Search cyberveille.decio.ch

Found 645 bookmarks

Custom sorting

Investigating Anonymous VPS services used by Ransomware Gangs

One of the challenges with investigating cybercrime is the infrastructure the adversaries leverage to conduct attacks. Cybercriminal infrastructure has evolved drastically over the last 25 years, which now involves hijacking web services, content distribution networks (CDNs), residential proxies, fast flux DNS, domain generation algorithms (DGAs), botnets of IoT devices, the Tor network, and all sorts of nested services. This blog shall investigate a small UK-based hosting provider known as BitLaunch as an example of how challenging it can be to tackle cybercriminal infrastructure. Research into this hosting provider revealed that they appear to have a multi-year history of cybercriminals using BitLaunch to host command-and-control (C2) servers via their Anonymous VPS service.

#bushidotoken #EN #2025 #investigation #VPS #BitLaunch #C2 #Ransomware

·blog.bushidotoken.net·Feb 16, 2025

Investigating Anonymous VPS services used by Ransomware Gangs

Key figures behind Phobos and 8Base ransomware arrested in international cybercrime crackdown

This follows a series of high-impact arrests targeting Phobos ransomware:An administrator of Phobos was arrested in South Korea in June 2024 and extradited to the United States in November of the same year. He is now facing prosecution for orchestrating ransomware attacks that encrypted critical infrastructure, business systems, and personal data for ransom.A key Phobos affiliate was arrested in Italy...

#europol #EN #2025 #busted #phobos #8base #ransomware #arrested #fedpol #crackdown #Switzerland

·europol.europa.eu·Feb 16, 2025

Key figures behind Phobos and 8Base ransomware arrested in international cybercrime crackdown

Cisco Says Ransomware Group’s Leak Related to Old Hack

A fresh post on the Kraken ransomware group’s leak website refers to data stolen in a 2022 cyberattack, Cisco says. The data, a list of credentials apparently exfiltrated from Cisco’s systems, appeared over the weekend on a new data leak site operated by the Kraken ransomware group. “Cisco is aware of certain reports regarding a security incident. The incident referenced in the reports occurred back in May 2022, and we fully addressed it at that time,” a Cisco spokesperson said, responding to a SecurityWeek inquiry.

#securityweek #EN #Cisco #Ransomware #Leak #Old

·securityweek.com·Feb 16, 2025

Cisco Says Ransomware Group’s Leak Related to Old Hack

Ransomware payments dropped 35% in 2024

Chainalysis says a combination of law enforcement actions and better defenses led to less money going out to ransomware actors.

#cyberscoop #EN #2025 #Ransomware #payments #Chainalysis #less #2024 #Statistics

·cyberscoop.com·Feb 10, 2025

Ransomware payments dropped 35% in 2024

Deloitte to provide Rhode Island $5M for ransomware recovery

After a ransomware attack on the state's health and social services system, Deloitte is giving Rhode Island $5 million to help cover expenses.

#statescoop #en #2025 #Deloitte #Rhode-Island #US #data-leak #expenses #ransomware

·statescoop.com·Feb 7, 2025

Deloitte to provide Rhode Island $5M for ransomware recovery

Swissmem: vol de donnée par des hackers russes

La caisse de compensation de Swissmem a subi un piratage, avec vol de 10 % des données. L'origine des attaquants semble provenir de Russie.

#watson #FR #2025 #Suisse #hacker #Cybercrime #Swissmem #piratage #ransomware

·watson.ch·Feb 6, 2025

Swissmem: vol de donnée par des hackers russes

Genève: un fournisseur de logiciels bancaires piraté | Tribune de Genève

L’entreprise ITSS Global, basée à Plan-les-Ouates et spécialisée dans les logiciels bancaires, a été victime d’une attaque par ransomware.

#tdg #FR #2025 #Genève #Suisse #ITSS #Global #CH #ransomware

·tdg.ch·Feb 5, 2025

Genève: un fournisseur de logiciels bancaires piraté | Tribune de Genève

Une cyberattaque paralyse Radio Top et Tele Top à Winterthour

La radio et la chaîne télévisée du groupe TOP à Winterthour sont à l'arrêt après avoir été piratées ce week-end. Les diffusions en direct n'étaient plus possibles dimanche en milieu de journée.

