Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Ransomware 287

Ransomware Sales Education Government 287

Security Affairs

NOVEMBER 6, 2024

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record system. A ransomware attack hit Memorial Hospital and Manor in Bainbridge, Georgia, and disrupted the access to its Electronic Health Record system. Ransomware attacks on U.S. terabytes of data.

Ransomware 313

Ransomware Paper Data breaches Access 313

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack. The gang claimed they had stolen databases containing 6.5

Ransomware 285

Ransomware Data breaches Cybersecurity Access 285

Security Affairs

JANUARY 22, 2025

Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024.

Ransomware 246

Ransomware Access e-Discovery Phishing 246

Security Affairs

NOVEMBER 26, 2024

Blue Yonder, a supply chain software provider, suffered a ransomware attack, impacting operations for clients like Starbucks and grocery stores. A ransomware attack on Blue Yonder disrupted operations for several customers, including Starbucks and U.K. Blue Yonder confirmed it was the victim of a ransomware attack.

Ransomware 290

Ransomware Retail Manufacturing Cloud 290

Security Affairs

JANUARY 16, 2025

The Clop ransomware gang claims dozens of victims from a Cleo file transfer vulnerability, though several companies dispute the breaches. The Clop ransomware group added 59 new companies to its leak site, the gain claims to have breached them by exploiting a vulnerability in Cleo file transfer products. are still exploitable.

Ransomware 177

Ransomware Cybersecurity IT Security 177

Security Affairs

JUNE 18, 2024

Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Today, this tactic has evolved, where ransomware operators in nearly every case first exfiltrate sensitive data and then threaten to publicly expose it if a ransom demand is not paid.

Ransomware 352

Ransomware Insurance Cybersecurity B2B 352

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The initial access to the target network was via Secure Shell (SSH) protocol and attackers exfiltrated critical data before deploying Akira ransomware the following day.

Ransomware 351

Ransomware Encryption Access Security 351

Security Affairs

OCTOBER 19, 2024

This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Overlapping indicators link these cases to prior Fog and Akira ransomware attacks. In one case, attackers dropped Fog ransomware.

IT 325

IT Ransomware Authentication Cybersecurity 325

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. TB of stolen data. The group claims the theft of 1.4

Ransomware 268

Ransomware Manufacturing IT Security 268

Security Affairs

AUGUST 23, 2024

Sophos researchers investigated a Qilin ransomware breach attack that led to the theft of credentials stored in Google Chrome browsers. Sophos researchers investigated a Qilin ransomware attack where operators stole credentials stored in Google Chrome browsers of a limited number of compromised endpoints. ” concludes the report.

Ransomware 338

Ransomware Passwords Mining Encryption 338

Data Breach Today

OCTOBER 23, 2024

New Ransomware Group Deploys Rust-Based Tools in Attacks A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers. Embargo first surfaced in April amid an ongoing shakeup in the ransomware world.

Ransomware 320

Ransomware Security 320

Security Affairs

SEPTEMBER 2, 2024

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in the threat landscape and already targeted tens of companies. Cicada3301 is a new ransomware-as-a-service (RaaS) operation that appeared in the threat landscape. The Cicada3301 ransomware is written in Rust and targets both Windows and Linux/ESXi hosts.

Ransomware 338

Ransomware Encryption Libraries IT 338

Security Affairs

AUGUST 20, 2024

Blockchain analysis firm Chainalysis revealed that ransomware payments rose by approximately 2%, from $449.1 Blockchain analysis firm Chainalysis revealed that while overall on-chain illicit activity has decreased by nearly 20% year-to-date, stolen funds and ransomware significantly increased. million to $459.8 million to $459.8

Ransomware 334

Ransomware Blockchain Access IT 334

Security Affairs

JUNE 22, 2024

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments. RansomHub ransomware operation relies on a new Linux version of the encrypted to target VMware ESXi environments. Knight, also known as Cyclops 2.0, appeared in the threat landscape in May 2023.

Ransomware 351

Ransomware Encryption File names Communications 351

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware 353

Ransomware Data breaches Digital transformation Encryption 353

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. Cado Security Labs recently became aware that Cerber ransomware is being deployed into Confluence servers via the CVE-2023-22518 exploit. ” states Cado Security. ” continues the report.

Ransomware 361

Ransomware Encryption Access IT 361

Security Affairs

SEPTEMBER 17, 2024

The personal information of a million individuals was published online following a ransomware attack that in June disrupted NHS hospitals in London. In June, a ransomware attack on pathology and diagnostic services provider Synnovis has severely impacted the operations at several major NHS hospitals in London.

Ransomware 334

Ransomware IT Security Data breaches 334

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. It was this first time that the operators adopted this tactic.

