Search cyberveille.decio.ch

Found 151 bookmarks

Custom sorting

Ransomware roundup: 2024 end-of-year report - Comparitech

In 2024, ransomware groups claimed responsibility for 5,461 successful ransomware attacks on organizations worldwide. 1,204 of these attacks were confirmed by the targeted organizations. The rest were claimed by ransomware groups on their data leak sites, but have not been acknowledged by the targets.

#comparitech #EN #2025 #2024 #report #ransomware #confirmed #statistcs

·comparitech.com·Jan 19, 2025

Ransomware roundup: 2024 end-of-year report - Comparitech

Ministers consider ban on all UK public bodies making ransomware payments | Cybercrime | The Guardian

Prohibition would bring the NHS, schools and local councils into line with government departments

#theguardian #EN #2024 #UK #ransomware #payment #banned #government

·theguardian.com·Jan 15, 2025

Ministers consider ban on all UK public bodies making ransomware payments | Cybercrime | The Guardian

FunkSec – Alleged Top Ransomware Group Powered by AI

The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. FunkSec operators appear to use AI-assisted malware development which can enable even inexperienced actors to quickly produce and refine advanced tools. The group’s activities straddle the line between hacktivism and cybercrime, complicating efforts to understand their true motivations. Many of the group’s leaked datasets are recycled from previous hacktivism campaigns, raising doubts about the authenticity of their disclosures. Current methods of assessing ransomware group threats often rely on the actors’ own claims, highlighting the need for more objective evaluation techniques.

#checkpoint #EN #2024 #FunkSec #analysis #ransomware

·research.checkpoint.com·Jan 10, 2025

FunkSec – Alleged Top Ransomware Group Powered by AI

Clop ransomware is now extorting 66 Cleo data-theft victims

The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands.

#bleepingcomputer #EN #2024 #Cleo #Clop #Double-Extortion #Extortion #Ransomware

·bleepingcomputer.com·Dec 28, 2024

Clop ransomware is now extorting 66 Cleo data-theft victims

LockBit Ransomware Group Plots Comeback With 4.0 Release

The LockBit ransomware group will soon launch a comeback with the planned release of LockBit 4.0 in February 2025, Cyble

#thecyberexpress #EN #2024 #LockBit #ransomware #LockBit4.0 #comeback #announce #RaaS

·thecyberexpress.com·Dec 27, 2024

LockBit Ransomware Group Plots Comeback With 4.0 Release

Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing

U.K. investigators tell the story of how examining a cybercrime group's extortion funds helped to unravel a money-laundering network reaching from the illegal drug trade to Moscow's elite.

#therecord.media #EN #2024 #Operation-Destabilise #ransomware #Russia #UK #cybercrime #money-laundering

·therecord.media·Dec 23, 2024

Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing

Medion hack? BlackBasta ransomware has allegedly copied 1.5 TB of data | heise online

Cyber criminals claim to have successfully attacked Medion, a distributor of electronic products.

#heise #EN #2024 #BlackBasta #Cyberangriff #Hacking #MEDION #Ransomware

·heise.de·Dec 20, 2024

Medion hack? BlackBasta ransomware has allegedly copied 1.5 TB of data | heise online

Ascension: Health data of 5.6 million stolen in ransomware attack

Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.

#bleepingcomputer #EN #2024 #Ascension #Data-Breach #Healthcare #Ransomware #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Dec 20, 2024

Ascension: Health data of 5.6 million stolen in ransomware attack

NotLockBit: A Deep Dive Into the New Ransomware Threat | Qualys Security Blog

NotLockBit is a new and emerging ransomware family that actively mimics the behavior and tactics of the well-known LockBit ransomware.

