Krebs on Security

DECEMBER 8, 2022

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. Holden’s team gained visibility into discussions among members of two different ransom groups: CLOP (a.k.a. “ Cl0p ” a.k.a. Last month, the U.S.

Ransomware 250

Ransomware Metadata Insurance Encryption 250

Security Affairs

APRIL 27, 2023

The encryptor uses a combination of ECDH on Curve25519 (asymmetric encryption) and Chacha20 (symmetric encryption) to encrypt files. The group operates a ransomware-as-a-service (RaaS) and provides its malicious code to a network of affiliates by imposing strict rules. ” reads the analysis published by Uptycs.

Encryption 92

Encryption Ransomware Education Access 92

Security Affairs

DECEMBER 19, 2022

The Qilin ransomware-as-a-service (RaaS) group uses a double-extortion model, with most of the victims in the manufacturing and IT industries. The ransomware was originally written in Go language and was employed in attacks aimed at healthcare and education sectors in countries like Thailand and Indonesia. AGENDA.THIAFBB.”

Ransomware 126

Ransomware Encryption Passwords Education 126

The Last Watchdog

AUGUST 8, 2023

Steel “Modern cryptography management and cryptographic agility are essential for organizations of all sizes; however, there has been a distinct lack of open-source tools for developers to support these features,” said Graham Steel, Head of Product for SandboxAQ’s security group. A broad range of U.S. SandboxAQ is backed by T.

Libraries 151

Libraries Encryption Access Cybersecurity 151

The Last Watchdog

DECEMBER 14, 2023

Cryptographic inventories need finalizing and quantum safe encryption needs to be adopted for sensitive communications and data. Consumers will begin to see their favorite applications touting “quantum-secure encryption.” CISOs will have to get quantum resilient encryption on their cyber roadmap. Educate your workforce.

Cybersecurity 201

Cybersecurity Encryption Marketing Risk 201

Security Affairs

AUGUST 22, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Ransomware 94

Ransomware Education Encryption Authentication 94

Security Affairs

APRIL 16, 2023

The LockBit group is the first ransomware gang of all time that has created encryptors to target macOS systems, MalwareHunterTeam team warn. One of the encryptors developed by Lockbit, named ‘locker_Apple_M1_64’, can encrypt files of Mac systems running on the Apple silicon M1.

Archiving 98

Archiving Encryption Ransomware Education 98

Security Affairs

MARCH 3, 2023

Unlike other ransomware operations, Royal doesn’t offer Ransomware-as-a-Service, it appears to be a private group without a network of affiliates. “FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.”

Ransomware 94

Ransomware Encryption Cybersecurity Communications 94

Security Affairs

MAY 15, 2023

The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia. Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South and Southeast Asia, as part of a long-running campaign.

Encryption 89

Encryption Phishing Communications Education 89

Security Affairs

SEPTEMBER 23, 2023

MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. Once obtained access to the City’s network, the group performed reconnaissance and information-gathering activities using legitimate third-party remote management tools.

Ransomware 107

Ransomware Encryption Systems administration Cybersecurity 107

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog. “Others have gotten the message about the need for good backups, and probably don’t need to pay.

Ransomware 285

Ransomware Agriculture Encryption Access 285

Security Affairs

OCTOBER 16, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Ransomware 110

Ransomware Education Encryption Access 110

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. Another option is that BlackSuit emerged from a splinter group within the original Royal ransomware gang.”

Ransomware 97

Ransomware Encryption File names Cybersecurity 97

Security Affairs

MAY 4, 2023

MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. Unlike other ransomware operations, Royal doesn’t offer Ransomware-as-a-Service, it appears to be a private group without a network of affiliates. Source J.D. reads the alert.

Ransomware 96

Ransomware IT Encryption Education 96

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. The second stage payload is a heavily obfuscated shellcode, the APT group used an encryption method different for each sample.

Manufacturing 124

Manufacturing Education Encryption IT 124

IT Governance

OCTOBER 23, 2023

Actually, it’ll be at its most secure if it’s set to use AES (Advanced Encryption Standard) encryption instead of the weaker Blowfish encryption. However, it’s much better than PPTP and, because it can be configured to use AES encryption, arguably more trustworthy than L2TP/IPsec.

Encryption 106

Encryption Authentication Access Security 106

The Last Watchdog

NOVEMBER 12, 2023

It’s important that as consumers are shopping for these smart home devices that they learn to recognize the Matter trademark so that they can make educated decisions.” Matter works much the way website authentication and website traffic encryption gets executed. We’re also moving on smart commercial buildings.

Security 229

Security Manufacturing Authentication Marketing 229

Security Affairs

FEBRUARY 20, 2024

Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 The operation led to the arrest of two members of the ransomware gang in Poland and Ukraine and the seizure of hundreds of crypto wallets used by the group.

Energy and Utilities 103

Energy and Utilities Ransomware Manufacturing Agriculture 103

Security Affairs

AUGUST 28, 2019

Recent campaigns show t hreat actors behind the Dridex and Locky malware families , the TA505 group, have updated tactics and expanded its target list. Trend Micro revealed that the TA505 group that is behind the Dridex and Locky malware families continue to make small changes to its operations. ” continues the report.

e-Delivery 71

e-Delivery Insurance Retail Government 71

Security Affairs

AUGUST 27, 2022

The collected samples were 64-bit Windows PE (Portable Executable) files and were used to target healthcare and education organizations in Indonesia, Saudi Arabia, South Africa, and Thailand. Our investigation showed that the samples had leaked accounts, customer passwords, and unique company IDs used as extensions of encrypted files.”