#watson #FR #CH #2025 #TOP #radio #télé #Winterthour #Suisse #ransomware

·watson.ch·Feb 4, 2025

Une cyberattaque paralyse Radio Top et Tele Top à Winterthour

Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks

Learn how the WantToCry ransomware group is exploiting vulnerable SMB (Server Message Block) services to launch devastating attacks. Understand the risks of misconfigured SMB and discover best practices to protect your organization from ransomware.

#seqrite #EN #2025 #WantToCry #analysis #SMB #NAS #ransomware

·seqrite.com·Feb 3, 2025

Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks

Tata Technologies says ransomware attack hit IT assets, investigation ongoing

India's Tata Technologies has disclosed a ransomware attack affecting its IT assets.

#techcrunch #EN #2025 #Tata #ransomware #attack #investigation

·techcrunch.com·Feb 2, 2025

Tata Technologies says ransomware attack hit IT assets, investigation ongoing

Updated: Frederick Health takes systems offline due to ransomware attack

Frederick Health Hospital's emergency department was not accepting new patients on Monday morning, according to a state emergency medical services website.

#fredericknewspost #EN #2025 #US #health #ransomware #cyberattack #Hospital

·fredericknewspost.com·Jan 29, 2025

Updated: Frederick Health takes systems offline due to ransomware attack

Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware

Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…

#thedfirreport #EN #2025 #Cobalt #Strike #LockBit #Ransomware #Rclone #mega.io #DFIR

·thedfirreport.com·Jan 27, 2025

Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware

UnitedHealth updates number of data breach victims to 190 million

The 2024 ransomware attack on Change Healthcare exposed the data of about 190 million people, according to an update from parent company UnitedHealth Group.

#therecord.media #EN #2025 #ransomware #UnitedHealth #Group #Change #Healthcare

·therecord.media·Jan 27, 2025

UnitedHealth updates number of data breach victims to 190 million

RansomHub Affiliate leverages Python-based backdoor

In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors throughout the entire impacted network. ReliaQuest documented an earlier version of this malware on their website in February 2024.

#guidepointsecurity #EN #2025 #incident-response #Python-based #backdoor #ransomware #RansomHub #SocGholish #FakeUpdate

·guidepointsecurity.com·Jan 19, 2025

RansomHub Affiliate leverages Python-based backdoor

Ransomware roundup: 2024 end-of-year report - Comparitech

In 2024, ransomware groups claimed responsibility for 5,461 successful ransomware attacks on organizations worldwide. 1,204 of these attacks were confirmed by the targeted organizations. The rest were claimed by ransomware groups on their data leak sites, but have not been acknowledged by the targets.

#comparitech #EN #2025 #2024 #report #ransomware #confirmed #statistcs

·comparitech.com·Jan 19, 2025

Ransomware roundup: 2024 end-of-year report - Comparitech

Après l’attaque par rançongiciel, la PME bretonne fait condamner ...

Elle estimait que la société chargée du renouvellement de ses serveurs informatiques avait failli dans sa mission.

#zdnet.fr #FR #2025 #PME #legal #bretonne #condamnation #prestataire #ransomware #backup #sauvegarde #déconnecté

·zdnet.fr·Jan 19, 2025

Après l’attaque par rançongiciel, la PME bretonne fait condamner ...

Ministers consider ban on all UK public bodies making ransomware payments | Cybercrime | The Guardian

Prohibition would bring the NHS, schools and local councils into line with government departments

#theguardian #EN #2024 #UK #ransomware #payment #banned #government

·theguardian.com·Jan 15, 2025

Ministers consider ban on all UK public bodies making ransomware payments | Cybercrime | The Guardian

Telefonica Breach Exposes Jira Tickets, Customer Data

The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant's internal database.

#darkreading #EN #2025 #Data-Breaches #Telefonica #Hellcat #ransomware

·darkreading.com·Jan 15, 2025

Telefonica Breach Exposes Jira Tickets, Customer Data

Victime d'une cyberattaque début décembre, VidyMed a restauré les données ciblées (update)

Ciblée par une cyberattaque début décembre, VidyMed avait directement coupé l’accès aux systèmes pour contenir l’im

#ictjournal #FR #CH #Suisse #2025 #Vidymed #ransomware #cyberattaque #restauration #données

·ictjournal.ch·Jan 14, 2025

Victime d'une cyberattaque début décembre, VidyMed a restauré les données ciblées (update)

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key.

