Search cyberveille.decio.ch

Found 486 bookmarks

Custom sorting

Ransomware gang’s new extortion trick? Calling the front desk

When a hacker called the company that his gang claimed to breach, he felt the same way that most of us feel when calling the front desk: frustrated. The phone call between the hacker, who claims to represent the ransomware gang DragonForce, and the victim company employee was posted by the ransomware gang on its dark web site in an apparent attempt to put pressure on the company to pay a ransom demand. In reality, the call recording just shows a somewhat hilarious and failed attempt to extort and intimidate a company’s rank-and-file employees.

#techcrunch #EN #2024 #ransomware #target #frontdesk

·techcrunch.com·Apr 14, 2024

Ransomware gang’s new extortion trick? Calling the front desk

Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses

A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group. The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka," or Muddy Water in English, has left minimal traces from its attacks but has likely been active since at least December 2023.

#therecord #EN #2024 #Muliaka #ransomware #gang #Russia

·therecord.media·Apr 13, 2024

Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses

Round 2: Change Healthcare Targeted in Second Ransomware Attack

RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.

#darkreading #2024 #Change-Healthcare #ALPHV #Ransomware #Attack

·darkreading.com·Apr 10, 2024

Round 2: Change Healthcare Targeted in Second Ransomware Attack

Enregistré à son insu, son entretien RH finit sur le darknet

Les données d’une agence d’intérim bâloise ont été piratées. Le directeur s’exprime.

#20min #FR #2024 #data-leak #suisse #ransomware #DasTeam

·20min.ch·Apr 3, 2024

Enregistré à son insu, son entretien RH finit sur le darknet

Claro Company Hit by Trigona Ransomware

Claro Company, the largest telecom operator in Central and South America, disclosed being hit by ransomware. Representatives shared this information in response to the service disruptions in several regions. From the ransom note it becomes clear that the attackers are Trigona ransomware.

#gridinsoft #EN #2024 #ransomware #Trigona #Claro #telecom

·gridinsoft.com·Apr 1, 2024

Claro Company Hit by Trigona Ransomware

From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report

In late February 2023, threat actors rode a wave of initial access using Microsoft OneNote files. In this case, we observed a threat actor deliver IcedID using this method. After loading IcedID and establishing persistence, there was no further actions, other than beaconing for over 30 days. The threat actor used Cobalt Strike and AnyDesk to target a file server and a backup server. * The threat actor used FileZilla to exfiltrate data from the network before deploying Nokoyawa ransomware.

#thedfirreport #EN #2024 #2023 #incident #incident-analysis #IcedID #OneNote #FileZilla #Nokoyawa #ransomware

·thedfirreport.com·Apr 1, 2024

From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report

Ransomware Diaries: Volume 1

The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang is behind attacks targeting private-sector corporations and other high-profile industries worldwide. News and media outlets have documented many LockBit attacks, while security vendors offer technical assessments explaining how each occurred. Although these provide insight into the attacks, I wanted to know more about the human side of the operation to learn about the insights, motivations, and behaviors of the individuals on the other side of the keyboard. To prepare for this project, I spent months developing several online personas and established their credibility over time to gain access to the gang’s operation.

#analyst1 #EN #2023 #LockBit #ransomware #Insights

·analyst1.com·Jan 21, 2023

Ransomware Diaries: Volume 1

Schools hit by cyber attack and documents leaked

Confidential details including child passport scans and SEN data is published online, the BBC finds.

#bbc #EN #2023 #ViceSociety #vice-society #schools #UK #leak #ransomware #attack #education

·bbc.com·Jan 6, 2023

Schools hit by cyber attack and documents leaked

Vanuatu: Hackers strand Pacific island government for over a week

Vanuatu - an island courted by the US and China - has been stranded offline for over a week.

#BBC #EN #2022 #Vanuatu #ransomware #government

·bbc.com·Nov 21, 2022

Vanuatu: Hackers strand Pacific island government for over a week

NHS IT supplier held to ransom by hackers

Its IT provider says it may take three or four weeks to fully recover from the cyber-attack.

#BBC #EN #2022 #NHS #UK #Ransomware #healthcare

·bbc.com·Aug 14, 2022

NHS IT supplier held to ransom by hackers

Microsoft links Raspberry Robin malware to Evil Corp attacks

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.

#Evil-Corp #bleepingcomputer #EN #2022 #DEV-206 #DEV-243 #FakeUpdates #Malware #Ransomware #Raspberry-Robin #Worm

·bleepingcomputer.com·Jul 30, 2022

Microsoft links Raspberry Robin malware to Evil Corp attacks

SEKOIA.IO Mid-2022 Ransomware Threat Landscape

SEKOIA.IO presents its Ransomware threat landscape for the first semester of 2022, with the following key points: Ransomware victimology – recent evolutions A busy first half of the year – several newcomers in the ransomware neighborhood Cross-platform ransomware features trend New extortion techniques State-nexus groups carrying out ransomware campaigns Ransomware threat groups’ Dark Web activities * A shift towards extortion without encryption?

#sekoia #EN #2022 #ransomware #threat #landscape #statistcs

·blog.sekoia.io·Jul 29, 2022

SEKOIA.IO Mid-2022 Ransomware Threat Landscape

Ransomware review: June 2022

LockBit remained the most active threat in June, and “the costliest strain of ransomware ever documented” went dark while others surged.

#malwarebytes #en #2022 #review #june2022 #threat #ransomware #rank

·blog.malwarebytes.com·Jul 3, 2022

Ransomware review: June 2022

LockBit 3.0 introduces the first ransomware bug bounty program

The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.

#bleepingcomputer #EN #2022 #Bug-Bounty #Extortion #LockBit-3.0 #Ransomware #Zcash

·bleepingcomputer.com·Jun 27, 2022

LockBit 3.0 introduces the first ransomware bug bounty program

Conti ransomware finally shuts down data leak, negotiation sites

The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand.

#bleepingcomputer #EN #2022 #Conti #Hive #Infrastructure #Ransomware #Shutdown #Tor

·bleepingcomputer.com·Jun 25, 2022

Conti ransomware finally shuts down data leak, negotiation sites

Analysis and Attribution of the Eternity Ransomware: Timeline and Emergence of the Eternity Group

XVigil discovered a financially motivated threat actor group, dubbed Eternity group, actively operating on the internet, selling worms, stealers, DDoS tools, and ransomware builders.

#cloudsek #2022 #en #ransomware #Eternity #group #research #selling #worms #stealers #Timeline

·cloudsek.com·Jun 5, 2022

Analysis and Attribution of the Eternity Ransomware: Timeline and Emergence of the Eternity Group

President Rodrigo Chaves says Costa Rica is at war with Conti hackers

The president of Costa Rica says his country is "at war", as cyber-criminals cause major disruption to IT systems of numerous government ministries. Rodrigo Chaves said hackers infiltrated 27 government institutions, including municipalities and state-run utilities.

#BBC #EN #2022 #Conti #War #Costarica #ransomware #cybercriminals

·bbc.com·May 20, 2022

President Rodrigo Chaves says Costa Rica is at war with Conti hackers

US links Thanos and Jigsaw ransomware to 55-year-old doctor

The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals.

#bleepingcomputer #EN #2022 #Department-of-Justice #DOJ #Thanos #Jigsaw #Ransomware #USA #Venezuela

·bleepingcomputer.com·May 16, 2022

US links Thanos and Jigsaw ransomware to 55-year-old doctor

Costa Rica declares national emergency after Conti ransomware attacks

The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies. BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies. The declaration was signed into law by Chaves on Sunday, May 8th, same day as the economist and former Minister of Finance effectively became the country's 49th and current president.

#bleepingcomputer #EN #2022 #Conti #ransomware #leak #Costarica #emergency

·bleepingcomputer.com·May 10, 2022

Costa Rica declares national emergency after Conti ransomware attacks

Ukrainian Researcher Leaks Conti Ransomware Gang Data

A Ukrainian cybersecurity researcher has released a huge batch of data that came from the internal systems of the Conti ransomware gang. The researcher released the

#Ukraine #bankinfosecurity #Conti #ransomware #dataleak #EN #2022 #gang #chat #logs

·bankinfosecurity.com·Mar 1, 2022

Ukrainian Researcher Leaks Conti Ransomware Gang Data

TrickBot malware operation shuts down, devs move to BazarBackdoor

The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.

