Google's Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) … [Read more...] about Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang
ransomware
How to Decrypt the PartyTicket Ransomware Targeting Ukraine
Summary On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations affected by the attack,1 among other families including a sophisticated wiper CrowdStrike Intelligence tracks as DriveSlayer (HermeticWiper). Analysis of … [Read more...] about How to Decrypt the PartyTicket Ransomware Targeting Ukraine
Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm
Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's private key, by using a cryptographic vulnerability identified through analysis," a … [Read more...] about Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm
CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks
Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled out a broad range of sectors, including defense, emergency services, agriculture, government facilities, IT, … [Read more...] about CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks
QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices
Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to … [Read more...] about QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices
TellYouThePass Ransomware Analysis Reveals Modern Reinterpretation Using Golang
TellYouThePass ransomware, discovered in 2019, recently re-emerged compiled using Golang Golang’s popularity among malware developers makes cross-platform development more accessible TellYouThePass ransomware was recently associated with Log4Shell post-exploitation, targeting Windows and Linux The CrowdStrike Falcon® platform protects customers from Golang-written … [Read more...] about TellYouThePass Ransomware Analysis Reveals Modern Reinterpretation Using Golang
New Ransomware Variants Flourish Amid Law Enforcement Actions
Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. "Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS … [Read more...] about New Ransomware Variants Flourish Amid Law Enforcement Actions
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The attack leverages the remote code execution flaw to download an additional payload, a … [Read more...] about Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
A New Rust-based Ransomware Malware Spotted in the Wild
Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or Monero," the researchers said in a series of tweets detailing the file-encrypting … [Read more...] about A New Rust-based Ransomware Malware Spotted in the Wild
Growing Ransomware Dangers Demand Layered Defense of Your Endpoints
Ransomware is more dangerous than ever before. Why? It’s partly because successful attacks don’t just affect the victim anymore. Ransomware actors are looking to profit from successful attacks as much as possible. Per Threatpost, malicious actors are turning to customers, partners, and other third parties who are related to the initial victim. Sometimes, they’re targeting those … [Read more...] about Growing Ransomware Dangers Demand Layered Defense of Your Endpoints