Krebs on Security

JULY 1, 2020

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.

Ransomware 314

Ransomware Encryption Communications Cybersecurity 314

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. Subject lines included “your document” and “photo of you???”.

Phishing 110

Phishing Ransomware Security awareness Authentication 110

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The activity of the gang was relatively quiet during the COVID-19 outbreak since May 4, when the ransomware operators launched a massive campaign that targeted organizations worldwide.

Encryption 98

Encryption Ransomware Cybersecurity Archiving 98

Security Affairs

FEBRUARY 19, 2024

The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric. The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric.

Ransomware 102

Ransomware Digital transformation Encryption Retail 102

Security Affairs

NOVEMBER 12, 2023

The Lorenz ransomware gang has been active since April 2021 and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransom to the victims. At the time of this writing, the Loren group has started uploading the stolen data (95%) US Healthcare organizations continue to be a privileged target of ransomware gangs.

Ransomware 124

Ransomware Encryption Communications IT 124

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. SecurityAffairs – hacking, ransomware).

Ransomware 143

Ransomware Encryption Access Security 143

Security Affairs

OCTOBER 15, 2023

The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. Its policy forbids to encrypt systems of organizations where damage could lead to the death of individuals.

Ransomware 122

Ransomware Encryption Data breaches IT 122

Data Breach Today

APRIL 4, 2023

CEO Says Ransomware Attack Encrypted, Exfiltrated Legacy Data From 'Old Servers' A West Virginia hospital will soon begin notifying patients and employees affected by ransomware attackers who leaked data on the dark web.

Encryption 141

Encryption Ransomware 141

Security Affairs

NOVEMBER 8, 2023

The FBI published a PIN alert warning of ransomware operators compromising third-party vendors and services for initial access to target environments. The FBI continues to observe ransomware operators abusing third-party vendors and services as an attack vector. ” reported the PIN.

Ransomware 106

Ransomware Access Phishing Encryption 106

Security Affairs

MARCH 24, 2021

Security experts reported that a second ransomware gang, named Black Kingdom , is targeting Microsoft Exchange servers. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. BlackKingdom ransomware on my personal servers. It does indeed encrypt files.

Ransomware 138

Ransomware Encryption Security IT 138

Krebs on Security

AUGUST 29, 2019

PerCSoft , a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. The ransomware attack hit PerCSoft on the morning of Monday, Aug. West Allis, Wis.-based

Ransomware 229

Ransomware Insurance Encryption Cloud 229

eSecurity Planet

JULY 19, 2022

Discovered by malware hunter JAMESWT on Twitter, Lilith is ransomware designed to lock Windows machines. The malware exfiltrates data before encrypting the targeted devices to provide additional means of extortion. Also read: Best Ransomware Removal and Recovery Services. How Lilith Ransomware Operates.

Ransomware 120

Ransomware Encryption File names Government 120

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Ransomware 118

Ransomware Archiving Encryption Cybersecurity 118

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The typical size of the BianLian ransomware executable is around 2 MB.”

Ransomware 93

Ransomware Encryption Passwords Security 93

Security Affairs

JUNE 5, 2021

Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. The Cyble Research team discovered that the company was the victim of the BlackCocaine Ransomware gang. BlackCocaine ” to the filenames of encrypted files. BlackCocaine ” to the filenames of encrypted files.

Ransomware 124

Ransomware Encryption File names Financial Services 124

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. The Black Basta ransomware group added Southern Water to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 29, 2024. southernwater.co[.]uk

Encryption 116

Encryption Ransomware Blockchain Insurance 116

eSecurity Planet

MAY 2, 2022

Ransomware just keeps getting worse, it seems. Cybersecurity researchers last week revealed that a new ransomware gang called Onyx is simply destroying larger files rather than encrypting them. The Onyx ransomware group doesn’t bother with encryption. Only small files lower than 2MB are encrypted.

Ransomware 127

Ransomware Encryption Military Cybersecurity 127

Security Affairs

OCTOBER 1, 2023

Bleeping Computer last week reported that Johnson Controls International has suffered a ransomware attack that impacted many systems of the company. The threat actors also claim to have stolen over 27 TB of corporate data and encrypted the company’s VMWare ESXi virtual machines during the attack.” reported Bleeping Computer.

