Security Affairs

JANUARY 17, 2022

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020 , it was observed targeting only Windows systems. Recently, Rising captured the Linux platform variant of the ransomware.”

Ransomware 364

Ransomware Encryption Libraries Communications 364

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware 338

Ransomware Libraries File names Encryption 338

Security Affairs

SEPTEMBER 2, 2024

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in the threat landscape and already targeted tens of companies. Cicada3301 is a new ransomware-as-a-service (RaaS) operation that appeared in the threat landscape. The Cicada3301 ransomware is written in Rust and targets both Windows and Linux/ESXi hosts.

Ransomware 338

Ransomware Encryption Libraries IT 338

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. pysa file extension that gives the name to this piece ransomware.

Ransomware 355

Ransomware Government Encryption Passwords 355

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group claimed to have breached the Abdali Hospital in Jordan and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware 347

Ransomware Manufacturing Education Libraries 347

Security Affairs

DECEMBER 17, 2021

The Conti ransomware gang is the first ransomware operation exploiting the Log4Shell vulnerability to target VMware vCenter Servers. Conti ransomware gang is the first professional race that leverages Log4Shell exploit to compromise VMware vCenter Server installs. ” reads the analysis published by AdvIntel. .

Ransomware 345

Ransomware Energy and Utilities IT Libraries 345

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. King Edward VII’s Hospital in London has been breached by Rhysida Ransomware.

Ransomware 349

Ransomware Manufacturing Education Libraries 349

Security Affairs

AUGUST 7, 2024

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. The Rhysida Ransomware group claims to have breached Bayhealth Hospital and added the hospital to the list of victims on its Tor leak site. Bayhealth Hospital in Dover, Delaware breached by Rhysida Ransomware.

Ransomware 340

Ransomware Manufacturing Libraries Education 340

Security Affairs

APRIL 14, 2020

Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e. AgentTesla ). ” continues the analysis. Pierluigi Paganini. SecurityAffairs – Coronavirus-themed attacks, hacking).

Ransomware 360

Ransomware Phishing Government File names 360

Security Affairs

OCTOBER 14, 2021

The popular Google’s VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples. VirusTotal has published its first ransomware activity report based on the analysis of more than 80 million samples that have been uploaded from 140 countries worldwide. percent of the submitted samples.

Ransomware 313

Ransomware Libraries IT Security 313

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn.

Encryption 345

Encryption Ransomware Blockchain Analytics 345

Security Affairs

FEBRUARY 12, 2024

Researchers discovered a vulnerability in the code of the Rhysida ransomware that allowed them to develop a decryption tool. Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware.

Ransomware 325

Ransomware Encryption Paper Manufacturing 325

Security Affairs

SEPTEMBER 12, 2018

Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. “In late July and throughout August, we observed waves of spam email delivering the PyLocky ransomware. Securi ty Affairs – pylocky ransomware, malware).

Ransomware 274

Ransomware Libraries Encryption Archiving 274

Security Affairs

FEBRUARY 2, 2022

Cyber security team at retail giant Walmart dissected a new ransomware family dubbed Sugar, which implements a ransomware-as-a-service model. The cyber threat team at retail giant Walmart has analyzed a new ransomware family dubbed Sugar, which is offered through a ransomware-as-a-service (RaaS) model. Pierluigi Paganini.

Ransomware 277

Ransomware Retail Libraries Encryption 277

Security Affairs

DECEMBER 22, 2021

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs.

Ransomware 290

Ransomware Encryption Government Retail 290

Security Affairs

JULY 10, 2022

French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services. . The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services. . SecurityAffairs – hacking, ransomware).

Ransomware 282

Ransomware Personal data Libraries Phishing 282

Security Affairs

JUNE 22, 2021

DarkRadiation is a new strain of ransomware implemented in Bash that targets Linux and Docker cloud containers and leverages Telegram for C2. Trend Micro researchers spotted a new strain of ransomware, dubbed DarkRadiation, which is writted in Bash script and target Linux distributions (Red Hat/CentOS and Debian) and Docker cloud containers.

Ransomware 294

Ransomware Encryption Passwords Cloud 294

Security Affairs

MARCH 17, 2021

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. The malicious code appended the extension .

Education 306

Education Ransomware Encryption Government 306

Security Affairs

JULY 1, 2023

Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. The authors used Microsoft Linker version 14.35.

Ransomware 246

Ransomware Encryption Libraries Education 246

Security Affairs

JULY 2, 2019

A new Ransomware appeared in the threat landscape, the malware began to threats the digital world. A new Ransomware began to threats the digital world. Unlike most ransomware, LooCipher uses a macro-weaponized document as dropper of the real threat. Ransomware excluded folders. Introduction. Technical Analysis.

