Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.

Ransomware 308

Ransomware Encryption Cybersecurity Access 308

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. Gb AWACS software - 13 Gb.esm files - 1.9 pst files - 1.5

Ransomware 117

Ransomware Manufacturing Insurance Cybersecurity 117

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. The ransomware component is then decrypted and loaded into the SmokeLoader process’ memory.

Ransomware 128

Ransomware Encryption Metadata Manufacturing 128

Krebs on Security

JULY 1, 2020

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.

Ransomware 297

Ransomware Encryption Communications Cybersecurity 297

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Ransomware 337

Ransomware Security Agriculture Cybersecurity 337

Security Affairs

OCTOBER 3, 2022

The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks.

Manufacturing 117

Manufacturing Ransomware Authentication IT 117

Security Affairs

FEBRUARY 10, 2024

Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the Black Basta and Alphv/BlackCat ransomware operations. Researchers from Bitdefender discovered a new macOS backdoor, dubbed RustDoor, which appears to be linked to ransomware operations Black Basta and Alphv/BlackCat. ” concludes the report.

Ransomware 125

Ransomware File names Passwords IT 125

Security Affairs

NOVEMBER 17, 2023

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. ” In response to the security incident, the company took the impacted systems offline and launched an investigation with the help of law enforcement.

Financial Services 126

Financial Services Ransomware Data breaches Insurance 126

Krebs on Security

SEPTEMBER 23, 2020

The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents. “We have since engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment.

Ransomware 330

Ransomware Marketing Government Access 330

Schneier on Security

APRIL 14, 2020

Originally, ransomware didn't involve any data theft. Now ransomware is increasingly involving both encryption and exfiltration. Recently, the aerospace company Visser Precision was hit by the DoppelPaymer ransomware. Recently, the aerospace company Visser Precision was hit by the DoppelPaymer ransomware.

Ransomware 118

Ransomware Encryption IT 118

Security Affairs

SEPTEMBER 2, 2023

The LockBit ransomware gang claims to have breached the Commission des services electriques de Montréal (CSEM). The LockBit ransomware group continues to be one of the most active extortion gangs in the threat landscape. CSEM confirmed the security breach, the company confirmed the attack took place on August 3rd, 2023.

Ransomware 121

Ransomware Education Security IT 121

Security Affairs

DECEMBER 22, 2023

The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant. “We’ve obtained 100 GB of data of Nissan Australia.

Ransomware 130

Ransomware Data breaches Financial Services Archiving 130

Security Affairs

APRIL 21, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Automotive Industry Chinese Organized Crime’s Latest U.S.

Data breaches 106

Data breaches Security MDM Ransomware 106

Security Affairs

AUGUST 28, 2023

The Rhysida ransomware group claimed to have hacked Prospect Medical Holdings and sensitive information from the company. Many primary care services were closed on Friday while third-party security experts started investigating the security incident. The group also claims to have stolen 1 TB of documents.

Ransomware 94

Ransomware Paper Cybersecurity Security 94

Hunton Privacy

FEBRUARY 29, 2024

This marks the second such settlement with a HIPAA-regulated entity for violations that were discovered following a ransomware attack, according to HHS. This marks the second such settlement with a HIPAA-regulated entity for violations that were discovered following a ransomware attack, according to HHS.

Ransomware 111

Ransomware Personal data Risk Privacy 111

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. Pierluigi Paganini.

Ransomware 131

Ransomware Military Cybersecurity Security 131

Security Affairs

OCTOBER 1, 2023

Experts warn that the recent attack on building automation giant Johnson Controls may have exposed data of the Department of Homeland Security (DHS). The company provides HVAC (heating, ventilation, and air conditioning), solutions for building automation, fire and security systems, and components for energy management.

Ransomware 133

Ransomware Insurance Cybersecurity Encryption 133

Security Affairs

NOVEMBER 12, 2023

The Lorenz ransomware gang has been active since April 2021 and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransom to the victims. The Lorenz ransomware gang has been active since April 2021 and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransom to the victims.

Ransomware 130

Ransomware Encryption Communications IT 130

Security Affairs

DECEMBER 16, 2023

The Hunters International ransomware gang claims to have hacked the Fred Hutchinson Cancer Center (Fred Hutch). Another healthcare organization suffered a ransomware attack, the Hunters International ransomware gang claims to have hacked the Fred Hutchinson Cancer Center (Fred Hutch). ” reported the Seattle Times. “If

Ransomware 118

Ransomware Insurance Education Marketing 118

Security Affairs

NOVEMBER 8, 2023

The FBI published a PIN alert warning of ransomware operators compromising third-party vendors and services for initial access to target environments. The FBI continues to observe ransomware operators abusing third-party vendors and services as an attack vector. ” reported the PIN.