Ransomware 98

Ransomware Encryption Passwords Education 98

Security Affairs

DECEMBER 1, 2021

A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. According to Mandiant researchers, the group is a rebrand of Arcane and Eruption gangs. In September 2021, the security experts noticed a post on the exploit.in ” concludes the report.

Ransomware 121

Ransomware Education Encryption Security 121

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. Communication to and from the EdgeRouters involved encryption using a randomly generated 16-character AES key.

Energy and Utilities 99

Energy and Utilities Military Government Phishing 99

Security Affairs

FEBRUARY 21, 2024

. “The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group.”

Energy and Utilities 91

Energy and Utilities Ransomware Agriculture Manufacturing 91

Security Affairs

MAY 7, 2021

Hancitor became another commodity malware which partnered with ransomware gangs to help them gain initial access to target networks – the increasing trend outlined by Group-IB researchers in the recent Ransomware Uncovered 2020/2021 report. In addition, the group leveraged some custom tools for network reconnaissance. exe: Figure 3.

Ransomware 115

Ransomware Education Manufacturing Healthcare 115

The Last Watchdog

SEPTEMBER 7, 2022

This gives the perpetrator the access needed to launch the ransomware and lock the company out of its own infrastructure or encrypt files until the ransom is paid in cryptocurrency. In fact, ransomware-as-a-service is alive and well, educating would-be offenders on how to undertake an attack and even offering customer support.

Ransomware 124

Ransomware Education Phishing Financial Services 124

Thales Cloud Protection & Licensing

MARCH 23, 2022

19% of respondents cited attackers with geopolitical goals, such as nation-state affiliated groups, followed by external attackers with financial motivations (17%). The continued efforts of enterprises to identify, classify and protect sensitive data will prepare them for the eventual need to quickly deploy new encryption algorithms.

Risk 126

Risk Security Encryption Ransomware 126

Security Affairs

AUGUST 13, 2022

The ransomware was involved in attacks aimed at technology and healthcare, defense contractors, educational institutions, manufacturers, companies across Europe, the United States, and Canada. To each encrypted file, it appends a randomized nine-digit hexadecimal number as an extension. The ransomware can be deployed as a .dll

Ransomware 92

Ransomware Encryption Communications Manufacturing 92

IT Governance

NOVEMBER 24, 2022

The malicious software encrypts victims’ systems and forces them to pay money in return for the safe return of the data. Enough organisations have been willing to negotiate with criminal hackers that extortion has become the main option for many criminal hacking groups. Then came the rise in ransomware. Examples of cyber extortion.

IT 130

IT Ransomware Encryption Phishing 130

eDiscovery Daily

MARCH 14, 2019

In a post to Facebook last week, founder Mark Zuckerberg outlined a vision of the future that includes end-to-end encryption and an ephemeral lifespan for private messages and photos. Today we already see that private messaging, ephemeral stories, and small groups are by far the fastest growing areas of online communication.”.

Encryption 50

Encryption e-Discovery Communications Privacy 50

Hunton Privacy

AUGUST 28, 2013

On August 28, 2013, on the UK Information Commissioner’s Office’s (“ICO’s”) blog, Simon Rice, Technology Group Manager for the ICO, discussed the importance of encryption as a data security measure. Selecting the Correct Encryption Method. Selecting the Correct Encryption Method. Safeguarding the Encryption Key.

Encryption 40

Encryption Security Passwords Education 40

Security Affairs

JUNE 9, 2022

SentinelOne documented a series of attacks aimed at government, education, and telecom entities in Southeast Asia and Australia carried out by a previously undocumented Chinese-speaking APT tracked as Aoqin Dragon. “Aoqin Dragon is an active cyberespionage group that has been operating for nearly a decade.

Encryption 90

Encryption Education Cybersecurity Security 90

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 204

Ransomware Encryption Privacy Security awareness 204

IT Governance

APRIL 28, 2022

The group have put the information up for sale on the dark web, requesting just over $64,000 (about £51,000) in bitcoin. It instead takes a shock-and-awe approach, crippling the victim’s system, encrypting sensitive data and making it obvious that an attack is underway.

Ransomware 127

Ransomware Phishing Encryption Sales 127

Security Affairs

APRIL 19, 2023

UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Military 91

Military Access Cybersecurity Education 91

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. The second stage installs itself and loads the third stage using an encrypted, hardcoded path.

Communications 104

Communications Encryption Education Authentication 104

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 93

Security Ransomware Cybersecurity Authentication 93

eSecurity Planet

APRIL 5, 2023

Tens of thousands of new security vulnerabilities are discovered each year; the value of CISA’s KEV catalog is that it helps organizations prioritize the software and firmware flaws that threat groups are actively exploiting — and many of those exploited flaws are older ones that users have failed to apply patches for.

Ransomware 106

Ransomware Cybersecurity Education Encryption 106