ransomware

Kaseya VSA customers struggling to recover from the REvil ransomware attack earlier this month have some good news: the company has received a decryptor to unscramble encrypted data. The company said Thursday it is helping impacted customers after obtaining the decryption tool from an unnamed third party. So far it has had no reports of […]

The post Kaseya obtains ransomware decryptor to help VSA victims first appeared on IT World Canada.

Read More Kaseya obtains ransomware decryptor to help VSA victims

The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware. Earlier this month, a massive supply chain attack conducted by the REvil ransomware gang hit the cloud-based managed service provider platform Kaseya, impacting both other MSPs using its VSA software and their customers. The VSA tool is used by MSPs to perform […]

The post Kaseya obtained a universal decryptor for REvil ransomware attack appeared first on Security Affairs.

Read More Kaseya obtained a universal decryptor for REvil ransomware attack

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective. 

Read More Don’t Wanna Pay Ransom Gangs? Test Your Backups.

BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. SonicWall this week has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access […]

The post HelloKitty ransomware gang targets vulnerable SonicWall devices appeared first on Security Affairs.

Read More HelloKitty ransomware gang targets vulnerable SonicWall devices

This is an interesting development:

Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday.

[…]

Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group’s earnings from its digital extortion schemes. Internet security groups said the custom-made sites ­- think of them as virtual conference rooms — where victims negotiated with REvil over how much ransom they would pay to get their data unlocked also disappeared. So did the infrastructure for making payments…

Read More REvil is Off-Line

World-renowned fashion retailer; Guess confirmed over the course of the past week that some of its clients had their confidential data compromised in a brutal ransomware attack that the fashion…

The post Popular Fashion Seller Guess Alerts Its Clients Over Possible Data Breach appeared first on Hacker Combat.

Read More Popular Fashion Seller Guess Alerts Its Clients Over Possible Data Breach

World-renowned fashion retailer; Guess confirmed over the course of the past week that some of its clients had their confidential data compromised in a brutal ransomware attack that the fashion…

The post Popular Fashion Seller Guess Alerts Its Clients Over Possible Data Breach appeared first on Hacker Combat.

Read More Popular Fashion Seller Guess Alerts Its Clients Over Possible Data Breach

World-renowned fashion retailer; Guess confirmed over the course of the past week that some of its clients had their confidential data compromised in a brutal ransomware attack that the fashion…

The post Popular Fashion Seller Guess Alerts Its Clients Over Possible Data Breach appeared first on Hacker Combat.

Read More Popular Fashion Seller Guess Alerts Its Clients Over Possible Data Breach

SonicWall has issued an urgent warning of an “imminent” ransomware to users of its Secure Mobile Access (SMA) and Secure Remote Access (SRA) products. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products […]

The post Breaking news: SonicWall warns of ‘imminent’ ransomware campaign against certain devices first appeared on IT World Canada.

Read More Breaking news: SonicWall warns of ‘imminent’ ransomware campaign against certain devices

Kaseya has released a security update to address the VSA zero-day vulnerabilities exploited by REvil gang in the massive ransomware supply chain attack. Software vendor Kaseya has released a security update to fix the zero-day vulnerabilities in its VSA software that were exploited by the REvil ransomware gang in the massive ransomware supply chain attack. […]

The post Kaseya releases patches for flaws exploited in massive ransomware supply-chain attack appeared first on Security Affairs.

Read More Kaseya releases patches for flaws exploited in massive ransomware supply-chain attack

President Joe Biden expressed concerns about ransomware attacks carried out by Russian gangs during a phone call with President Vladimir Putin. The recent wave of ransomware attacks carried out by Russian gangs like REvil and Darkside worries US authorities and was discussed by Presidents Biden and Putin during a phone call. The ransomware attacks against […]

The post Biden discussed Russian ransomware gangs with Putin in a phone call appeared first on Security Affairs.

Read More Biden discussed Russian ransomware gangs with Putin in a phone call

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. The insurance firm paid a $40 ransom to restore access to its files following the ransomware attack. […]

The post Insurance firm CNA discloses data breach after March ransomware attack appeared first on Security Affairs.

Read More Insurance firm CNA discloses data breach after March ransomware attack

Cybersecurity analysts are charting both a rise in ransomware incidents and in amounts cybercriminals are demanding from businesses to restore their data. That’s bad news in itself, but what’s often overlooked are the additional ways – beyond payments victims may or may not choose to make– victims pay for these attacks. Our latest threat report […]

The post 4 ways ransomware can cost your business (in addition to extortion) appeared first on Webroot Blog.

Read More 4 ways ransomware can cost your business (in addition to extortion)

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

Read More Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details:

This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target’s network. After writing a base-64-encoded payload to a file named agent.crt the dropper executed it.

[…]

The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.” By digitally signing their malware, attackers are able to suppress many security warnings that would otherwise appear when it’s being installed. Cybereason said that the certificate appears to have been used exclusively by REvil malware that was deployed during this attack…

Read More Details of the REvil Ransomware Attack

Resecurity® HUNTER, cyber threat intelligence and R&D unit, identified a strong connection to a cloud hosting and IoT company servicing the domain belonging to cybercriminals. According to the recent research published by ReSecurity on Twitter, starting January 2021 REVil leveraged a new domain ‘decoder[.]re’ in addition to a ransomware page available in the TOR network. […]

The post Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya appeared first on Security Affairs.

Read More Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya

Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers. Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack. Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management […]

The post Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya appeared first on Security Affairs.

Read More Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya

Revil ransomware gang hit Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group. MasMovil is one of the largest Spanish telecom operators, last week the group was hit by the REvil ransomware gang that claims to have stolen sensitive data from the company. “We have downloaded databases and other important […]

The post Revil ransomware gang hit Spanish telecom giant MasMovil appeared first on Security Affairs.

Read More Revil ransomware gang hit Spanish telecom giant MasMovil

A new malicious software (ransomware) variant that leverages Golang has been released. It indicates that cybercriminals leverage GoLang (programming language) to execute their malicious actions. CrowdStrike obtained a specimen of…

The post New Ransomware Highlights Widespread Adoption of Golang Language By Cyberattackers appeared first on Hacker Combat.

Read More New Ransomware Highlights Widespread Adoption of Golang Language By Cyberattackers

A new malicious software (ransomware) variant that leverages Golang has been released. It indicates that cybercriminals leverage GoLang (programming language) to execute their malicious actions. CrowdStrike obtained a specimen of…

The post New Ransomware Highlights Widespread Adoption of Golang Language By Cyberattackers appeared first on Hacker Combat.

Read More New Ransomware Highlights Widespread Adoption of Golang Language By Cyberattackers

US water company WSSC Water is investigating a ransomware attack that affected non-essential business systems in May. WSSC Water is investigating a ransomware attack that took place on May 24 and that targeted a portion of their network that operates non-essential business systems. According to reports from WJZ13 Baltimore, the company removed the malware just hours later and locked out […]

The post US water company WSSC Water hit by a ransomware attack appeared first on Security Affairs.

Read More US water company WSSC Water hit by a ransomware attack

On April 2021, one of the most known Ransomware Gang called Babuk, decided to change the way they ask for ransom: no more double extortion, no more file encryption but just data exfiltration and a later announcement in case of no deal with the victim. It’s a nice move forward for a Ransomware Gang that, […]

Read More Babuk Ransomware: The Builder

Kaseya was addressing the zero-day vulnerability that REvil ransomware gang exploited to breach on-premise Kaseya VSA servers. A new supply chain attack made the headlines, on Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, then pushed out […]

The post REvil gang exploited a zero-day in the Kaseya supply chain attack appeared first on Security Affairs.

Read More REvil gang exploited a zero-day in the Kaseya supply chain attack

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping.

However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals. These add fuel to the fire by incentivising cybercriminals’ engagement in ransomware operations and enabling existing operators to invest in and expand their capabilities. Growing losses from ransomware attacks have also emphasised that the current reality is not sustainable for insurers either…

Read More Insurance and Ransomware

CyberNews researchers analyzed the recently discovered Epsilon Red operations and found that more than 3.5K servers are still vulnerable Several weeks later, security researchers from Sophos have discovered a new ransomware variant known as Epsilon Red. Now, we know exactly how it was carried out – and what you should do to be safe from it. Seemingly, […]

The post Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable appeared first on Security Affairs.

Read More Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable

The cross-site scripting (XSS) susceptibility plus various supply chain operations greatly impact on the Linux marketplaces, which are located on the Pling platform. This is the outcome of a study…

The post Researcher Discovers Susceptibility Affecting Numerous Linux Marketplaces appeared first on Hacker Combat.

Read More Researcher Discovers Susceptibility Affecting Numerous Linux Marketplaces

A new Trojan written in the Go programming language, tracked as ChaChi, was involved in ransomware attacks against government agencies and US schools. Researchers from BlackBerry Threat Research and Intelligence spotted a new RAT written in the Go programming language, dubbed ChaChi, which has been used by PYSA (aka Mespinoza) operators to target victims globally. The […]

The post ChaChi, a GoLang Trojan used in ransomware attacks on US schools appeared first on Security Affairs.

Read More ChaChi, a GoLang Trojan used in ransomware attacks on US schools

A week after the law enforcement operation that targeted the Clop ransomware operators, the gang is back into action. A week after the international operation conducted by law enforcement that targeted several members of the Clop ransomware gang, the group is back into action. Last week, Ukraine police arrested multiple individuals that are believed to […]

The post Clop ransomware is back into action after the recent police operation appeared first on Security Affairs.

Read More Clop ransomware is back into action after the recent police operation