#qualys #EN #2024 #NotLockBit #Ransomware #analysis

·blog.qualys.com·Dec 20, 2024

NotLockBit: A Deep Dive Into the New Ransomware Threat | Qualys Security Blog

DrayTek Routers Exploited in Massive Ransomware Campaign - Forescout

Our 2024 Dray:Break report revealed 14 new vulnerabilities in DrayTek devices See our upcoming presentation at Black Hat Europe for more details PRODAFT shared threat intelligence from 2023 on a ransomware campaign exploiting DrayTek devices This is the first time this campaign is discussed publicly Our analysis shows sophisticated attack workflows to deploy ransomware including possible: Zero-day vulnerabilities Credential harvesting and password cracking VPN and tunneling abuse

#forescout #en #2024 #draytek #ALPHV #ransomware

·forescout.com·Dec 16, 2024

DrayTek Routers Exploited in Massive Ransomware Campaign - Forescout

Ransomware hackers target NHS hospitals with new cyberattacks

Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.

#techcrunch #EN #2024 #INCRansomware #NHS #UK #health #ransomware

·techcrunch.com·Dec 9, 2024

Ransomware hackers target NHS hospitals with new cyberattacks

Black Basta ransomware gang hit BT Group

BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a Black Basta ransomware attack.

#securityaffairs #EN #2024 #BT #Group #BlackBasta #ransomware

·securityaffairs.com·Dec 5, 2024

Black Basta ransomware gang hit BT Group

Energy industry contractor says ransomware attack has limited access to IT systems | The Record from Recorded Future News

The company, ENGlobal Corporation, has restricted employee access to its IT system, limiting it to only essential business operations.

#therecord.media #EN #2024 #ENGlobal #Corporation #ransomware #attack

·therecord.media·Dec 3, 2024

Energy industry contractor says ransomware attack has limited access to IT systems | The Record from Recorded Future News

Starbucks, grocery stores impacted by Blue Yonder ransomware attack - Help Net Security

Supply chain management SaaS vendor Blue Yonder experienced a ransomware attack that impacted big companies like Starbucks.

#helpnetsecurity #EN #2024 #Starbucks #BlueYonder #ransomware

·helpnetsecurity.com·Dec 1, 2024

Starbucks, grocery stores impacted by Blue Yonder ransomware attack - Help Net Security

Attacco ransomware al Bologna FC, rubati migliaia di documenti (anche sui calciatori) | Wired Italia

I pirati del gruppo RansomHub pubblicano su Dark Web alcuni dei documenti sottratti e chiedono al club di Serie A di pagare un riscatto

#wired #it #2024 #ransomware #calcio #BolognaFC #RansomHub

·wired.it·Nov 28, 2024

Attacco ransomware al Bologna FC, rubati migliaia di documenti (anche sui calciatori) | Wired Italia

Office of Public Affairs | Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charge

The Justice Department unsealed criminal charges today against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos ransomware.

#justice.gov #US #2024 #EN #Phobos #Ransomware #Administrator #Extradited

·justice.gov·Nov 20, 2024

Office of Public Affairs | Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charge

The State of Cloud Ransomware in 2024

In this new report, learn how threat actors are leveraging cloud services to target web services with ransomware attackers.

#sentinelone #EN #2024 #Ransomware #report #cloud #services

·sentinelone.com·Nov 14, 2024

The State of Cloud Ransomware in 2024

VEEAM exploit seen used again with a new ransomware: “Frag

Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently…

#sophos #EN #2024 #VEEAM #ransomware #Frag #CVE-2024-40711

·news.sophos.com·Nov 11, 2024

VEEAM exploit seen used again with a new ransomware: “Frag

Meet Interlock — The new ransomware targeting FreeBSD servers

A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers.

#bleepingcomputer #EN #2024 #Data-Leak-Site #Encryptor #Extortion #FreeBSD #Interlock #Ransomware #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 11, 2024

Meet Interlock — The new ransomware targeting FreeBSD servers

Microchip Technology Reports $21.4 Million Cost From Ransomware Attack

Microchip Technology (NASDAQ: MCHP) revealed in its latest financial report on Tuesday that expenses related to the recent cybersecurity incident reached $21.4 million.

#securityweek #EN #2024 #Microchip #Technology #cost #ransomware

·securityweek.com·Nov 11, 2024

Microchip Technology Reports $21.4 Million Cost From Ransomware Attack

Cyber attack on pharmaceutical distributor AEP

AEP GmbH was the victim of a targeted cyber attack on October 28, which led to the partial encryption of the company's IT systems. The company's own security systems detected the attack. The company provides information about this on its website.

#heise #EN #2024 #Germany #ransomware #Digital #Pharmaindustrie #Lösegeld #Health #Apotheken

·heise.de·Nov 4, 2024

Cyber attack on pharmaceutical distributor AEP

Change Healthcare says 100 million people impacted by February ransomware attack

Change Healthcare updated filings with the federal government to warn that about 100 million people had information accessed by hackers during a ransomware attack in February. The Department of Health and Human Services’s (HHS) Office for Civil Rights said Change Healthcare notified them on October 22 that “approximately 100 million individual notices have been sent regarding this breach.”

#therecord.media #EN #2024 #Change #Healthcare #Data-Breach #HHS #ransomware #health #PII

·therecord.media·Oct 29, 2024

Change Healthcare says 100 million people impacted by February ransomware attack

31 new ransomware groups were discovered in 2024

A report by Secureworks revealed a 30% year-over-year rise in active ransomware groups, which demonstrates fragmentation of an established criminal ecosystem.

#securitymagazine #EN #2024 #threat-actor #threat-analysis #threat-alerts #fragmentation #ransomware #groups #report

·securitymagazine.com·Oct 29, 2024

31 new ransomware groups were discovered in 2024

Akira ransomware continues to evolve

As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.

#talosintelligence #EN #2024 #Akira #analysis #ransomware #group #TTPs

·blog.talosintelligence.com·Oct 26, 2024

Akira ransomware continues to evolve

Embargo ransomware: Rock’n’Rust

ESET researchers uncover new Rust-based tools that we named MDeployer and MS4Killer and that are actively utilized by a new ransomware group called Embargo.

#welivesecurity #EN #2024 #Embargo #ransomware #analysis

·welivesecurity.com·Oct 25, 2024

Embargo ransomware: Rock’n’Rust

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.

#sentinelone #EN #2024 #macOS #NotLockBit #ransomware

·sentinelone.com·Oct 23, 2024

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks

Threat actors exploit Amazon S3 in ransomware attacks, using AWS credentials for data theft.

#thehackernews #EN #2024 #Ransomware #Gangs #LockBit #disguise #Golang

·thehackernews.com·Oct 23, 2024

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks

Decrypted: Mallox ransomware

Researchers uncover flaw in Mallox ransomware, offering free file recovery for early victims

#gendigital #EN #2024 #Mallox #ransomware #decrypted

·gendigital.com·Oct 22, 2024

Decrypted: Mallox ransomware

Lynx Ransomware: A Rebranding of INC Ransomware

Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics.

#paloaltonetworks #EN #2024 #Lynx #Ransomware #INC #US #UK #analysis

·unit42.paloaltonetworks.com·Oct 21, 2024

Lynx Ransomware: A Rebranding of INC Ransomware

Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks

If someone asked me what was the best way to make money from a compromised AWS Account (assume root access even) — I would have answered “dump the data and hope that no-one notices you before you finish it up.” This answer would have been valid until ~8 months ago when I stumbled upon a lesser known feature of AWS KMS which allows an attacker to do devastating ransomware attacks on a compromised AWS account. Now I know that ransomware attacks using cross-account KMS keys is already known (checkout the article below)— but even then, the CMK is managed by AWS and they can just block the attackers access to the CMK and decrypt data for the victim because the key is OWNED by AWS and attacker is just given API access to it under AWS TOS. Also there’s no way to delete the CMK but only schedule the key deletion (min 7 days) which means there’s ample time for AWS to intervene.

#@harsh8v #EN #2024 #medium #AWS #Ransomware #KMS #keys

·medium.com·Oct 21, 2024

Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks