9 Ransomware Enablers - and Tactics for Combating Them

Data Breach Today

Patch Management and Locking Down Remote Desktop Protocol Remain Essential Defenses Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks.

Ransomware Gangs and the Name Game Distraction

Krebs on Security

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation. Another ransomware family tied to Evil Corp.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Inside Ireland’s Public Healthcare Ransomware Scare

Krebs on Security

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. PWC’s timeline of the days leading up to the deployment of Conti ransomware on May 14.

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. “Ransomware has gathered a critical mass of nonsense, b t, hype, and fuss around it.

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Image: Abnormal Security. Image: Abnormal Security. ransomware

What is Cyber Security Awareness and Why is it Important?

IT Governance

For all the talk of criminal hacking, ransomware infections and the technologies to prevent them, the key to protecting your organisation is cyber security awareness training. The importance of cyber security staff awareness. Cyber security awareness best practices.

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Krebs on Security

The Russian government said today it arrested 14 people accused of working for “ REvil ,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations.

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

New Rook Ransomware borrows code from Babuk

Security Affairs

Recently launched ransomware operation, named Rook, made headlines for its announcement claiming a desperate need a lot of money. New ransomware variant, "Rook Ransomware", found on VT practicing searches/hunting on my day off.

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. R1 RCM Inc.

TellYouThePass ransomware resurges and exploits Log4Shell in recent attacks

Security Affairs

The TellYouThePass ransomware resurged and exploits the Apache Log4j flaw (Log4Shell) to target both Linux and Windows systems. Sangfor has captured a large number of Tellyouthepass ransomware interception logs” reads the analysis published by Sangfor.

Ransomware Roundup: Avaddon Exits; Clop Suspects Arrested

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the Avaddon ransomware gang's retirement and the crackdown on the Clop ransomware gang in Ukraine. Also featured: Bitcoin as ally in the ransomware battle; strengthening U.S.

Analysis: Securing RDP to Prevent Ransomware Attacks

Data Breach Today

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments

Lorenz ransomware gang stolen files from defense contractor Hensoldt

Security Affairs

German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware. Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware.

AvosLocker ransomware now targets Linux systems, including ESXi servers

Security Affairs

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. Security researcher MalwareHunterTeam confirmed that the ransomware gang is using the Linux encryptor since November 2021.

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Diebold Nixdorf takes the security of our systems and customer service very seriously.

ISMG Editors’ Panel: Ransomware Update

Data Breach Today

Also: Update on NIST 'Zero Trust' Initiative In the latest weekly update, three editors at Information Security Media Group discuss important cybersecurity issues, including the latest ransomware trends, plus an update on NIST's "zero trust" initiative

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.

Ransomware Gangs Are Not Infallible

Data Breach Today

The latest ISMG Security Report features the fallibility of ransomware gangs and why victims should always seek help from a reputable response firm, law enforcement or other qualified expert.

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Security Affairs

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. This is a new ransomware family, called Khonsari after the extension used on the encrypted files.”

AvosLocker Ransomware Gang Recruiting Affiliates, Partners

Data Breach Today

Malwarebytes: Gang Seeking 'Pentesters' and 'Access Brokers' A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Ransomware ransomware

Analysis of NoCry ransomware: A variant of the Judge ransomware

Security Affairs

Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. SecurityAffairs – hacking, NoCry ransomware).

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

Ukrainian police arrested members of a ransomware gang that targeted at least 50 companies in the U.S. Ukrainian police arrested members of a ransomware affiliate group that is responsible for attacking at least 50 companies in the U.S.

Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate

Security Affairs

The Lapsus$ ransomware hit Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso. The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal. SecurityAffairs – hacking, Lapsus$ ransomware).

Night Sky, a new ransomware operation in the threat landscape

Security Affairs

Researchers warn of a new ransomware family, called ‘Night Sky,’ that uses a double-extortion model in attacks again businesses. Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names.

Analysis: The Persistent Ransomware Threat

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the persistent threat of ransomware. Also featured: Sorting out breaches tied to Accellion’s File Transfer Appliance; an update on fraud trends in 2021

FIN12 Ransomware Attacks Aggressively Targeting Healthcare

Data Breach Today

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. Researchers from MalwareHunterteam first spotted the ransomware family, once encrypted a file, the ransomware appends the ‘.

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog.

Hades Ransomware Has Targeted 7 Large Companies

Data Breach Today

Accenture Security: Attackers Focus on Those With Over $1 Billion in Revenue At least seven companies with annual revenue of over $1 billion have been hit so far this year by Hades ransomware, according to an Accenture Security report

BlackMatter ransomware also targets VMware ESXi servers

Security Affairs

The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform. Lile other ransomware operations, BlackMatter also set up its leak sitewhere it will publish data exfiltrated from the victims before encrypting their system.

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020 , it was observed targeting only Windows systems. SecurityAffairs – hacking, ransomware).

Analysis: Changing Nature of Ransomware Attacks

Data Breach Today

This edition of the ISMG Security Report features an analysis of comments from the former head of Britain's GCHQ intelligence agency, Robert Hannigan, on the changing nature of ransomware attacks.

Analysis: Top Ransomware Gangs Targeting Healthcare Sector

Data Breach Today

Globally Ransomware attacks are continuing to threaten the U.S. HHS Says Several Factors Making Healthcare a Favorite Target in U.S.,

Security Firm Prosegur Hit By Ryuk Ransomware

Data Breach Today

Incident May Have Disrupted Networked Security Cameras Global security company Prosegur has blamed Ryuk ransomware for a service disruption that started Wednesday, which may have hampered networked alarms.

Groove ransomware group calls on other ransomware gangs to hit US public sector

Security Affairs

Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. Omri Segev Moyal , CEO and co-founder of security firm Profero, told TheRecord that the threat actors split the funds into multiple wallets.

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents. Ransomware ransomware Tyler Technologies tylertech.com