Ransomware 279

Ransomware Encryption Blockchain Libraries 279

Security Affairs

MARCH 19, 2019

A new strain of ransomware tracked as JNEC.a The ransomware was involved in the attacks observed by the Qihoo 360 Threat Intelligence Center in the wild, threat actors used an archive named “vk_4221345.rar” Possibly the first #ransomware (vk_4221345.rar) rar” that delivers JNEC. rar” that delivers JNEC. bitcoins (about $200).

Ransomware 257

Ransomware Archiving Encryption Libraries 257

Security Affairs

JANUARY 11, 2019

Victims of the PyLocky Ransomware can use a tool released by security researcher Mike Bautista at Cisco Talos group to decrypt their files for free. I have good and bad news for the victims of the PyLocky Ransomware. PyLocky Ransomware Decryption Tool Released — Unlock Files For Free. Pierluigi Paganini.

Ransomware 279

Ransomware Encryption Passwords Libraries 279

Security Affairs

FEBRUARY 23, 2019

A new piece of ransomware called Cr1ptT0r infects embedded systems and network attached storage (NAS) devices exposed online. A new piece of ransomware called Cr1ptT0r was discovered by experts, it infects embedded systems and network attached storage (NAS) devices exposed online. No extension added to locked files. Pierluigi Paganini.

Ransomware 276

Ransomware Encryption File names Libraries 276

Security Affairs

OCTOBER 16, 2022

Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. ” continues the report.

Ransomware 264

Ransomware Encryption Access Libraries 264

Security Affairs

OCTOBER 25, 2022

The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. Now the ransomware gang Hive started leaking the alleged stolen files on its Tor leak site. The main difference between the new variant of the Hive ransomware and old ones is the programming language used by the operators.

Ransomware 264

Ransomware Blockchain Data breaches Encryption 264

Schneier on Security

MARCH 29, 2024

You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but.

Libraries 134

Libraries Ransomware 134

Security Affairs

JANUARY 6, 2023

Microsoft warns of different ransomware families (KeRanger, FileCoder, MacRansom, and EvilQuest) targeting Apple macOS systems. Microsoft Security Threat Intelligence team warns of four different ransomware families ( KeRanger , FileCoder , MacRansom , and EvilQuest ) that impact Apple macOS systems.

Ransomware 246

Ransomware Encryption Libraries Security 246

Security Affairs

OCTOBER 27, 2022

DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks. . The final-stage malware was the Clop ransomware. exe to execute a malicious command.

Ransomware 273

Ransomware Access Encryption Data collection 273

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries 363

Libraries Ransomware Access Security 363

Security Affairs

AUGUST 12, 2019

Canon DSLR Camera Infected with Ransomware Over the Air. A researcher discovered 6 flaws in the image transfer protocol used in Canon EOS 80D DSLR cameras that allow him to infect the device with ransomware over the air. An attacker could exploit the flaw to compromise the device and install ransomware on the camera.

Ransomware 277

Ransomware Encryption Libraries Authentication 277

Security Affairs

FEBRUARY 19, 2019

Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. Trend of malicious JavaScript downloading Shade ransomware (source: ESET).

Ransomware 230

Ransomware Mining File names Encryption 230

Security Affairs

FEBRUARY 14, 2022

The attack, which likely was a ransomware attack, impacted the computer network of the TV channel and caused the cancellation of the evening edition of 24UR daily news show. The post Alleged ransomware attack disrupted operations at Slovenia’s Pop TV station appeared first on Security Affairs. ” Source Broadbandtvnews. .

Ransomware 246

Ransomware Libraries Security IT 246

Data Breach Today

JANUARY 18, 2024

Also: FBI Warning About Androxgh0st; eBay Pays a $3 Million Fine for Cyberstalking This week, Microsoft expanded plans to store EU citizens' data locally, shipping-themed phishing spam is a threat, the British Library overcame a ransomware setback, the FBI warned of Androxgh0st malware, Remcos RAT targeted South Korea, and eBay was fined $3 million (..)

Libraries 308

Libraries Phishing Ransomware 308

Security Affairs

JUNE 17, 2022

“Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker.” ” reads the post published by Proofpoint.

Libraries 282

Libraries Encryption Ransomware Cloud 282

Security Affairs

JANUARY 1, 2022

ransomware attack. Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants. Accenture has been hit by a LockBit 2.0 Pierluigi Paganini.

Security 290

Security Libraries Ransomware Passwords 290

Dark Reading

NOVEMBER 17, 2023

The library said that it expects many of its services to be restored in the forthcoming weeks.

Libraries 116

Libraries Ransomware IT 116

Security Affairs

JANUARY 3, 2022

CNA Financial (March 2021) – CNA Financial, one of the largest insurance companies in the US, reportedly paid a $40 ransom to restore access to its files following a ransomware attack that took place in March. Bloomberg was informed about the payment by two people familiar with the attack. The pipeline allows carrying 2.5

Ransomware 352

Ransomware Cybersecurity Access Insurance 352