Security Affairs

JUNE 6, 2023

Researchers from security firm Uptycs reported that threat actors linked to the Cyclops ransomware are offering a Go-based information stealer. The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. ” reads the report. ” reads the report. ” continues the report.

Ransomware 76

Ransomware Encryption Archiving File names 76

Security Affairs

JANUARY 7, 2022

Researchers warn of a new ransomware family, called ‘Night Sky,’ that uses a double-extortion model in attacks again businesses. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. No sample seen yet.

Ransomware 133

Ransomware Encryption File names Communications 133

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. The RAT was designed to steal data from victims while masquerading as a ransomware attack. G DATA experts discovered that the malware only renames files by appending the .crimson crimson extension.

Ransomware 128

Ransomware File names Encryption Passwords 128

eSecurity Planet

JULY 19, 2022

Discovered by malware hunter JAMESWT on Twitter, Lilith is ransomware designed to lock Windows machines. The malware exfiltrates data before encrypting the targeted devices to provide additional means of extortion. Also read: Best Ransomware Removal and Recovery Services. How Lilith Ransomware Operates.

Ransomware 120

Ransomware Encryption File names Government 120

Security Affairs

JUNE 5, 2021

Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. The Cyble Research team discovered that the company was the victim of the BlackCocaine Ransomware gang. BlackCocaine ” to the filenames of encrypted files. ” reads the post published by Cyble.

Ransomware 128

Ransomware Encryption File names Financial Services 128

Security Affairs

JUNE 30, 2022

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware , the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4.

Ransomware 107

Ransomware Cybersecurity Encryption Blockchain 107

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.

Ransomware 96

Ransomware File names Encryption Access 96

Security Affairs

MARCH 19, 2022

Cybersecurity firm Emsisoft released a free decryptor that allows the victims of the Diavol ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom. Pierluigi Paganini.

Ransomware 92

Ransomware File names Encryption Cybersecurity 92

Security Affairs

FEBRUARY 7, 2022

Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. Czech cybersecurity software firm Avast has released a decryption tool that could allow victims of the TargetCompany ransomware to recover their files for free under certain circumstances.

Ransomware 98

Ransomware Encryption Passwords File names 98

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. ” reads a blog post published by Bleepingcomputer.

Encryption 87

Encryption Ransomware Passwords File names 87

Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. Pierluigi Paganini.

Ransomware 123

Ransomware File names Archiving Encryption 123

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. ” continues the analysis.

Ransomware 144

Ransomware Encryption File names Security 144

Security Affairs

MAY 13, 2023

The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks. That’s quite unusual for a ransomware campaign since many prominent gangs brag about big targets and post them as victims on their data leak sites.

Ransomware 94

Ransomware Encryption Passwords File names 94

Security Affairs

JULY 8, 2022

Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. “A new ransomware known as Checkmate has recently been brought to our attention.

Ransomware 97

Ransomware Encryption Passwords File names 97

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. macaw extension to the file name of the encrypted files.

Ransomware 120

Ransomware File names Encryption Government 120

Security Affairs

MARCH 26, 2021

Experts identified Tor hidden services and clearnet URLs via various open-source reporting that could be associated with the activity of the Hades ransomware. Researchers from Crowdstrike speculate that the new variant is a successor to WastedLocker ransomware and linked the operations to Evil Corp operations. Pierluigi Paganini.

Ransomware 142

Ransomware Encryption File names Manufacturing 142

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ru website. . Pierluigi Paganini.

Encryption 67

Encryption Ransomware IT Phishing 67

Security Affairs

OCTOBER 27, 2021

Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Pierluigi Paganini.

Ransomware 95

Ransomware File names Encryption Cybersecurity 95

Security Affairs

MARCH 17, 2020

Operators behind a new piece of ransomware dubbed Nefilim have started threatening victims to release stolen data like other cybercrime gangs. A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware. share much of the same code.”

Ransomware 106

Ransomware Encryption File names Access 106

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. Now, we have information that their data may have possibly been leaked by Hive – a new ransomware group. Files leaked online. SecurityAffairs – hacking, ransomware).

Ransomware 107

Ransomware File names Archiving Encryption 107

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware 104

Ransomware Libraries File names Encryption 104

Threatpost

MAY 21, 2021

Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.

File names 103

File names Ransomware Encryption Security 103

Security Affairs

APRIL 3, 2022

Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system. Pierluigi Paganini.