Ransomware 351

Ransomware Encryption Education Phishing 351

Security Affairs

JULY 19, 2024

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation.

Ransomware 354

Ransomware Encryption Government Access 354

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. The threat actors had access to the company systems between September 4 and September 30, 2023, when they deployed ransomware.

Data breaches 334

Data breaches Ransomware Manufacturing Encryption 334

Security Affairs

JULY 9, 2024

Avast developed and released a decryptor for the DoNex ransomware family that allows victims to recover their files for free. Avast researchers identified a cryptographic flaw in the DoNex ransomware and its predecessors that allowed them to develop a decryptor. “All brands of the DoNex ransomware are supported by the decryptor.”

Ransomware 319

Ransomware IT Encryption Passwords 319

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang are jointly conducting a ransomware campaign targeting various organizations in multiple countries, Cisco Talos reported. The GhostLocker 2.0 246 located in Moscow, Russia.”

Ransomware 353

Ransomware Encryption IT Security 353

Security Affairs

MAY 5, 2024

FuckRansomware pic.twitter.com/uD09m7AukH — Jon DiMaggio (@Jon__DiMaggio) May 5, 2024 However, researchers at VX-underground have spoken with Lockbit ransomware group administrative staff regarding the return of the old domain and the gang claims law enforcement is lying. Lockbit ransomware group states law enforcement is lying.

Ransomware 353

Ransomware Encryption IT Government 353

Security Affairs

FEBRUARY 13, 2024

Authorities in Romania reported that at least 100 hospitals went offline after a ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed that a ransomware attack that targeted the Hipocrate Information System (HIS) has disrupted operations for at least 100 hospitals. The threat actors demand the payment of 3.5

Ransomware 349

Ransomware Cleanup Encryption Cybersecurity 349

Security Affairs

FEBRUARY 9, 2024

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company.

Ransomware 357

Ransomware Data breaches Manufacturing Sales 357

Security Affairs

APRIL 25, 2024

A ransomware attack on a Swedish logistics company Skanlog severely impacted the country’s liquor supply. Skanlog, a critical distributor for Systembolaget, the Swedish government-owned retail chain suffered a ransomware attack. Systembolaget has a monopoly on the sale of alcoholic beverages containing more than 3.5%

Ransomware 342

Ransomware Retail Sales Government 342

Security Affairs

JUNE 6, 2024

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi environments using a custom shell script. A new variant of the TargetCompany ransomware group uses a custom shell script as a means of payload delivery and execution, this is the first time the technique was observed in the wild.

Ransomware 325

Ransomware File names Encryption Communications 325

Security Affairs

SEPTEMBER 11, 2024

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and response (EDR) systems. The RansomHub ransomware gang is using the TDSSKiller tool to disable endpoint detection and response (EDR) systems, Malwarebytes ThreatDown Managed Detection and Response (MDR) team observed.

Ransomware 330

Ransomware Cybersecurity Security Access 330

Security Affairs

AUGUST 18, 2024

The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. The Mad Liberator ransomware group has been active since July 2024, it focuses on data exfiltration instead of data encryption. .”

Ransomware 362

Ransomware Access Encryption IT 362

Security Affairs

JULY 13, 2024

The American drugstore chain giant Rite Aid suffered a data breach following a cyberattack in June conducted by the RansomHub ransomware group. On May 2023, Rite Aid suffered another cyberattack, it was one of the hundreds of organizations that were breached in the MOVEit hacking campaign by the Cl0p ransomware gang.

Data breaches 346

Data breaches Ransomware Insurance Cybersecurity 346

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. ” states the report published by the NJCCIC. 177 and 185[.]215[.]113[.]66.

Phishing 330

Phishing Ransomware Security awareness Authentication 330

Security Affairs

JULY 31, 2024

hospitals, suffered a ransomware attack that disrupted its medical operations. A disruptive ransomware attack hit OneBlood and disrupted its medical operations. In July, the LockBit ransomware group breached another hospital in the United States, the victim is the Fairfield Memorial Hospital in Illinois.

Ransomware 336

Ransomware Data breaches Communications Access 336

Security Affairs

AUGUST 8, 2024

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The update includes new TTPs, IOCs, and detection methods related to BlackSuit ransomware.

Ransomware 327

Ransomware Communications Manufacturing Phishing 327

Security Affairs

AUGUST 7, 2024

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. The Rhysida Ransomware group claims to have breached Bayhealth Hospital and added the hospital to the list of victims on its Tor leak site. Bayhealth Hospital in Dover, Delaware breached by Rhysida Ransomware.

Ransomware 340

Ransomware Manufacturing Libraries Education 340