#bleepingcomputer #EN #2025 #Encryption #Ransomware #Computer #S3 #Amazon #AES #Security #AWS

·bleepingcomputer.com·Jan 13, 2025

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

FunkSec – Alleged Top Ransomware Group Powered by AI

The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. FunkSec operators appear to use AI-assisted malware development which can enable even inexperienced actors to quickly produce and refine advanced tools. The group’s activities straddle the line between hacktivism and cybercrime, complicating efforts to understand their true motivations. Many of the group’s leaked datasets are recycled from previous hacktivism campaigns, raising doubts about the authenticity of their disclosures. Current methods of assessing ransomware group threats often rely on the actors’ own claims, highlighting the need for more objective evaluation techniques.

#checkpoint #EN #2024 #FunkSec #analysis #ransomware

·research.checkpoint.com·Jan 10, 2025

FunkSec – Alleged Top Ransomware Group Powered by AI

Casio says hackers stole personal data of 8,500 people during October ransomware attack

The Japanese electronics giant says it did not negotiate with the hackers responsible for the attack.

#techcrunch #EN #2025 #Casio #Ransomware #data-leak

·techcrunch.com·Jan 8, 2025

Casio says hackers stole personal data of 8,500 people during October ransomware attack

Rhode Island warns of cybercriminals leaking stolen state files as Deloitte works to restore system

Rhode Island officials said they're still analyzing the impact of a ransomware gang's breach of state health and social services systems. Some are still down.

#therecord.media #EN #2025 #Rhode-Island #data-leak #stolen #data #ransomware

·therecord.media·Jan 4, 2025

Rhode Island warns of cybercriminals leaking stolen state files as Deloitte works to restore system

Clop ransomware is now extorting 66 Cleo data-theft victims

The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands.

#bleepingcomputer #EN #2024 #Cleo #Clop #Double-Extortion #Extortion #Ransomware

·bleepingcomputer.com·Dec 28, 2024

Clop ransomware is now extorting 66 Cleo data-theft victims

LockBit Ransomware Group Plots Comeback With 4.0 Release

The LockBit ransomware group will soon launch a comeback with the planned release of LockBit 4.0 in February 2025, Cyble

#thecyberexpress #EN #2024 #LockBit #ransomware #LockBit4.0 #comeback #announce #RaaS

·thecyberexpress.com·Dec 27, 2024

LockBit Ransomware Group Plots Comeback With 4.0 Release

Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing

U.K. investigators tell the story of how examining a cybercrime group's extortion funds helped to unravel a money-laundering network reaching from the illegal drug trade to Moscow's elite.

#therecord.media #EN #2024 #Operation-Destabilise #ransomware #Russia #UK #cybercrime #money-laundering

·therecord.media·Dec 23, 2024

Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing

Medion hack? BlackBasta ransomware has allegedly copied 1.5 TB of data | heise online

Cyber criminals claim to have successfully attacked Medion, a distributor of electronic products.

#heise #EN #2024 #BlackBasta #Cyberangriff #Hacking #MEDION #Ransomware

·heise.de·Dec 20, 2024

Medion hack? BlackBasta ransomware has allegedly copied 1.5 TB of data | heise online

Ascension: Health data of 5.6 million stolen in ransomware attack

Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.

#bleepingcomputer #EN #2024 #Ascension #Data-Breach #Healthcare #Ransomware #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Dec 20, 2024

Ascension: Health data of 5.6 million stolen in ransomware attack

NotLockBit: A Deep Dive Into the New Ransomware Threat | Qualys Security Blog

NotLockBit is a new and emerging ransomware family that actively mimics the behavior and tactics of the well-known LockBit ransomware.

#qualys #EN #2024 #NotLockBit #Ransomware #analysis

·blog.qualys.com·Dec 20, 2024

NotLockBit: A Deep Dive Into the New Ransomware Threat | Qualys Security Blog

DrayTek Routers Exploited in Massive Ransomware Campaign - Forescout

Our 2024 Dray:Break report revealed 14 new vulnerabilities in DrayTek devices See our upcoming presentation at Black Hat Europe for more details PRODAFT shared threat intelligence from 2023 on a ransomware campaign exploiting DrayTek devices This is the first time this campaign is discussed publicly Our analysis shows sophisticated attack workflows to deploy ransomware including possible: Zero-day vulnerabilities Credential harvesting and password cracking VPN and tunneling abuse

#forescout #en #2024 #draytek #ALPHV #ransomware

·forescout.com·Dec 16, 2024

DrayTek Routers Exploited in Massive Ransomware Campaign - Forescout