Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware.
In this week's Ransomware Roundup, FortiGuardLabs covers Trigona ransomware along with protection recommendations. Read the blog to find out more.
In the last year, HIVE ransomware has been identified as a major threat as it has been used to compromise and encrypt the data and computer systems of large IT and oil multinationals in the EU and the USA. Since June 2021, over 1 500 companies from over 80 countries worldwide have fallen victim to HIVE associates and lost almost...
The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang is behind attacks targeting private-sector corporations and other high-profile industries worldwide. News and media outlets have documented many LockBit attacks, while security vendors offer technical assessments explaining how each occurred. Although these provide insight into the attacks, I wanted to know more about the human side of the operation to learn about the insights, motivations, and behaviors of the individuals on the other side of the keyboard. To prepare for this project, I spent months developing several online personas and established their credibility over time to gain access to the gang’s operation.
The arrest comes as the U.S. ramps up efforts to crack down on attempts by cybercriminals to use cryptocurrency to evade sanctions.
The Vice Society ransomware gang has claimed responsibility for the November 2022 cyberattack that forced the University of Duisburg-Essen (UDE) to reconstruct its IT infrastructure, a process that's still ongoing.
Postal service has been unable to send letters and parcels overseas since Wednesday due to hacking
Royal Mail has been hit by a ransomware attack by a criminal group, which has threatened to publish the stolen information online.
The postal service has received a ransom note purporting to be from LockBit, a hacker group widely thought to have close links to Russia.
Confidential details including child passport scans and SEN data is published online, the BBC finds.
The news organization won't go into detail about what attackers hit, and why.
We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora Ransomware. The assumed connection to the Pandora Ransomware was due to some similarities between the CatB and Pandora ransom notes. However, the similarities pretty much end there. The CatB ransomware implements several anti-VM techniques to verify execution on a “real machine”, followed by a malicious DLL drop and DLL hijacking to evade detection.
More than 200 local governments, schools and hospitals in the U.S. were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft.
The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.
In a New Year's Eve apology, the LockBit ransomware gang has expressed regret for attacking Toronto's Hospital for Sick Children and sent a free decryptor so files can be unscrambled. According to Brett Callow, a B.C.-based threat analyst for Emsisoft, the gang posted a message on its site claiming the attack was the work of an affiliate and violated their rules.
New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.
Cyble Research and Intelligence Labs analyzes multiple ransomware strains created based on leaked source code of Conti Ransomware.
In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.
Incident has hit parts of media company’s technology infrastructure, with staff told to work from home
“TargetCompany” is a type of ransomware that was first identified in June 2021. The researchers named it TargetCompany ransomware because it adds the targeted company name as a file extension to the encrypted files. In September 2022, researchers identified a TargetCompany ransomware variant targeting Microsoft SQL servers and adding the “Fargo” extension to the encrypted files. TargetCompany ransomware is also known to add a “Mallox” extension after encrypting the files.
Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.
Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.
