Ransomware

Updated on 2022-12-22: Ransomware strains go Rust The Agenda (Qilin) and the Nokoyawa ransomware strains have been ported to Rust, following in the footsteps of BlackCat, Hive, and RansomExx. Read more: Agenda Ransomware Uses Rust to Target More Vital Industries Nokoyawa Ransomware: Rust or Bust Overview: Nokoyawa ransomware Fortinet has published a report on the …

Updated on 2022-12-22 The FBI warned against threat actors using search engine ads to promote websites propagating ransomware or exfiltrating login credentials from crypto exchanges and financial institutions. Read more: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users Overview: FBI recommends ad blockers In a PSA this week, the FBI recommended …

Updated on 2022-12-29 Play ransomware Fortinet researchers have a technical breakdown of the new Play ransomware operation. Read more: Ransomware Roundup – Play Ransomware Updated on 2022-12-23 Palo Alto Networks Unit 42 researchers observed the active exploitation of the OWASSRF vulnerability. So far, eight organizations have seen the exploitation activity against Microsoft Exchange servers. Read …

Updated on 2022-12-16 Colombian energy company EPM underwent a BlackCat ransomware attack, taking down its IT infrastructure and websites. The threat actor claims to have stolen business data. Read more: Ransomware attack hits Colombian Energy Supplier EPM Overview: Ransomware Attack on Colombian Energy Provider The network of Empresas Públicas de Medellín (EPM), a Colombian energy …

Updated on 2022-12-13 Check Point has a technical breakdown of Azov, a data wiper that was deployed in the wild in September and November. The malware was delivered on systems previously infected with the SmokeLoader malware, tried to frame known security researchers as its authors, and according to Check Point, was “an egregious false flag …

Updated on 2022-12-12: MuddyWater APT Deep Instinct researchers have a report out on a recent spear-phishing campaign carried out by the MuddyWater Iranian APT. This particular campaign was of note because of two things. First, the group used compromised corporate accounts to send out emails to their targets. Second, the final payload was Syncro, a …

Updated on 2022-12-15: Citrix and Fortinet patch zero-days exploited in APT and ransomware campaigns Citrix and Fortinet, two of today’s largest providers of enterprise networking equipment, have released security updates to patch two zero-day vulnerabilities that were exploited in the wild against their devices. The Fortinet zero-day (CVE-2022-42475) is an unauthenticated RCE that impacts the …

Updated on 2023-01-06 Rackspace confirmed that the December 2022 cyberattack was conducted by the Play ransomware group that accessed some of its customers’ Personal Storage Table (PST) files containing lots of information. Updated on 2023-01-05: Rackspace Says Attack was the Work of Play Ransomware Group Managed cloud hosting provider Rackspace says that the December 2, …

Updated on 2022-12-04 U.K. water supplier hacked: Not a great week for the 1.7 million customers of South Staffs Water and Cambridge Water in the U.K., whose parent company has confirmed a breach of customer bank details — though it’s not saying how many customers are actually affected (assume the worst). The water supplier is …

Updated on 2022-12-01 There’s also a new ransomware strain in town, and its name is Trigona. Read more: Trigona ransomware spotted in increasing attacks worldwide Overview A previously unidentified ransomware has reemerged as the new Trigona ransomware and launched a new Tor site to accept ransom payments in Monero. Read more: Trigona ransomware spotted in …

Updated on 2022-12-05 Kaspersky identified a new data wiper, dubbed CryWiper, that was used for destructive attacks against Russia’s mayor’s offices and courts. The malware pretends to be a ransomware. Read more: New CryWiper wiper targets Russian entities masquerading as a ransomware Updated on 2022-12-04: CryWiper Malware Seen on Russian Courts and Mayors’ Office Networks …

Updated on 2022-11-29 IKEA confirmed suffering a cyberattack on its Kuwait and Morocco branches, disrupting several operating systems. The Vice Society ransomware group added the franchises to its leak site. Read more: IKEA investigating cyberattacks on outlets in Kuwait, Morocco Overview: Local IKEA incidents Swedish furniture retailer IKEA confirmed that its local franchises in Kuwait …

Updated on 2022-11-28: Ransomware Operators Leak Belgian Police Force Data Ransomware operators who thought they were targeting a Belgian municipality in Antwerp instead stole from the Zwijndrecht police force in that city. The attackers leaked the data, which includes crime report files, investigation reports, traffic camera footage, and personnel information. The attackers reportedly leveraged an …

Updated on 2022-11-27: Life ransomware Trend Micro said that it detected a new version of the WannaRen ransomware in attacks that targeted Indian users over the month of October. The original WannaRen ransomware was active for only a few days in August 2020, when it infected thousands of Chinese internet users who downloaded copies of …

Updated on 2022-11-30: Vanuatu’s Government Struggling to Recover from Cyberattack A month after a cyberattack took down Vanuatu’s government servers and websites, officials are still using their private email accounts, their personal laptops, typewriters, and pen and paper to conduct business. Government offices in the outer islands of the South Pacific country are experiencing significant …