Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Ransomware 284

Ransomware Education Sales Government 284

Security Affairs

MARCH 24, 2025

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney Generals Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office.

Ransomware 253

Ransomware Manufacturing Paper Archiving 253

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack. The gang claimed they had stolen databases containing 6.5

Ransomware 283

Ransomware Data breaches Cybersecurity Access 283

Security Affairs

NOVEMBER 6, 2024

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record system. A ransomware attack hit Memorial Hospital and Manor in Bainbridge, Georgia, and disrupted the access to its Electronic Health Record system. Ransomware attacks on U.S. terabytes of data.

Ransomware 309

Ransomware Paper Data breaches Access 309

Security Affairs

MARCH 26, 2025

Resecurity found an LFI flaw in the leak site of BlackLock ransomware, exposing clearnet IPs and server details. Resecurity has identified a Local File Include (LFI) vulnerability in Data Leak Site (DLS) of BlackLock Ransomware. BlackLock Ransomware was named as one of the fastest-growing ransomware strains for today.

Ransomware 188

Ransomware Cybersecurity Government IT 188

Security Affairs

NOVEMBER 26, 2024

Blue Yonder, a supply chain software provider, suffered a ransomware attack, impacting operations for clients like Starbucks and grocery stores. A ransomware attack on Blue Yonder disrupted operations for several customers, including Starbucks and U.K. Blue Yonder confirmed it was the victim of a ransomware attack.

Ransomware 287

Ransomware Retail Manufacturing Cloud 287

Security Affairs

JANUARY 22, 2025

Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024. ” concludes the report.

Ransomware 246

Ransomware Access e-Discovery Phishing 246

Data Breach Today

OCTOBER 23, 2024

New Ransomware Group Deploys Rust-Based Tools in Attacks A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers.

Ransomware 320

Ransomware Security 320

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) In one case, attackers dropped Fog ransomware.

IT 321

IT Ransomware Authentication Cybersecurity 321

Security Affairs

JANUARY 16, 2025

The Clop ransomware gang claims dozens of victims from a Cleo file transfer vulnerability, though several companies dispute the breaches. The Clop ransomware group added 59 new companies to its leak site, the gain claims to have breached them by exploiting a vulnerability in Cleo file transfer products. are still exploitable.

Ransomware 174

Ransomware Cybersecurity IT Security 174

The Last Watchdog

DECEMBER 16, 2024

Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Salzman Shirley Slazman , CEO, SeeMetrics In 2025, organizations will recognize that adding more tools doesnt equate to better security. This empowers them to proactively prioritize what matters most.

Security 264

Security Phishing IoT Risk 264

Security Affairs

JUNE 18, 2024

Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Today, this tactic has evolved, where ransomware operators in nearly every case first exfiltrate sensitive data and then threaten to publicly expose it if a ransom demand is not paid.

Ransomware 350

Ransomware Insurance Cybersecurity B2B 350

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. TB of stolen data. The group claims the theft of 1.4

Ransomware 265

Ransomware Manufacturing IT Security 265

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The initial access to the target network was via Secure Shell (SSH) protocol and attackers exfiltrated critical data before deploying Akira ransomware the following day.

Ransomware 348

Ransomware Encryption Access Security 348

Security Affairs

MARCH 24, 2025

“In this scenario, criminals use free online document converter tools to load malware onto victims computers, leading to incidents such as ransomware.” ” Victims often realize too late that malware has infected their devices, leading to ransomware or identity theft. ” reads the alert.

Passwords 287

Passwords Ransomware Personal data Risk 287

Security Affairs

OCTOBER 25, 2024

In early March, the Alphv/BlackCat ransomware gang claimed responsibility for the attack and added the company to its Tor leak site. A month later, a second ransomware gang, the RansomHub group, also attempted to extort the healthcare company. According to the Associated Press, UnitedHealth booked $1.1

Data breaches 317

Data breaches Ransomware Insurance Cybersecurity 317

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server.

Ransomware 361

Ransomware Encryption Access IT 361

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. ” reads the report. It was this first time that the operators adopted this tactic.

Ransomware 349

Ransomware Encryption Education Phishing 349

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. The company designs and develops digital imaging products for use in mobile phones, laptops, netbooks and webcams, security and surveillance cameras, entertainment, automotive and medical imaging systems.

Data breaches 331

Data breaches Ransomware Manufacturing Encryption 331

Security Affairs

SEPTEMBER 17, 2024

The personal information of a million individuals was published online following a ransomware attack that in June disrupted NHS hospitals in London. In June, a ransomware attack on pathology and diagnostic services provider Synnovis has severely impacted the operations at several major NHS hospitals in London.

Ransomware 331

Ransomware IT Security Data breaches 331

Security Affairs

MAY 16, 2024

Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor. MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. ” reads the statement published by the company.

