Search cyberveille.decio.ch

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and law enforcement. Storm-0501 is a financially motivated cybercriminal group that uses commodity and open-source tools to conduct ransomware operations.

#microsoft #EN #2024 #Storm-0501 #Embargo #hybrid-cloud #cloud #Ransomware

·microsoft.com·Oct 1, 2024

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog

Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors. ESXi is a bare-metal hypervisor that is installed directly onto a physical server and provides direct access and control of underlying resources. ESXi hypervisors host virtual machines that may include critical servers in a network. In a ransomware attack, having full administrative permission on an ESXi hypervisor can mean that the threat actor can encrypt the file system, which may affect the ability of the hosted servers to run and function. It also allows the threat actor to access hosted VMs and possibly to exfiltrate data or move laterally within the network.

#microsoft #EN #2024 #ESXi #hypervisors #Ransomware #encrypt #CVE-2024-37085 #Storm-0506 #Storm-1175 #OctoTempest

·microsoft.com·Jul 29, 2024

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog

How ransomware abuses BitLocker | Securelist

The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. #BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response

#Descriptions #Incident #BitLocker #Microsoft #Windows #Encryption #Ransomware #Malware #response #Data #Technologies

·securelist.com·May 25, 2024

How ransomware abuses BitLocker | Securelist

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.

#microsoft #EN #2024 #QuickAssist #Ransomware #Qakbot #BlackBasta

·microsoft.com·May 16, 2024

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

'DoubleDrive' attack turns Microsoft OneDrive into ransomware

Microsoft's OneDrive file-sharing program can be used as ransomware to encrypt most of the files on a target machine without possibility of recovery, partly because the program is inherently trusted by Windows and endpoint detection and response programs (EDRs). Presentation blackhat

#scmagazine #EN #2023 #OneDrive #Microsoft #ransomware

·scmagazine.com·Aug 16, 2023

'DoubleDrive' attack turns Microsoft OneDrive into ransomware

The five-day job: A BlackByte ransomware intrusion case study

In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.

#microsoft #EN #2023 #BlackByte #ransomware #attack #report

·microsoft.com·Jul 8, 2023

The five-day job: A BlackByte ransomware intrusion case study

Exploited Windows zero-day lets JavaScript files bypass security warnings

A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

#bleepingcomputer #EN #2022 #JavaScript #Mark-of-the-Web #Microsoft #Ransomware #Windows-10 #Windows-11

·bleepingcomputer.com·Oct 22, 2022

Exploited Windows zero-day lets JavaScript files bypass security warnings

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.

#microsoft #EN #2022 #MSTIC #Ukraine #Poland #ransomware #payload #Prestige

·microsoft.com·Oct 14, 2022

New “Prestige” ransomware impacts organizations in Ukraine and Poland

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.

#microsoft #EN #2022 #H0lyGh0st #north-korea #ransomware

·microsoft.com·Jul 18, 2022

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

#microsoft #ransomware #Ransomware-as-a-service #EN #2022 #affiliate

·microsoft.com·May 11, 2022

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Exploited Windows zero-day lets JavaScript files bypass security warnings

A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

#bleepingcomputer #EN #2022 #JavaScript #Mark-of-the-Web #Microsoft #Ransomware #Windows-10 #Windows-11

·bleepingcomputer.com·Oct 22, 2022

Exploited Windows zero-day lets JavaScript files bypass security warnings

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.

#microsoft #EN #2022 #MSTIC #Ukraine #Poland #ransomware #payload #Prestige

·microsoft.com·Oct 14, 2022

New “Prestige” ransomware impacts organizations in Ukraine and Poland

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.

#microsoft #EN #2022 #H0lyGh0st #north-korea #ransomware

·microsoft.com·Jul 18, 2022

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

#microsoft #ransomware #Ransomware-as-a-service #EN #2022 #affiliate

·microsoft.com·May 11, 2022

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.

#microsoft #EN #2022 #H0lyGh0st #north-korea #ransomware

·microsoft.com·Jul 18, 2022

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

#microsoft #ransomware #Ransomware-as-a-service #EN #2022 #affiliate

·microsoft.com·May 11, 2022

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself