Security Affairs

JANUARY 7, 2022

Researchers warn of a new ransomware family, called ‘Night Sky,’ that uses a double-extortion model in attacks again businesses. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. No sample seen yet.

Ransomware 127

Ransomware Encryption File names Communications 127

Security Affairs

JULY 15, 2022

Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. log), swap files(.vswp), vmdk), snapshot files (.vmsn)

Ransomware 126

Ransomware Encryption File names Risk 126

Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. Pierluigi Paganini.

Ransomware 118

Ransomware File names Archiving Encryption 118

Security Affairs

OCTOBER 24, 2022

The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. SecurityAffairs – hacking, Cuba ransomware).

Ransomware 93

Ransomware Phishing File names IT 93

eSecurity Planet

JULY 19, 2022

Discovered by malware hunter JAMESWT on Twitter, Lilith is ransomware designed to lock Windows machines. While Lilith does not introduce any innovative approach, according to Cyble, it clearly shows a trend in the current ransomware landscape. Also read: Best Ransomware Removal and Recovery Services. The malware uses a custom “.lilith”

Ransomware 114

Ransomware Encryption File names Government 114

Security Affairs

JUNE 5, 2021

Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. The Cyble Research team discovered that the company was the victim of the BlackCocaine Ransomware gang. BlackCocaine ” to the filenames of encrypted files. BlackCocaine ” to the filenames of encrypted files.

Ransomware 122

Ransomware Encryption File names Financial Services 122

Security Affairs

JUNE 6, 2023

Researchers from security firm Uptycs reported that threat actors linked to the Cyclops ransomware are offering a Go-based information stealer. The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. ” reads the report. The data is then exfiltrated to the attacker’s server.”

Ransomware 71

Ransomware Encryption Archiving File names 71

Security Affairs

FEBRUARY 7, 2022

Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. Czech cybersecurity software firm Avast has released a decryption tool that could allow victims of the TargetCompany ransomware to recover their files for free under certain circumstances.

Ransomware 98

Ransomware Encryption Passwords File names 98

Security Affairs

JUNE 30, 2022

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware , the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4.

Ransomware 107

Ransomware Cybersecurity Encryption Blockchain 107

Security Affairs

MARCH 19, 2022

Cybersecurity firm Emsisoft released a free decryptor that allows the victims of the Diavol ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom. Pierluigi Paganini.

Ransomware 87

Ransomware File names Encryption Cybersecurity 87

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. ” reads the analysis published by Sophos. .

Ransomware 144

Ransomware Encryption File names Security 144

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. macaw extension to the file name of the encrypted files.

Ransomware 114

Ransomware File names Encryption Government 114

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. Now, we have information that their data may have possibly been leaked by Hive – a new ransomware group. Files leaked online. SecurityAffairs – hacking, ransomware).

Ransomware 102

Ransomware File names Archiving Encryption 102

Security Affairs

OCTOBER 27, 2021

Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Pierluigi Paganini.

Ransomware 89

Ransomware File names Encryption Cybersecurity 89

eSecurity Planet

AUGUST 23, 2021

Ransomware attackers, who use myriad methods to get their malware into the systems of businesses large and small in hopes of pulling down millions of dollars, are now going directly to the source. Evolving Ransomware Scene. million ransomware attacks in the first six months of 2021, compared with 121.5 There were 304.7

Ransomware 127

Ransomware Phishing Cybersecurity File names 127

Security Affairs

JULY 8, 2022

Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. “A new ransomware known as Checkmate has recently been brought to our attention.

Ransomware 92

Ransomware Encryption Passwords File names 92

Security Affairs

MAY 13, 2023

The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks. That’s quite unusual for a ransomware campaign since many prominent gangs brag about big targets and post them as victims on their data leak sites.

Ransomware 89

Ransomware Encryption Passwords File names 89

Security Affairs

APRIL 3, 2022

Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system. Pierluigi Paganini.

Ransomware 115

Ransomware File names Archiving Encryption 115

Security Affairs

MARCH 26, 2021

Experts identified Tor hidden services and clearnet URLs via various open-source reporting that could be associated with the activity of the Hades ransomware. Researchers from Crowdstrike speculate that the new variant is a successor to WastedLocker ransomware and linked the operations to Evil Corp operations. Pierluigi Paganini.

Ransomware 139

Ransomware Encryption File names Manufacturing 139

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware 99

Ransomware Libraries File names Encryption 99

Security Affairs

MARCH 3, 2020

The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. Pierluigi Paganini.

Ransomware 101

Ransomware File names Encryption Archiving 101

Security Affairs

MARCH 17, 2020

Operators behind a new piece of ransomware dubbed Nefilim have started threatening victims to release stolen data like other cybercrime gangs. A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware. share much of the same code.”

Ransomware 104

Ransomware Encryption File names Access 104

Security Affairs

SEPTEMBER 12, 2022

Cisco confirmed the May attack and that the data leaked by the Yanluowang ransomware group was stolen from its systems. In August, Cisco disclosed a security breach, the Yanluowang ransomware gang breached its corporate network in late May and stole internal data. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 99

Ransomware IT Authentication File names 99

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. ” continues the paper.

Encryption 87

Encryption Ransomware Paper Blockchain 87

Threatpost

MAY 21, 2021

Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.

File names 103

File names Ransomware Encryption Security 103

Security Affairs

FEBRUARY 25, 2019

The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims. A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000). rontok extension to the file names.

Ransomware 91

Ransomware File names Encryption Access 91

Security Affairs

APRIL 27, 2020

The operators behind the Shade Ransomware (Troldesh) shut down their operations and released over 750,000 decryption keys. Good news for the victims of the infamous Shade Ransomware , the operators behind the threat have shut down their operations and released over 750,000 decryption keys. SecurityAffairs – Shade Ransomware, hacking).

Ransomware 118

Ransomware File names Education Encryption 118

Security Affairs

FEBRUARY 24, 2022

Experts reported that the wiper attacks that yesterday hit hundreds of systems in Ukraine used a GoLang-based ransomware decoy. New information shared by Symantec on the data wiper attacks revealed that, in some cases, threat actors used a GoLang-based ransomware decoy. ” reads the report published by Symantec.

Ransomware 92

Ransomware File names Cybersecurity Security 92

Security Affairs

SEPTEMBER 27, 2019

Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days after the release of WannaCryFake decryptor. Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days ago the researchers also released a free decryptor for the WannaCryFake ransomware.

Ransomware 74

Ransomware File names Encryption Security 74

Security Affairs

MAY 19, 2021

Conti ransomware also breached the network of Ireland’s Department of Health (DoH) but the ransomware failed to encrypt the systems. Last week, Conti ransomware gang targeted the Ireland’s Health Service Executive that was forced to shut down its IT systems on Friday after being targeted with a significant ransomware attack.

Ransomware 85

Ransomware Encryption File names IoT 85

Security Affairs

MARCH 17, 2020

Coronavirus -themed attacks continue to increase, experts observed new Coronavirus ransomware that acts as a cover for Kpot Infostealer. In this campaign, crooks are exploiting the interest in the Coronavirus (COVID-19) outbreak to deliver a couple of malware, the CoronaVirus Ransomware and the Kpot information-stealing Trojan.

Ransomware 97

Ransomware Passwords File names Encryption 97

Security Affairs

APRIL 14, 2020

Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e. “The emails all contained a malicious Rich Text Format (RTF) phishing lure with the file name 20200323- sitrep -63- covid -19.

Ransomware 114

Ransomware Phishing File names Encryption 114

Security Affairs

OCTOBER 11, 2019

Good news for the victims of the Nemty Ransomware , security researchers have released a free decryptor that could be used to recover files. I have great news for the victims of the recently discovered Nemty Ransomware , security researchers have released a free decryptor tool that could be used to recover files.

Ransomware 92

Ransomware File names Encryption Security 92

IT Governance

NOVEMBER 17, 2022

The Australian health insurance giant fell victim to ransomware in October, as a result of which the personal data of 9.7 In most cases, basic personal information – such as their name, date of birth, email address, phone number and gender – was exposed. million current and former customers was compromised. From bad to worse.

IT 107

IT Ransomware Security Data breaches 107

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine.”

Encryption 98

Encryption Ransomware Energy and Utilities File names 98

Security Affairs

AUGUST 26, 2019

A new ransomware, dubbed Nemty, appeared in the threat landscape over the weekend, it spreads via compromised RDP connections. A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. Below the ransom note dropped by the Nemty ransomware after the encryption process is completed.

Ransomware 91

Ransomware Encryption File names IT 91

Security Affairs

APRIL 8, 2019

Researchers at Emsisoft developed a decryptor for the Planetary Ransomware family that could allow victims to decrypt their files for free. Good news for the victims of the Planetary Ransomware, security firm Emsisoft has released a decryptor that allows victims to decrypt their files for free. Pierluigi Paganini.

Ransomware 86

Ransomware Encryption File names Security 86