Guardian hit by serious IT incident believed to be ransomware attack
Incident has hit parts of media company’s technology infrastructure, with staff told to work from home
Mallox Ransomware showing signs of Increased Activity
“TargetCompany” is a type of ransomware that was first identified in June 2021. The researchers named it TargetCompany ransomware because it adds the targeted company name as a file extension to the encrypted files. In September 2022, researchers identified a TargetCompany ransomware variant targeting Microsoft SQL servers and adding the “Fargo” extension to the encrypted files. TargetCompany ransomware is also known to add a “Mallox” extension after encrypting the files.
Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point Research
- Check Point Research (CPR) provides under-the-hood details of its analysis of the infamous Azov Ransomware * Investigation shows that Azov is capable of modifying certain 64-bit executables to execute its own code * Azov is designed to inflict impeccable damage to the infected machine it runs on * CPR sees over 17K of Azov-related samples submitted to VirusTotal
Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM
Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.
Vice Society: Profiling a Persistent Threat to the Education Sector
Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.
Ransomware Roundup: Cryptonite Ransomware
The latest FortiGuard Labs Threat Signal Ransomware Roundup covers the Cryptonite ransomware, along with protection recommendations. Read more.
Endurance Ransomware Claims Breach of US Federal Government
The WatchGuard Security Team spends a lot of time chasing ransomware extortion groups throughout the dark web. So, it only fits that one of the newer ransomware extortion groups is named Endurance Ransomware. It appears this “group” is one individual known as IntelBroker, who has allegedly breached several entities of the US government and two […]
Vanuatu: Hackers strand Pacific island government for over a week
Vanuatu - an island courted by the US and China - has been stranded offline for over a week.
AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns
Cyble analyzes a new wave of ransomware attacks being led by AXLocker, Octocrypt, and Alice ransomware and how they target Discord tokens.
Researchers Quietly Cracked Zeppelin Ransomware Keys
Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called "Zeppelin" in May 2020. He'd been on the job less than six months, and because of the way his predecessor architected things,…
Michigan school districts reopen after three-day closure due to ransomware attack
Public schools in two Michigan counties are reopening on Thursday after a ransomware attack crippled their ability to function and closed doors to students for three days. All of the public schools in Jackson and Hillsdale counties announced their reopening on Thursday in letters to parents, assuring them that cybersecurity experts, tech officials and law enforcement worked around the clock to restore the systems following outages that began on Monday.
Thales position on LockBit 3.0
At this stage, on November 11, 2022, at 3pm (CET time) Thales is able to confirm the following information:
Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup
The settlement last week in a $100 million lawsuit over whether insurance giant Zurich should cover losses Mondelez International suffered from NotPetya may very well reshape the entire cyber insurance marketplace. Zurich initially denied claims from Mondelez after the malware, which experts estimate caused some $10 billion in damages globally, wreaked havoc on its computer networks. The insurance provider claimed an act of war exemption since it’s widely believed Russian military hackers unleashed NotPetya on a Ukrainian company before it spread around the world.
Microsoft ties Vice Society hackers to additional ransomware strains
Microsoft tied hackers with the Vice Society ransomware gang to several ransomware strains on Tuesday, noting that the group has been behind a wave of attacks on primary schools and colleges across the world.
Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
Black Basta operational TTPs are described here in full detail, revealing previously unknown tools and techniques and a link to FIN7.
U.S. banks processed about $1.2 billion in ransomware payments in 2021
- U.S. banks and financial institutions processed more than $1 billion in potential ransomware-related payments in 2021. * It’s a new record and almost triple the amount that was reported the previous year. * Over half the ransomware attacks are attributed to suspected Russian cyber hackers, according to a new report.
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company
Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint
#StopRansomware: Daixin Team
Actions to take today to mitigate cyber threats from ransomware: • Install updates for operating systems, software, and firmware as soon as they are released. • Require phishing-resistant MFA for as many services as possible. • Train users to recognize and report phishing attempts.
TommyLeaks and SchoolBoys: Two sides of the same ransomware gang
Two new extortion gangs named 'TommyLeaks' and 'SchoolBoys' are targeting companies worldwide. However, there is a catch — they are both the same ransomware gang.
Mairies : les pirates du groupe CUBA vident deux mairies françaises de leurs contenus
Les pirates informatiques du groupe CUBA, spécialisés dans le rançonnage d’entreprise, viennent de diffuser les informations volées à deux mairies françaises.
Exploited Windows zero-day lets JavaScript files bypass security warnings
A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.
Cyberattaque : comment Caen a évité le pire grâce à l’EDR d’HarfangLab
Caen a profité des suites d’un démonstrateur de l'EDR d'HarfangLab en attente de contractualisation pour détecter les prémices du possible déploiement d’un rançongiciel. L’intrusion est avérée, un nettoyage en cours, mais le chiffrement a été évité. Et très probablement le vol de données aussi.
Technical Analysis of BlueSky Ransomware - CloudSEK
BlueSky Ransomware is a modern malware using advanced techniques to evade security defences. It predominantly targets Windows hosts and utilizes the Windows multithreading model for fast encryption.
BianLian Ransomware Encrypts Files in the Blink of an Eye
BianLian is a financially motivated threat actor that targets a wide range of industries. It uses the exotic programming language “Go” to encrypt files with unusual speed.
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.
Ransomware : qui paie et pourquoi ?
Assurément passionné, le débat sur l’indemnisation des rançons par les assurances cyber souffre d’absents majeurs : les victimes de cyberattaque avec ransomware ayant cédé au chantage. Mais qui sont-elles ?
Fake Ransomware Infection Under widespread
Cyble Research and Intelligence Labs analyzes Fake ransomware, a destructive malware capable of wiping out system drives.
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability
BumbleBee: Round Two
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. …
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics
New version of Exmatter, and Eamfo malware, used by attackers deploying the Rust-based ransomware.