#BazarBackdoor #Conti #Malware #Ransomware #TrickBot #2002 #EN #bleepingcomputer

·bleepingcomputer.com·Feb 26, 2022

TrickBot malware operation shuts down, devs move to BazarBackdoor

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.

#DeadBolt #NAS #QNAP #Ransomware #EN #bleepingcomputer #0-day #2022

·bleepingcomputer.com·Feb 15, 2022

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid

A cybercrime group has published information stolen from NHS Dumfries and Galloway.

#therecord.media #EN #2024 #Scotland #NHS #helath #Ransomware #published #data-breach

·therecord.media·Mar 29, 2024

Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid

Lighter Ransomware Locks Users Out of System

Overview This week, the Sonicwall Capture Labs threat research team analyzed a ransomware calling itself Lighter Ransomware. Upon execution, it opens up a window with a countdown timer instructing the victim to reach out immediately […]

#SonicWall #EN #2024 #Ransomware #Locks #lighter-ransomware

·blog.sonicwall.com·Mar 28, 2024

Lighter Ransomware Locks Users Out of System

Change Healthcare ransomware attack disrupting industry nationwide

The reports keep coming in from across the country on how the Change Healthcare ransomware attack that first came to light on Feb. 21 has been impacting the healthcare sector. The case has been called the most severe cyberattack on the healthcare sector in history and has had a great impact since Change Healthcare, owned by UnitedHealth Group, processes 15 billion healthcare transactions annually, affecting 1 in 3 patient records.

#scmagazine #EN #2024 #ransomware #healthcare #Change-Healthcare #US

·scmagazine.com·Mar 23, 2024

Change Healthcare ransomware attack disrupting industry nationwide

Ransomware Recruitment Efforts Following Law Enforcement Disruption

In late 2023 and early 2024, the ransomware ecosystem experienced repeated disruption of its most prolific Ransomware-as-a-Service (RaaS) groups at the hands of international Law Enforcement (LE). Alphv’s dark web data leak site was seized, then unseized, then re-seized in a December 2023 law enforcement operation that seemingly failed to deter the group – until AlphV ultimately claimed to disband via an apparent exit scam, immediately following a high-profile attack against Change Healthcare in March 2024. LockBit experienced a far more dramatic and well-marketed disruption, “Operation Cronos,” in February 2024, leading to the compromise of its infrastructure, internal operational details, and data. While LockBit has ostensibly continued operations, its highly publicized disruption raises the question of whether the group will be able to continue operating and attracting affiliates at the level they once enjoyed.

#guidepointsecurity #EN #2024 #Ransomware #Recruitment #Disruption #Operation-Cronos

·guidepointsecurity.com·Mar 22, 2024

Ransomware Recruitment Efforts Following Law Enforcement Disruption

Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild

Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file […]

#SonicWall #EN #2024 #StopCrypt #ransomware #analysis

·blog.sonicwall.com·Mar 19, 2024

Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild

Exclusive: After LockBit’s takedown, its purported leader vows to hack on

This week, the Click Here podcast landed a rare interview with the purported leader of the LockBit ransomware group – he goes by the name LockBitSupp. He’s under pressure because last month an international police operation infiltrated the group and seized not just their platform, but their hacking tools, cryptocurrency accounts and source code ending a four year ransomware rampage.

#therecord.media #EN #2024 #LockBit #LockBitSupp #ransomware

·therecord.media·Mar 15, 2024

Exclusive: After LockBit’s takedown, its purported leader vows to hack on

GhostSec’s joint ransomware operation and evolution of their arsenal

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.

#talosintelligence #EN #2024 #GhostSec #ransomware #GhostLocker

·blog.talosintelligence.com·Mar 13, 2024

GhostSec’s joint ransomware operation and evolution of their arsenal

LockBit ransomware affiliate gets four years in jail, to pay $860k

Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. #Canada #Case #Computer #Court #InfoSec #Legal #LockBit #Prison #Ransomware #Security

#bleepingcomputer #EN #2024 #Prison #LockBit #Court #Ransomware #Case #Legal #Canada

·bleepingcomputer.com·Mar 13, 2024

LockBit ransomware affiliate gets four years in jail, to pay $860k