Search cyberveille.decio.ch

Found 518 bookmarks

Custom sorting

GhostSec’s joint ransomware operation and evolution of their arsenal

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.

#talosintelligence #EN #2024 #GhostSec #ransomware #GhostLocker

·blog.talosintelligence.com·Mar 13, 2024

GhostSec’s joint ransomware operation and evolution of their arsenal

LockBit ransomware affiliate gets four years in jail, to pay $860k

Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. #Canada #Case #Computer #Court #InfoSec #Legal #LockBit #Prison #Ransomware #Security

#bleepingcomputer #EN #2024 #Prison #LockBit #Court #Ransomware #Case #Legal #Canada

·bleepingcomputer.com·Mar 13, 2024

LockBit ransomware affiliate gets four years in jail, to pay $860k

Switzerland: Play ransomware leaked 65,000 government documents

The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.

#bleepingcomputer #EN #2024 #Breach #Data #Ransomware #Switzerland #PLAY #Government #Xplain

·bleepingcomputer.com·Mar 7, 2024

Switzerland: Play ransomware leaked 65,000 government documents

The Anatomy of an ALPHA SPIDER Ransomware Attack

Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.

#crowdstrike #EN #2024 #Analysis #ALPHA #SPIDER #ransomware

·crowdstrike.com·Mar 7, 2024

The Anatomy of an ALPHA SPIDER Ransomware Attack

Duvel says it has "more than enough" beer after ransomware attack

Duvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilities

#bleepingcomputer #EN #2024 #Beer #Belgium #Duvel #Ransomware #Service-Disruption

·bleepingcomputer.com·Mar 6, 2024

Duvel says it has "more than enough" beer after ransomware attack

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO

The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.

#trendmicro #EN #2024 #Multistage #RA #Ransomware #Anti-AV #TTPs #GPO

·trendmicro.com·Mar 6, 2024

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO

CISA, FBI, and MS-ISAC Release Advisory on Phobos Ransomware

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), which are from incident response investigations tied to Phobos ransomware activity from as recently as February, 2024.

#cisa #EN #2024 #Phobos #Ransomware #Critical-infrastructure #StopRansomware:

·cisa.gov·Mar 6, 2024

CISA, FBI, and MS-ISAC Release Advisory on Phobos Ransomware

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware-as-a-service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and critical infrastructure to successfully ransom several million in U.S. dollars," the government said.

#thehackernews #EN #2024 #Phobos #Ransomware #CISA #US #Critical-infrastructure

·thehackernews.com·Mar 6, 2024

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

Blackcat ransomware site reportedly seized but UK agency denies responsibility

website used by hackers responsible for a breach at UnitedHealth Group (UNH.N), opens new tab has been replaced by a notice saying it has been seized by international law enforcement. But at least one of the agencies allegedly responsible said it had nothing to do with the seizure, raising the possibility that the hackers - who also go by the moniker ALPHV - faked their own takedown. A message posted to the website of the Blackcat hacking gang on Tuesday said it had been impounded "as part of a coordinated law enforcement action" by U.S. authorities and other law enforcement agencies. Among the logos of non-American agencies involved were those of Europol and Britain's National Crime Agency.

#reuters #EN #2024 #AlphV #UnitedHealth-Group #BlackCat #ransomware #UK #denies

·reuters.com·Mar 5, 2024

Blackcat ransomware site reportedly seized but UK agency denies responsibility

BlackCat ransomware shuts down in exit scam, blames the "feds"

The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure.

#bleepingcomputer #EN #2024 #ALPHV #BlackCat #Exit-Scam #Ransomware

·bleepingcomputer.com·Mar 5, 2024

BlackCat ransomware shuts down in exit scam, blames the "feds"

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.

#bleepingcomputer #EN #2024 #ALPHV #BlackCat #Healthcare #Optum #Ransomware #UnitedHealth-Group

·bleepingcomputer.com·Mar 4, 2024

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

#wired #EN #2024 #ransomware #bitcoin #blockchain #crime #healthcare #ALPHV #Alphv-BlackCat

·wired.com·Mar 4, 2024

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - SecurityWeek

Lending firm LoanDepot said the personal information of 16.9 million individuals was stolen in a ransomware attack in early January 2024.

#securityweek #EN #2024 #LoanDepot #ransomware #attack #data-breach

·securityweek.com·Mar 3, 2024

LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - SecurityWeek

US prescription market hamstrung for 9 days (so far) by ransomware attack | Ars Technica

Patients having trouble getting lifesaving meds have the AlphV crime group to thank.

#arstechnica #EN #2024 #AlphV #ransomware #US #prescription #Healthcare

·arstechnica.com·Mar 3, 2024

US prescription market hamstrung for 9 days (so far) by ransomware attack | Ars Technica

BlackCat Ransomware Affiliate TTPs

This blog post provides a detailed look at the TTPs of a ransomware affiliate operator. In this case, the endpoint had been moved to another infrastructure (as illustrated by various command lines, and confirmed by the partner), so while Huntress SOC analysts reported the activity to the partner, no Huntress customer was impacted by the ransomware deployment.

#huntress #EN #2024 #BlackCat #Ransomware #TTPs #ScreenConnect

·huntress.com·Feb 29, 2024

BlackCat Ransomware Affiliate TTPs

le team sa - Informations sur le cyberincident chez leteam sa

En décembre 2023, leteam sa a été victime d'une cyber-attaque. Un groupe de ransomware connu a pu accéder au réseau et crypter plusieurs disques. Grâce à une réaction rapide de l'équipe informatique et d'experts en sécurité externes, l'attaque a pu être rapidement contrée et les systèmes restaurés. L'analyse de l'incident a révélé une fuite de certaines données, mais celle-ci a été jugée à l'époque comme étant partiellement critique. Un monitoring a été mis en place pour surveiller une éventuelle publication de données.

