Credit to Author: Pieter Arntz| Date: Wed, 23 Feb 2022 13:58:00 +0000
Researchers have found a flaw in the Hive ransomware encryption method that allows them to recover a high percentage of the encrypted files.
The post Hive ransomware: Researchers figure out a method to decrypt files appeared first on Malwarebytes Labs.
Read more
Credit to Author: Andrew Brandt| Date: Wed, 23 Feb 2022 11:30:07 +0000
Some code used in the ransomware bear a resemblance to code used in Dridex malware, hinting at a common origin
Read more
Credit to Author: BrianKrebs| Date: Wed, 16 Feb 2022 16:44:19 +0000
A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.
Read more
Credit to Author: BrianKrebs| Date: Mon, 14 Feb 2022 18:22:38 +0000
In January, KrebsOnSecurity examined clues left behind by “Wazawaka,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. In last month’s story, we explored clues that led from Wazawaka’s multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.”
Read moreCredit to Author: Christopher Boyd| Date: Mon, 14 Feb 2022 18:20:00 +0000
 | |
| We take a look at one of the most interesting aspects of the recently released CISA ransomware report: the triple threat. Categories: Ransomware Tags: cisamalwareorganisationransomwaretriple threat |
The post CISA Ransomware report warns “triple threat” attacks still on the prowl appeared first on Malwarebytes Labs.
Read moreCredit to Author: Jovi Umawing| Date: Mon, 14 Feb 2022 15:52:18 +0000
 | |
| Just hours before the Super Bowl Sunday kick off, the San Francisco 49ers confirmed it was the victim of a ransomware attack. Categories: Ransomware Tags: 2fa49ersBlackByte ransomwarefbiproxyshellProxyShell vulnerabilityraasransomwareransomware-as-a-serviceSan Franciso 49erstwo-factor authentication |
The post Ransomware gang hits 49ers’ network before Super Bowl kick off appeared first on Malwarebytes Labs.
Read moreCredit to Author: Jovi Umawing| Date: Tue, 08 Feb 2022 14:04:51 +0000
 | |
| They call it Sugar ransomware, but it’s not sweet in any way. Categories: Ransomware Tags: Cl0pCl0P ransomwareEncoded01Encoded01 ransomwareMarcelo RiveroPeter AntonovransomwarerevilREvil ransomwareSCOP encryption algorithmSimeon Maltchevstream cipherSugar ransomware |
The post “We absolutely do not care about you”: Sugar ransomware targets individuals appeared first on Malwarebytes Labs.
Read moreCredit to Author: Malwarebytes Labs| Date: Mon, 31 Jan 2022 10:52:27 +0000
 | |
| The most important and interesting security stories from the last seven days. Categories: A week in security Tags: deadboltqnapransomware |
The post A week in security (January 24 – 30) appeared first on Malwarebytes Labs.
Read more