Recherche : [ransomware]

INPS Servizi sotto attacco ransomware. Dati a rischio e sito irraggiungibile | DDay.it https://www.dday.it/redazione/51178/inps-servizi-sotto-attacco-ransomware-dati-a-rischio-e-sito-irraggiungibile

21/11/2024 14:54:48

L’attacco è avvenuto il 18 novembre ma è stato comunicato il giorno dopo attraverso l’avviso di un ente che si serve di INPS Servizi

Office of Public Affairs | Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charge https://www.justice.gov/opa/pr/phobos-ransomware-administrator-extradited-south-korea-face-cybercrime-charges

20/11/2024 21:59:45

The Justice Department unsealed criminal charges today against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos ransomware.

The State of Cloud Ransomware in 2024 https://www.sentinelone.com/blog/the-state-of-cloud-ransomware-in-2024/

14/11/2024 16:23:36

In this new report, learn how threat actors are leveraging cloud services to target web services with ransomware attackers.

VEEAM exploit seen used again with a new ransomware: “Frag https://news.sophos.com/en-us/2024/11/08/veeam-exploit-seen-used-again-with-a-new-ransomware-frag/

11/11/2024 22:39:33

Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently…

Meet Interlock — The new ransomware targeting FreeBSD servers https://www.bleepingcomputer.com/news/security/meet-interlock-the-new-ransomware-targeting-freebsd-servers/

11/11/2024 09:13:48

A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers.

Microchip Technology Reports $21.4 Million Cost From Ransomware Attack https://www.securityweek.com/microchip-technology-reports-21-4-million-cost-from-ransomware-attack/

11/11/2024 08:57:10

Microchip Technology (NASDAQ: MCHP) revealed in its latest financial report on Tuesday that expenses related to the recent cybersecurity incident reached $21.4 million.

Cyber attack on pharmaceutical distributor AEP https://www.heise.de/en/news/Cyber-attack-on-pharmaceutical-distributor-AEP-10001220.html

04/11/2024 06:55:28

AEP GmbH was the victim of a targeted cyber attack on October 28, which led to the partial encryption of the company's IT systems. The company's own security systems detected the attack. The company provides information about this on its website.

Jumpy Pisces Engages in Play Ransomware https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/

31/10/2024 23:22:14

A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics.

Change Healthcare says 100 million people impacted by February ransomware attack https://therecord.media/change-healthcare-100-million-impacted-ransomware-attack?is=09685296f9ea1fb2ee0963f2febaeb3a55d8fb1eddbb11ed4bd2da49d711f2c7

29/10/2024 23:05:38

Change Healthcare updated filings with the federal government to warn that about 100 million people had information accessed by hackers during a ransomware attack in February.

The Department of Health and Human Services’s (HHS) Office for Civil Rights said Change Healthcare notified them on October 22 that “approximately 100 million individual notices have been sent regarding this breach.”

31 new ransomware groups were discovered in 2024 https://www.securitymagazine.com/articles/101123-31-new-ransomware-groups-were-discovered-in-2024

29/10/2024 13:39:43

A report by Secureworks revealed a 30% year-over-year rise in active ransomware groups, which demonstrates fragmentation of an established criminal ecosystem.

Akira ransomware continues to evolve https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/

26/10/2024 13:05:58

As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.

Embargo ransomware: Rock’n’Rust https://www.welivesecurity.com/en/eset-research/embargo-ransomware-rocknrust/

25/10/2024 09:12:20

ESET researchers uncover new Rust-based tools that we named MDeployer and MS4Killer and that are actively utilized by a new ransomware group called Embargo.

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/

23/10/2024 21:05:49

An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html

23/10/2024 11:56:42

Threat actors exploit Amazon S3 in ransomware attacks, using AWS credentials for data theft.

Decrypted: Mallox ransomware https://www.gendigital.com/blog/news/innovation/decrypted-mallox-ransomware

22/10/2024 18:39:47

Researchers uncover flaw in Mallox ransomware, offering free file recovery for early victims

Lynx Ransomware: A Rebranding of INC Ransomware https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/

21/10/2024 21:24:56

Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics.

Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802

21/10/2024 13:47:17

If someone asked me what was the best way to make money from a compromised AWS Account (assume root access even) — I would have answered “dump the data and hope that no-one notices you before you finish it up.”

This answer would have been valid until ~8 months ago when I stumbled upon a lesser known feature of AWS KMS which allows an attacker to do devastating ransomware attacks on a compromised AWS account.

Now I know that ransomware attacks using cross-account KMS keys is already known (checkout the article below)— but even then, the CMK is managed by AWS and they can just block the attackers access to the CMK and decrypt data for the victim because the key is OWNED by AWS and attacker is just given API access to it under AWS TOS. Also there’s no way to delete the CMK but only schedule the key deletion (min 7 days) which means there’s ample time for AWS to intervene.

Cyber Cops Stopped 500 Ransomware Hacks Since 2021, DHS Says - Bloomberg https://www.bloomberg.com/news/newsletters/2024-10-04/cyber-cops-stopped-500-ransomware-hacks-since-2021-dhs-says

07/10/2024 06:49:20

Homeland Security Investigations is stopping hacks before they occur.

Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs - JPCERT/CC Eyes https://blogs.jpcert.or.jp/en/2024/09/windows.html

02/10/2024 08:10:33

The difficult part of the initial response to a human-operated ransomware attack is identifying the attack vector. You may already know from recent security incident trends that the vulnerabilities of VPN devices are likely to be exploited, but it often...

Crucial Texas hospital system turning ambulances away after ransomware attack https://therecord.media/crucial-hospital-texas-ransomware-attackc

02/10/2024 08:01:03

One of the largest hospitals in West Texas has been forced to divert ambulances after a ransomware attack shut down many of its systems last Thursday.

The University Medical Center Health System in Lubbock confirmed on Friday that IT outages are being caused by a ransomware incident.

Liens par page

Filtres