#team.jobs #FR #incident #ransomware #BlackBasta #informations

·team.jobs·Feb 29, 2024

le team sa - Informations sur le cyberincident chez leteam sa

LockBit ransomware returns, restores servers after police disruption

The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector.

#bleepingcomputer #EN #2024 #police #disruption #returns #relaunching #ransomware

·bleepingcomputer.com·Feb 25, 2024

LockBit ransomware returns, restores servers after police disruption

Ransomware Operation LockBit Reestablishes Dark Web Leak Site

Russian-speaking ransomware operation LockBit reestablished a dark web leak site Saturday afternoon, posting a lengthy screed apparently authored by its leader, who

#bankinfosecurity #EN #2024 #LockBit #ransomware #Reestablishes

·bankinfosecurity.com·Feb 25, 2024

Ransomware Operation LockBit Reestablishes Dark Web Leak Site

Suisse: Le Team a été hackée, ce qu'on sait sur le ransomware

Un groupe de hackers russe a volé près de 200 Go de données à une entreprise de placement suisse et les a divulgués sur le darknet.

#watson #FR #CH #2024 #Suisse #Cybercrime #Russie #Ransomware #exfiltration #BlackBasta

·watson.ch·Feb 22, 2024

Suisse: Le Team a été hackée, ce qu'on sait sur le ransomware

Police arrests LockBit ransomware members, release decryptor in global crackdown

Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.

#bleepingcomputer #EN #2024 #Europol #LockBit #NCA #Police #Ransomware

·bleepingcomputer.com·Feb 20, 2024

Police arrests LockBit ransomware members, release decryptor in global crackdown

Law enforcement disrupt world’s biggest ransomware operation

LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage.This international sweep follows a complex investigation led by the UK National Crime Agency in the framework of an international taskforce known as ‘Operation Cronos’, coordinated at European level by Europol and Eurojust.The months-long operation has resulted in the compromise of LockBit’s...

#Europol #EN #2024 #LockBit #Operation-Cronos #disrupted #ransomware

·europol.europa.eu·Feb 20, 2024

Law enforcement disrupt world’s biggest ransomware operation

Cactus ransomware claim to steal 1.5TB of Schneider Electric data

The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.

#bleepingcomputer #EN #2024 #Cactus #Cactus-Ransomware #Data-Leak #Ransomware #Schneider-Electric

·bleepingcomputer.com·Feb 20, 2024

Cactus ransomware claim to steal 1.5TB of Schneider Electric data

Ransomware Experts See Problems With Banning Ransom Payments

As the damage caused by ransomware and profits flowing to attackers reaches record levels, a panel of cybersecurity and policy experts reviewed what it might take

#govinfosecurity #EN #2024 #ransomware #ransom #ban #sanctions #OFAC #Payments #regulation

·govinfosecurity.com·Feb 20, 2024

Ransomware Experts See Problems With Banning Ransom Payments

LockBit ransomware gang disrupted by international law enforcement operation

LockBit — the most prolific ransomware group in the world — had its website seized Monday as part of an international law enforcement operation that involved the U.K.’s National Crime Agency, the FBI, Europol and several international police agencies.

#therecord.media #EN #2024 #LockBit #LockBit-down #ransomware #seized #disrupted

·therecord.media·Feb 20, 2024

LockBit ransomware gang disrupted by international law enforcement operation

LockBit ransomware disrupted by global police operation

Law enforcement agencies from 11 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos.

#bleepingcomputer #EN #2024 #LockBit #Police #Ransomware #disrupted

·bleepingcomputer.com·Feb 19, 2024

LockBit ransomware disrupted by global police operation

Ransomware Diaries: Volume 1

The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang is behind attacks targeting private-sector corporations and other high-profile industries worldwide. News and media outlets have documented many LockBit attacks, while security vendors offer technical assessments explaining how each occurred. Although these provide insight into the attacks, I wanted to know more about the human side of the operation to learn about the insights, motivations, and behaviors of the individuals on the other side of the keyboard. To prepare for this project, I spent months developing several online personas and established their credibility over time to gain access to the gang’s operation.

#analyst1 #EN #2023 #LockBit #ransomware #Insights

·analyst1.com·Jan 21, 2023

Ransomware Diaries: Volume 1

Schools hit by cyber attack and documents leaked

Confidential details including child passport scans and SEN data is published online, the BBC finds.

#bbc #EN #2023 #ViceSociety #vice-society #schools #UK #leak #ransomware #attack #education

·bbc.com·Jan 6, 2023

Schools hit by cyber attack and documents leaked

Vanuatu: Hackers strand Pacific island government for over a week

Vanuatu - an island courted by the US and China - has been stranded offline for over a week.

#BBC #EN #2022 #Vanuatu #ransomware #government

·bbc.com·Nov 21, 2022

Vanuatu: Hackers strand Pacific island government for over a week

NHS IT supplier held to ransom by hackers

Its IT provider says it may take three or four weeks to fully recover from the cyber-attack.

#BBC #EN #2022 #NHS #UK #Ransomware #healthcare

·bbc.com·Aug 14, 2022

NHS IT supplier held to ransom by hackers

Microsoft links Raspberry Robin malware to Evil Corp attacks

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.

#Evil-Corp #bleepingcomputer #EN #2022 #DEV-206 #DEV-243 #FakeUpdates #Malware #Ransomware #Raspberry-Robin #Worm

·bleepingcomputer.com·Jul 30, 2022

Microsoft links Raspberry Robin malware to Evil Corp attacks