Ransomware 119

Ransomware File names Archiving Encryption 119

Security Affairs

MARCH 3, 2020

The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. Pierluigi Paganini.

Ransomware 104

Ransomware File names Encryption Archiving 104

Security Affairs

FEBRUARY 25, 2019

The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims. A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000). rontok extension to the file names.

Ransomware 95

Ransomware File names Encryption Access 95

Security Affairs

SEPTEMBER 27, 2019

Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days after the release of WannaCryFake decryptor. Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days ago the researchers also released a free decryptor for the WannaCryFake ransomware.

Ransomware 76

Ransomware File names Encryption Security 76

Security Affairs

MAY 19, 2021

Conti ransomware also breached the network of Ireland’s Department of Health (DoH) but the ransomware failed to encrypt the systems. Researchers from BleepingComputer revealed that the Conti ransomware gang demanded a $20 million ransom.

Ransomware 87

Ransomware Encryption File names IoT 87

Security Affairs

MARCH 17, 2020

Coronavirus -themed attacks continue to increase, experts observed new Coronavirus ransomware that acts as a cover for Kpot Infostealer. In this campaign, crooks are exploiting the interest in the Coronavirus (COVID-19) outbreak to deliver a couple of malware, the CoronaVirus Ransomware and the Kpot information-stealing Trojan.

Ransomware 101

Ransomware Passwords File names Encryption 101

Security Affairs

APRIL 8, 2019

Researchers at Emsisoft developed a decryptor for the Planetary Ransomware family that could allow victims to decrypt their files for free. Good news for the victims of the Planetary Ransomware, security firm Emsisoft has released a decryptor that allows victims to decrypt their files for free. Pluto , or .Neptune

Ransomware 89

Ransomware Encryption File names Security 89

Security Affairs

MAY 6, 2020

Australian shipping giant Toll informed its customers that it has shut down some IT systems due to a new ransomware attack. The Australian transportation and logistics giant Toll Group informed its customers that it has shut down some IT systems after a new ransomware attack, it is the second infection disclosed by the company this year.

Ransomware 100

Ransomware Encryption File names IT 100

Security Affairs

AUGUST 26, 2019

A new ransomware, dubbed Nemty, appeared in the threat landscape over the weekend, it spreads via compromised RDP connections. A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. Below the ransom note dropped by the Nemty ransomware after the encryption process is completed.

Ransomware 95

Ransomware Encryption File names IT 95

Security Affairs

SEPTEMBER 7, 2019

A new ransomware tracked as Lilocked (or Lilu) by researchers is actively targeting servers and encrypting the data stored on them. The Lilocked ransomware has already infected thousands of Linux-based web servers since mid-July. The infection caused the encrypted files to appear in the Google search results.

Ransomware 83

Ransomware Encryption File names Security 83

Security Affairs

APRIL 27, 2020

The operators behind the Shade Ransomware (Troldesh) shut down their operations and released over 750,000 decryption keys. Good news for the victims of the infamous Shade Ransomware , the operators behind the threat have shut down their operations and released over 750,000 decryption keys. SecurityAffairs – Shade Ransomware, hacking).

Ransomware 124

Ransomware File names Education Encryption 124

Security Affairs

OCTOBER 11, 2019

Good news for the victims of the Nemty Ransomware , security researchers have released a free decryptor that could be used to recover files. I have great news for the victims of the recently discovered Nemty Ransomware , security researchers have released a free decryptor tool that could be used to recover files.

Ransomware 96

Ransomware File names Encryption Security 96

Security Affairs

APRIL 14, 2020

Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e. “The emails all contained a malicious Rich Text Format (RTF) phishing lure with the file name 20200323- sitrep -63- covid -19.

Ransomware 119

Ransomware Phishing File names Encryption 119

Security Affairs

JANUARY 28, 2020

The recently discovered Snake Ransomware has been targeting processes and files associated with industrial control systems (ICS). Security experts from SentinelOne reported that the recently discovered Snake Ransomware has been targeting processes and files associated with industrial control systems (ICS).

Ransomware 90

Ransomware Energy and Utilities Manufacturing Encryption 90

Security Affairs

NOVEMBER 18, 2019

NextCry is a new ransomware that was spotted by researchers while encrypting data on Linux servers in the wild. Security experts spotted new ransomware dubbed NextCry that targets the clients of the NextCloud file sync and share service. I realized immediately that my server got hacked and those files got encrypted.”

Ransomware 79

Ransomware Encryption File names Security 79