Search cyberveille.decio.ch

How ransomware abuses BitLocker | Securelist

The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. #BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response

#Descriptions #Incident #BitLocker #Microsoft #Windows #Encryption #Ransomware #Malware #response #Data #Technologies

·securelist.com·May 25, 2024

How ransomware abuses BitLocker | Securelist

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.

#microsoft #EN #2024 #QuickAssist #Ransomware #Qakbot #BlackBasta

·microsoft.com·May 16, 2024

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

'DoubleDrive' attack turns Microsoft OneDrive into ransomware

Microsoft's OneDrive file-sharing program can be used as ransomware to encrypt most of the files on a target machine without possibility of recovery, partly because the program is inherently trusted by Windows and endpoint detection and response programs (EDRs). Presentation blackhat

#scmagazine #EN #2023 #OneDrive #Microsoft #ransomware

·scmagazine.com·Aug 16, 2023

'DoubleDrive' attack turns Microsoft OneDrive into ransomware

The five-day job: A BlackByte ransomware intrusion case study

In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.

#microsoft #EN #2023 #BlackByte #ransomware #attack #report

·microsoft.com·Jul 8, 2023

The five-day job: A BlackByte ransomware intrusion case study

Exploited Windows zero-day lets JavaScript files bypass security warnings

A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

#bleepingcomputer #EN #2022 #JavaScript #Mark-of-the-Web #Microsoft #Ransomware #Windows-10 #Windows-11

·bleepingcomputer.com·Oct 22, 2022

Exploited Windows zero-day lets JavaScript files bypass security warnings

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.

#microsoft #EN #2022 #MSTIC #Ukraine #Poland #ransomware #payload #Prestige

·microsoft.com·Oct 14, 2022

New “Prestige” ransomware impacts organizations in Ukraine and Poland

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.

#microsoft #EN #2022 #H0lyGh0st #north-korea #ransomware

·microsoft.com·Jul 18, 2022

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

#microsoft #ransomware #Ransomware-as-a-service #EN #2022 #affiliate

·microsoft.com·May 11, 2022

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Exploited Windows zero-day lets JavaScript files bypass security warnings

A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

#bleepingcomputer #EN #2022 #JavaScript #Mark-of-the-Web #Microsoft #Ransomware #Windows-10 #Windows-11

·bleepingcomputer.com·Oct 22, 2022

Exploited Windows zero-day lets JavaScript files bypass security warnings

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.

#microsoft #EN #2022 #MSTIC #Ukraine #Poland #ransomware #payload #Prestige

·microsoft.com·Oct 14, 2022

New “Prestige” ransomware impacts organizations in Ukraine and Poland

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.

#microsoft #EN #2022 #H0lyGh0st #north-korea #ransomware

·microsoft.com·Jul 18, 2022

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

#microsoft #ransomware #Ransomware-as-a-service #EN #2022 #affiliate

·microsoft.com·May 11, 2022

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.

#microsoft #EN #2022 #H0lyGh0st #north-korea #ransomware

·microsoft.com·Jul 18, 2022

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

#microsoft #ransomware #Ransomware-as-a-service #EN #2022 #affiliate

·microsoft.com·May 11, 2022

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself