Education, Encryption, Groups and Security - Information Management Today

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

eSecurity Planet

SEPTEMBER 22, 2022

To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

Encryption

Encryption Ransomware Cybersecurity Education

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Security Affairs

MAY 12, 2023

CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350.

Education

Education Ransomware Encryption Communications

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption

Encryption Ransomware Education Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

However, there’s still a long way to go to achieve deep interoperability of interconnected services in a way that preserves privacy and is very secure. It’s important that as consumers are shopping for these smart home devices that they learn to recognize the Matter trademark so that they can make educated decisions.”

Security

Security Manufacturing Authentication Marketing

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Education Phishing

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs.

Ransomware

Ransomware Encryption Government Retail

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. “We’ve found someone who can crack the encryption.” Then came the unlikely call from an FBI agent. “Don’t pay,” the agent said.

Ransomware

Ransomware Encryption Manufacturing Phishing

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. Alex Holden is founder of Hold Security , a Milwaukee-based cybersecurity firm. “ TA505 “), and a newer ransom group known as Venus.

Ransomware

Ransomware Metadata Insurance Encryption

Vice Society ransomware gang is using a custom locker

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware

Ransomware Encryption File names Education

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

DECEMBER 14, 2023

Cryptographic inventories need finalizing and quantum safe encryption needs to be adopted for sensitive communications and data. Consumers will begin to see their favorite applications touting “quantum-secure encryption.” CISOs will have to get quantum resilient encryption on their cyber roadmap.

Cybersecurity

Cybersecurity Encryption Marketing Risk

News alert: SandboxAQ launches new open source framework to simplify cryptography management

The Last Watchdog

AUGUST 8, 2023

Steel “Modern cryptography management and cryptographic agility are essential for organizations of all sizes; however, there has been a distinct lack of open-source tools for developers to support these features,” said Graham Steel, Head of Product for SandboxAQ’s security group.

Libraries

Libraries Encryption Access Cybersecurity

Researchers found the first Linux variant of the RTM locker

Security Affairs

APRIL 27, 2023

The encryptor uses a combination of ECDH on Curve25519 (asymmetric encryption) and Chacha20 (symmetric encryption) to encrypt files. The group operates a ransomware-as-a-service (RaaS) and provides its malicious code to a network of affiliates by imposing strict rules. ” reads the analysis published by Uptycs.

Encryption

Encryption Ransomware Education Access

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Thales Cloud Protection & Licensing

MARCH 23, 2022

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies. Malware and accidental human error are the biggest security threats. When asked about the most frequent types of attacks, 56% of global respondents ranked malware as the leading source of security attacks. Thu, 03/24/2022 - 05:00. 2021 Report.

Risk

Risk Security Encryption Ransomware

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The Qilin ransomware-as-a-service (RaaS) group uses a double-extortion model, with most of the victims in the manufacturing and IT industries. The ransomware was originally written in Go language and was employed in attacks aimed at healthcare and education sectors in countries like Thailand and Indonesia. AGENDA.THIAFBB.”

Ransomware

Ransomware Encryption Passwords Education

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Cybersecurity Authentication

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Nominate Pierluigi Paganini and Security Affairs here here: [link] Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. We are in the final !

Security

Security Data breaches Ransomware Artificial Intelligence

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! billion rubles.

Security

Security Computer and Electronics Ransomware Marketing

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs

APRIL 16, 2023

The LockBit group is the first ransomware gang of all time that has created encryptors to target macOS systems, MalwareHunterTeam team warn. One of the encryptors developed by Lockbit, named ‘locker_Apple_M1_64’, can encrypt files of Mac systems running on the Apple silicon M1.

Archiving

Archiving Encryption Ransomware Education

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. ” continues the report.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog. “Others have gotten the message about the need for good backups, and probably don’t need to pay.

Ransomware

Ransomware Agriculture Encryption Access

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is warning of the capabilities of the recently emerged Royal ransomware. Unlike other ransomware operations, Royal doesn’t offer Ransomware-as-a-Service, it appears to be a private group without a network of affiliates. ” reads the alert. ” continues the alert.

Ransomware

Ransomware Encryption Cybersecurity Communications

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Security Affairs

MAY 15, 2023

The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia. Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South and Southeast Asia, as part of a long-running campaign.

Encryption

Encryption Phishing Communications Education

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Ransomware

Ransomware Education Encryption Authentication

Small and Medium Businesses Day: Tips on Securing the Backbone of National Economies

Thales Cloud Protection & Licensing

JUNE 26, 2023

Small and Medium Businesses Day: Tips on Securing the Backbone of National Economies madhav Tue, 06/27/2023 - 05:46 The United Nations General Assembly designated 27 June as Micro-, Small, and Medium-sized Enterprises Day to raise awareness of these businesses’ contribution to national economies. Strong access control through MFA 2.

Security

Security Encryption Cloud Cybersecurity

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. Source J.D. reads the alert.

Ransomware

Ransomware IT Encryption Education

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Security Affairs

OCTOBER 16, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Ransomware

Ransomware Education Encryption Access

New Linux Ransomware BlackSuit is similar to Royal ransomware

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. Another option is that BlackSuit emerged from a splinter group within the original Royal ransomware gang.”

Ransomware

Ransomware Encryption File names Cybersecurity

Expert Insight: Leon Teale

IT Governance

OCTOBER 23, 2023

Secure remote working tips and VPN insights from our senior penetration tester Leon Teale is a senior penetration tester at IT Governance. He’s also been featured in various articles relating to cyber security. So how can organisations efficiently secure their remote infrastructure? We sat down to chat to him.

