic agility are essential for organizations of all sizes; however, there has been a distinct lack of open-source tools for developers to support these features,” said Graham Steel, Head of Product for SandboxAQ’s security group. A broad range of U.S. SandboxAQ is backed by T.

Libraries 151

Libraries Encryption Access Cybersecurity 151

Security Affairs

JULY 3, 2023

China-linked APT group was spotted using HTML smuggling in attacks aimed at Foreign Affairs ministries and embassies in Europe. A China-linked APT group was observed using HTML smuggling in attacks against Foreign Affairs ministries and embassies in Europe, reports the cybersecurity firm Check Point. and Ukraine.

Encryption 89

Encryption Phishing Government Cybersecurity 89

Security Affairs

SEPTEMBER 19, 2023

Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group. It consists of two components, the loader and the encrypted main payload. The backdoor uses AES-ECB encryption for C2 communications.

IT 102

IT Encryption Authentication Communications 102

Security Affairs

JUNE 18, 2020

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent.

Military 79

Military Communications Libraries Encryption 79

Security Affairs

MARCH 13, 2023

In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. dll), and a decoy Microsoft Word document. dll), and a decoy Microsoft Word document. ” concludes the report.

Phishing 78

Phishing Encryption Military Government 78

Security Affairs

JUNE 5, 2021

top) that was recently registered for the beginning of the group’s operations. “Based on the analysis, the Cyble research team found that Nucleus Software is the first victim of the BlackCocaine ransomware group.” BlackCocaine ” to the filenames of encrypted files. ” reads the post published by Cyble.

Ransomware 125

Ransomware Encryption File names Financial Services 125

Security Affairs

NOVEMBER 8, 2023

The attacks frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons.” The FBI also reported, as of June 2023, that the Silent Ransom Group (SRG), also known as Luna Moth, had been observed conducting callback phishing data theft and extortion attacks.

Ransomware 106

Ransomware Access Phishing Encryption 106

Security Affairs

SEPTEMBER 10, 2022

China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government officials in Europe, the Middle East, and South America with the PlugX malware.

Government 102

Government Archiving Metadata Encryption 102