Ransomware 324

Ransomware e-Delivery Data breaches Insurance 324

Security Affairs

SEPTEMBER 11, 2024

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and response (EDR) systems. The RansomHub ransomware gang is using the TDSSKiller tool to disable endpoint detection and response (EDR) systems, Malwarebytes ThreatDown Managed Detection and Response (MDR) team observed.

Ransomware 326

Ransomware Cybersecurity Security Access 326

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. ” states the report published by the NJCCIC. 177 and 185[.]215[.]113[.]66.

Phishing 326

Phishing Ransomware Security awareness Authentication 326

Security Affairs

FEBRUARY 13, 2024

Authorities in Romania reported that at least 100 hospitals went offline after a ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed that a ransomware attack that targeted the Hipocrate Information System (HIS) has disrupted operations for at least 100 hospitals. The threat actors demand the payment of 3.5

Ransomware 346

Ransomware Cleanup Encryption Cybersecurity 346

Security Affairs

JULY 31, 2024

hospitals, suffered a ransomware attack that disrupted its medical operations. A disruptive ransomware attack hit OneBlood and disrupted its medical operations. In July, the LockBit ransomware group breached another hospital in the United States, the victim is the Fairfield Memorial Hospital in Illinois.

Ransomware 333

Ransomware Data breaches Communications Access 333

Security Affairs

JULY 29, 2024

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) The company released patches for security vulnerabilities affecting ESXi 8.0

Ransomware 335

Ransomware Cloud Encryption Authentication 335

Security Affairs

JULY 13, 2024

The American drugstore chain giant Rite Aid suffered a data breach following a cyberattack in June conducted by the RansomHub ransomware group. The company launched an investigation into the security breach with the help of external experts and will notify the impacted customers, BleepingComputer first reported.

Data breaches 343

Data breaches Ransomware Insurance Cybersecurity 343

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. Warn “Small businesses face a unique set of cybersecurity challenges and threats and must be especially proactive with cybersecurity training,” said Dara Warn, CEO of INE Security. “At Cary, NC, Oct.

Security 162

Security Data breaches Passwords Cybersecurity 162

Security Affairs

JULY 11, 2024

The ransomware attack that hit Dallas County in October 2023 has impacted more than 200,000 individuals exposing their personal information. In October 2023 the Play ransomware group hit Dallas County, Texas, and added the city to its Tor leak site claiming the theft of sensitive documents from multiple departments.

Ransomware 315

Ransomware Data breaches Cybersecurity Insurance 315

Security Affairs

MAY 5, 2024

FuckRansomware pic.twitter.com/uD09m7AukH — Jon DiMaggio (@Jon__DiMaggio) May 5, 2024 However, researchers at VX-underground have spoken with Lockbit ransomware group administrative staff regarding the return of the old domain and the gang claims law enforcement is lying. Lockbit ransomware group states law enforcement is lying.

Ransomware 351

Ransomware Encryption IT Government 351

Security Affairs

AUGUST 23, 2024

Sophos researchers investigated a Qilin ransomware breach attack that led to the theft of credentials stored in Google Chrome browsers. Sophos researchers investigated a Qilin ransomware attack where operators stole credentials stored in Google Chrome browsers of a limited number of compromised endpoints. ” concludes the report.

Ransomware 335

Ransomware Passwords Mining Encryption 335

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware 351

Ransomware Education Cybersecurity Passwords 351

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang are jointly conducting a ransomware campaign targeting various organizations in multiple countries, Cisco Talos reported. The GhostLocker 2.0 246 located in Moscow, Russia.”

Ransomware 351

Ransomware Encryption IT Security 351

Security Affairs

DECEMBER 30, 2023

The INC RANSOM ransomware group claims to have hacked the American multinational corporation Xerox Corp. The INC RANSOM ransomware group claims responsibility for hacking the American multinational corporation Xerox Corp and threatens to disclose the alleged stolen data. Xerox Corp provides document management solutions worldwide.

Ransomware 357

Ransomware Data breaches Communications IT 357

Security Affairs

SEPTEMBER 2, 2024

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in the threat landscape and already targeted tens of companies. Cicada3301 is a new ransomware-as-a-service (RaaS) operation that appeared in the threat landscape. The Cicada3301 ransomware is written in Rust and targets both Windows and Linux/ESXi hosts.

Ransomware 335

Ransomware Encryption Libraries IT 335

Security Affairs

JUNE 22, 2024

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments. RansomHub ransomware operation relies on a new Linux version of the encrypted to target VMware ESXi environments. Knight, also known as Cyclops 2.0, appeared in the threat landscape in May 2023.

Ransomware 348

Ransomware Encryption File names Communications 348

Security Affairs

AUGUST 20, 2024

Blockchain analysis firm Chainalysis revealed that ransomware payments rose by approximately 2%, from $449.1 Blockchain analysis firm Chainalysis revealed that while overall on-chain illicit activity has decreased by nearly 20% year-to-date, stolen funds and ransomware significantly increased. million to $459.8 million to $459.8

Ransomware 331

Ransomware Blockchain Access IT 331