Ransomware 115

Ransomware Access Phishing Encryption 115

Security Affairs

SEPTEMBER 10, 2023

Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization.

Ransomware 132

Ransomware Paper Cybersecurity IT 132

Security Affairs

SEPTEMBER 30, 2023

The ALPHV/BlackCat ransomware gang added the hotel chain Motel One to the list of victims on its Tor leak site. The ALPHV/BlackCat ransomware gang added Motel One to the list of victims on its Tor leak site. ” The ransomware group threatens to leak the stolen data if the company does not pay the ransom within five days.

Ransomware 121

Ransomware Manufacturing Risk IT 121

Security Affairs

OCTOBER 15, 2023

The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. Other ransomware attacks recently hit US hospitals. Threat actors continue to target hospitals.

Ransomware 130

Ransomware Encryption Data breaches IT 130

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Ransomware 125

Ransomware Archiving Encryption Cybersecurity 125

Security Affairs

FEBRUARY 19, 2024

The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric. The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric.

Ransomware 111

Ransomware Digital transformation Encryption Retail 111

Security Affairs

SEPTEMBER 26, 2023

This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry of Finance and added it to its Tor leak site. Last week a ransomware attack hit the Government of Kuwait, the attack took place on September 18 and the government experts immediately started the incident response procedures to block the threat.

Ransomware 116

Ransomware Government Cybersecurity IT 116

Security Affairs

NOVEMBER 13, 2023

The LockBit ransomware group published data allegedly stolen from the aerospace giant Boeing in a recent attack. At the end of October, the Lockbit ransomware group added Boeing to the list of victims on its Tor leak site. At the end of October, the Lockbit ransomware group added Boeing to the list of victims on its Tor leak site.

Ransomware 122

Ransomware Authentication Manufacturing Sales 122

Security Affairs

JUNE 5, 2023

Play ransomware group claims responsibility for a ransomware attack that hit Globalcaja, one of the major banks in Spain. Globalcaja was the victim of a Play ransomware attack that impacted operations at several offices of the bank. In March, the Play ransomware group hit the Dutch maritime logistics company Royal Dirkzwager.

Ransomware 93

Ransomware Data breaches Cloud Security 93

Krebs on Security

MAY 31, 2022

Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti.

Ransomware 244

Ransomware Government Communications Cybersecurity 244

Security Affairs

SEPTEMBER 5, 2021

Pacific City Bank was hit by AVOS Locker Ransomware operators, the gang claims to have stolen sensitive file from the company and threatens to leak it. The bank was hit by AVOS Locker Ransomware operators who claim to have stolen sensitive documents from the financial institution. SecurityAffairs – hacking, ransomware).

Ransomware 123

Ransomware Financial Services Archiving Security 123

Security Affairs

JUNE 6, 2022

LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. ransomware to evade sanctions. Pierluigi Paganini.

Ransomware 138

Ransomware Cybersecurity Archiving Security 138

Security Affairs

JANUARY 26, 2023

The BlackCat Ransomware group claims to have hacked SOLAR INDUSTRIES INDIA and to have stolen 2TB of “secret military data.” ” The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site. ” reads the message published on the leak site.

Military 89

Military Manufacturing Ransomware Mining 89

Security Affairs

APRIL 2, 2023

Documents leaked from Russian IT contractor NTC Vulkan show it was likely involved in the development of offensive tools. The documents demonstrate that it also developed hacking tools for the Russia-linked APT group Sandworm. The documents include details for three projects named Scan, Amesit, and Krystal-2B.

Energy and Utilities 94

Energy and Utilities Education Ransomware IT 94

Security Affairs

OCTOBER 24, 2022

The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. SecurityAffairs – hacking, Cuba ransomware).

Ransomware 102

Ransomware Phishing File names IT 102

Security Affairs

JUNE 15, 2021

The REvil ransomware gang made the headlines again, the group hit the US nuclear weapons contractor Sol Oriens and stole the victim’s data. US nuclear weapons contractor Sol Oriens was hit by a cyberattack carried out by the REvil ransomware operators, which claims to have stolen data. states the company.

Ransomware 118

Ransomware Military Personal data Cybersecurity 118

Security Affairs

NOVEMBER 9, 2022

ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. ” reads the report published by the security firm. ” concludes the report.

Ransomware 96

Ransomware Sales Phishing Security 96

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. LockFile ransomware gang started its operations last month, recently it was spotted targeting Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

Encryption 114

Encryption Ransomware Financial Services Manufacturing 114