Ransomware 126

Ransomware Insurance Cybersecurity Encryption 126

Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption 98

Encryption Ransomware Cybersecurity Security 98

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. ” reads a blog post published by Bleepingcomputer.

Encryption 85

Encryption Ransomware Passwords File names 85

Krebs on Security

DECEMBER 16, 2019

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. The message displayed at the top of the Maze Ransomware public shaming site. Follow the news!”

Ransomware 222

Ransomware Data breaches Paper Encryption 222

Security Affairs

NOVEMBER 5, 2021

A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware.

Ransomware 125

Ransomware Encryption Access IT 125

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. ” reads the message published by the ransomware operators.

Ransomware 128

Ransomware Encryption Security Information Security 128

Krebs on Security

DECEMBER 27, 2019

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. A now-deleted Tweet from Synoptek on Dec. When the site was first set up on Dec.

Ransomware 190

Ransomware IT Phishing Financial Services 190

Security Affairs

OCTOBER 19, 2022

Researchers at Palo Alto Network’s Unit 42 linked the Ransom Cartel ransomware operation to the REvil ransomware operations. Researchers at Palo Alto Network’s Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil cybercrime gang. No samples seen yet. ” . .

Ransomware 111

Ransomware Encryption Access IT 111

Security Affairs

NOVEMBER 1, 2021

The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). ” reads the flash alert.

Ransomware 125

Ransomware Encryption Security IT 125

Security Affairs

JUNE 28, 2023

Researchers warn of a massive spike in May and June 2023 of the activity associated with the ransomware group named 8Base. VMware Carbon Black researchers observed an intensification of the activity associated with a stealthy ransomware group named 8Base. and Brazil. ” reported NCC.

Ransomware 88

Ransomware Encryption Manufacturing Business Services 88

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. The RAT was designed to steal data from victims while masquerading as a ransomware attack. STRRAT RAT was first spotted in June 2020 by G DATA who documented its features. crimson extension. crimson extension.

Ransomware 124

Ransomware File names Encryption Passwords 124

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. Reached by phone today, Jansson said he quit the company in August, right around the time Gunnebo disclosed the thwarted ransomware attack.

Ransomware 344

Ransomware Security Agriculture Cybersecurity 344

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach. ” reported the SwissInfo website.

Communications 110

Communications Ransomware Data breaches Manufacturing 110

Security Affairs

FEBRUARY 26, 2021

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks.

Ransomware 126

Ransomware Passwords Encryption IT 126

Security Affairs

SEPTEMBER 17, 2020

University Hospital New Jersey (UHNJ) has suffered a ransomware attack, SunCrypt ransomware operators also leaked the data they have stolen. Systems at the University Hospital New Jersey (UHNJ) were encrypted with the SunCrypt ransomware, threat actors also stolen documents from the institution and leaked it online.

Ransomware 138

Ransomware Data breaches Archiving Encryption 138

Security Affairs

JUNE 6, 2020

Hackers have stolen confidential documents from the US military contractor Westech, which provides critical support for US Minuteman III nuclear deterrent. MAZE ransomware operators have stolen sensitive data from Westech, a company that supports the US Minuteman III nuclear deterrent. SecurityAffairs – Maze Ransomware, hacking).

Military 109

Military Ransomware Encryption Risk 109

Security Affairs

JULY 1, 2020

Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. SecurityAffairs – hacking, Maze Ransomware operators).

Ransomware 100

Ransomware Encryption Military IT 100

Security Affairs

MARCH 20, 2021

Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom. Taiwanese computer giant Acer was victim of the REvil ransomware attack, the gang is demanding the payment of a $50,000,000 ransom, the largest one to date. billion in revenue.

Ransomware 141

Ransomware Computer and Electronics Sales Encryption 141

Security Affairs

JULY 8, 2022

Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The researchers focused on the evolution of the Lockbit ransomware, they detailed two infections occurring at two very different time periods highlighting the evolution of the operations.

Ransomware 97

Ransomware Phishing Encryption Access 97

Security Affairs

MARCH 16, 2020

Experts warn of a new malware strain, dubbed PXJ Ransomware, that does share the same underlying code with existing ransomware families. Security experts from IBM X-Force have spotted a new strain of ransomware, dubbed PXJ Ransomware, that does share the same code with other known ransomware families.

Ransomware 102

Ransomware Encryption Communications IT 102