Encryption

Encryption Authentication Access Security

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. The second stage payload is a heavily obfuscated shellcode, the APT group used an encryption method different for each sample. Pierluigi Paganini.

Manufacturing

Manufacturing Education Encryption IT

What the Email Security Landscape Looks Like in 2023

Security Affairs

MAY 12, 2023

Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? Recently, VIPRE Security Group published their Email Security in 2023 report , where they shared insights on the development of email-based threats and how they can impact organizations. It’s not likely to stop there.

Security

Security Phishing B2B Data breaches

Security Affairs newsletter Round 306

Security Affairs

MARCH 21, 2021

Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Security Affairs newsletter Round 306 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Security

Security Honeypots Ransomware Data breaches

Sabbath Ransomware target critical infrastructure in the US and Canada

Security Affairs

DECEMBER 1, 2021

A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. According to Mandiant researchers, the group is a rebrand of Arcane and Eruption gangs. In September 2021, the security experts noticed a post on the exploit.in Pierluigi Paganini.

Ransomware

Ransomware Education Encryption Security

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide. .

Energy and Utilities

Energy and Utilities Military Government Phishing

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 The operation led to the arrest of two members of the ransomware gang in Poland and Ukraine and the seizure of hundreds of crypto wallets used by the group.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

New Agenda Ransomware appears in the threat landscape

Security Affairs

AUGUST 27, 2022

The collected samples were 64-bit Windows PE (Portable Executable) files and were used to target healthcare and education organizations in Indonesia, Saudi Arabia, South Africa, and Thailand. Our investigation showed that the samples had leaked accounts, customer passwords, and unique company IDs used as extensions of encrypted files.”

Ransomware

Ransomware Encryption Passwords Education

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The ransomware can be deployed as a

Ransomware

Ransomware Encryption Communications Manufacturing

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

. “The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group.”

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

ICO Stresses Importance of Encryption for Data Security

Hunton Privacy

AUGUST 28, 2013

On August 28, 2013, on the UK Information Commissioner’s Office’s (“ICO’s”) blog, Simon Rice, Technology Group Manager for the ICO, discussed the importance of encryption as a data security measure. Selecting the Correct Encryption Method. Safeguarding the Encryption Key.

Encryption

Encryption Security Passwords Education

TA505 group updates tactics and expands the list of targets

Security Affairs

AUGUST 28, 2019

Recent campaigns show t hreat actors behind the Dridex and Locky malware families , the TA505 group, have updated tactics and expanded its target list. Trend Micro revealed that the TA505 group that is behind the Dridex and Locky malware families continue to make small changes to its operations. ” continues the report.

e-Delivery

e-Delivery Insurance Retail Government

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The increase in remote workforces and difficulty enforcing security controls with expanding perimeters has played a role in the rise of ransomware. This gives the perpetrator the access needed to launch the ransomware and lock the company out of its own infrastructure or encrypt files until the ransom is paid in cryptocurrency.

Ransomware

Ransomware Education Phishing Financial Services

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape. Google , Clearview AI , and Meta all receives hefty penalties in 2022, demonstrating the continued important of effective information security.

Security

Security Data breaches Ransomware Military

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Security Affairs

MAY 7, 2021

Hancitor became another commodity malware which partnered with ransomware gangs to help them gain initial access to target networks – the increasing trend outlined by Group-IB researchers in the recent Ransomware Uncovered 2020/2021 report. In addition, the group leveraged some custom tools for network reconnaissance. exe: Figure 3.

Ransomware

Ransomware Education Manufacturing Healthcare

What is Cyber Extortion and How Can It Be Prevented?

IT Governance

NOVEMBER 24, 2022

Organisations that suffer security incidents are sometimes said to be victims of “cyber extortion”, but it’s often unclear what exactly that phrase means. The malicious software encrypts victims’ systems and forces them to pay money in return for the safe return of the data. Then came the rise in ransomware.

IT

IT Ransomware Encryption Phishing

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Military

Military Access Cybersecurity Education

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Webinars

Trending Sources

Rorschach ransomware has the fastest file-encrypting routine to date

Webinars

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

Akira ransomware received $42M in ransom payments from over 250 victims

PYSA ransomware gang is the most active group in November

Researchers Quietly Cracked Zeppelin Ransomware Keys

New Ransom Payment Schemes Target Executives, Telemedicine

Vice Society ransomware gang is using a custom locker

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

News alert: SandboxAQ launches new open source framework to simplify cryptography management

Researchers found the first Linux variant of the RTM locker

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Experts found the first LockBit encryptor that targets macOS systems

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

REvil Ransomware Gang Starts Auctioning Victim Data

The U.S. CISA and FBI warn of Royal ransomware operation

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Small and Medium Businesses Day: Tips on Securing the Backbone of National Economies

City of Dallas shut down IT services after ransomware attack

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

New Linux Ransomware BlackSuit is similar to Royal ransomware

Expert Insight: Leon Teale

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

What the Email Security Landscape Looks Like in 2023

Security Affairs newsletter Round 306

Sabbath Ransomware target critical infrastructure in the US and Canada

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

More details about Operation Cronos that disrupted Lockbit operation

New Agenda Ransomware appears in the threat landscape

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

ICO Stresses Importance of Encryption for Data Security

TA505 group updates tactics and expands the list of targets

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

2022 Cyber Security Review of the Year

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

What is Cyber Extortion and How Can It Be Prevented?

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Stay Connected