The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network.
A major company made a staggering $75 million ransomware payment to hackers earlier this year, according to cybersecurity vendor Zscaler.
Zscaler made the claim in a Tuesday report examining the latest trends in ransomware attacks, which continue to ensnare companies, hospitals, and schools across the country.
A cyberattack has hit a blood-donation nonprofit that serves hundreds of hospitals in the southeastern US.
The hack, which was first reported by CNN, has raised concerns about potential impacts on OneBlood’s service to some hospitals, multiple sources familiar with the matter said, and the incident is being investigated as a potential ransomware attack.
Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors. ESXi is a bare-metal hypervisor that is installed directly onto a physical server and provides direct access and control of underlying resources. ESXi hypervisors host virtual machines that may include critical servers in a network. In a ransomware attack, having full administrative permission on an ESXi hypervisor can mean that the threat actor can encrypt the file system, which may affect the ability of the hosted servers to run and function. It also allows the threat actor to access hosted VMs and possibly to exfiltrate data or move laterally within the network.
On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector.
We are sharing details of this emerging variant to help organizations defend against this threat. Please note that we may add further detail to this article as we uncover additional information in our ongoing investigation.
Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments.
Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences.
Learn about BlackSuit ransomware, its impact across sectors, and how to defend against its attacks.
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]
All about Eldorado Ransomware and how its affiliates make their own samples for distribution.
The National Health Laboratory Service is the primary diagnostic service for 80% of the population, and no timeline for its restoration has been determined
Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker
#Demon #Halcyon #Identifies #LukaLocker #New #Operator #Ransomware #Volcano
The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.
Indonesian President Joko Widodo ordered on Friday an audit of government data centres after officials said the bulk of data affected by a recent ransomware cyberattack was not backed up, exposing the country's vulnerability to such attacks.
Last week's cyberattack, the worst in Indonesia in recent years, has disrupted multiple government services including immigration and operations at major airports.
P2Pinfect is a rust-based malware covered extensively by Cado Security in the past. Cado Security researchers first discovered it during triage of honeypot telemetry in July of 2023.
Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads.
Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft.
Threat actors in the cyberespionage ecosystem are using ransomware for financial gain, disruption, distraction, misattribution, and the removal of evidence.
CDK Global, the auto dealership software solutions firm that supplies services to an estimated 15,000 dealerships in the U.S. and Canada, said it has begun the
South Africa’s National Health Laboratory Service (NHLS) was hit by hackers on Saturday, with the dissemination of lab results severely impacted.
