Apr 27, 2023Ravie LakshmananLinux / Endpoint Security The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code," Uptycs … [Read more...] about RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts
ransomware
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
Apr 17, 2023Ravie LakshmananRansomware / Cyber Attack Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and … [Read more...] about Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
Apr 12, 2023Ravie LakshmananPatch Tuesday / Software Updates It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. … [Read more...] about Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
Taiwanese PC Company MSI Falls Victim to Ransomware Attack
Apr 08, 2023Ravie LakshmananMalware / Cyber Attack Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems. The company said it "promptly" initiated incident response and recovery measures after detecting "network anomalies." It also said it alerted law enforcement agencies of the matter. That said, … [Read more...] about Taiwanese PC Company MSI Falls Victim to Ransomware Attack
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
Apr 08, 2023Ravie LakshmananCyber War / Cyber Threat The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud … [Read more...] about Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
Feb 11, 2023Ravie LakshmananRansomware / Endpoint Security After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on … [Read more...] about New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
Feb 04, 2023Ravie LakshmananEnterprise Security / Ransomware VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on … [Read more...] about New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort
In what's a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the … [Read more...] about Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort
Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
Dec 21, 2022Ravie LakshmananEmail Security / Data Security Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite … [Read more...] about Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
Royal Ransomware Threat Takes Aim at U.S. Healthcare System
Dec 12, 2022Ravie LakshmananHealthcare IT / Ransomware The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial … [Read more...] about Royal Ransomware Threat Takes Aim at U.S. Healthcare System