ransomware

Attacking everyone in a row, attackers use a proven method of entering the computer. The Microsoft Threat Intelligence discovered a new campaign by the Storm-1811 group, which uses the Quick Assist tool to conduct social engineering attacks on users. Quick Assist is a legitimate Microsoft...

New details have brought more clarity to the case of the "great and terrible" LockBitSupp. Last week, the United States, along with the United Kingdom and Australia, filed charges and imposed sanctions against Dmitry Khoroshev, who is considered the leader of the well-known extortion ring...

9 months after the incident, the real scale of the leak finally became known. A major health care provider in the U.S. state of Mississippi called Singing River recently reported that a cyberattack in August 2023 affected the data of 895,204 people. The medical network includes hospitals in...

Boeing entered the top leaders, but does the company need such a rating? In October 2023, Boeing became a victim of the LockBit ransomware program. This week, the company reported that the attackers demanded a ransom of $200 million. Boeing confirmed to the CyberScoop news portal that it is...

Is this a real revelation or another deception? Intelligence agencies revived the seized LockBit website to announce new information disclosed by law enforcement agencies. After the large-scale operation Kronos, law enforcement agencies shut down the LockBit infrastructure and transformed one...

The malicious campaign demonstrates hackers desire for covert management of infected systems. Cybersecurity experts from the ASEC identified a series of advanced cyber attacks targeting Microsoft SQL (MS-SQL) servers. A group of attackers known as TargetCompany uses the Mallox ransomware virus...

The LockBit 3.0 ransomware builder, leaked in 2022, became the basis for many modifications that have already appeared on the market. As Kaspersky Lab researchers found out (https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/), some of the attacks using modifications were...

Why are companies paying less and less ransom? Are hackers losing their grip? In the first quarter of 2024, the share of companies that agreed to pay a ransom to attackers reached a record low of 28%. This data was provided by Coveware, a cybersecurity company. The comparison with the fourth...

This is a rare case when the public will take the side of cybercriminals. Cybersecurity researchers have discovered an unusual malware campaign targeting people searching for child pornography online. Instead of extorting money from random victims, as is usually the case, this time the...

Участники угрозы используют не исправленные серверы Atlassian для развертывания Linux-версии Cerber (также известной как C3RB3R)-программы-вымогателя. В атаках используется CVE-2023-22518 (оценка CVSS: 9.1), критическая уязвимость системы безопасности, влияющая на Центр обработки данных...

On March 30, the Chilean division of PowerHost, IxMetro, was the victim of a cyberattack by a new group of SEXI ransomware. As a result of the attack, the company's VMware ESXi servers and data backups were encrypted. PowerHost is a data center, hosting, and internetworking company located in...

The story of hacking and blackmailing a failed hacker. An Idaho man has confessed to hacking into medical clinics and a police station with subsequent extortion. Robert Purbeck, known under the pseudonyms Lifelock and Studmaster, was arrested on charges of cybercrime committed between 2017 and...

The multi-stage execution technique allows you to bypass any protection. Security researchers have discovered a new variant of the StopCrypt ransomware, also known as STOP. This version uses a multi-step execution process using shellcodes to bypass security tools, making the malware...

How will the latest attempts of hackers to revive their evil empire turn out? Recently, we reported that the infrastructure of the LockBit hacker group, widely known for its ransomware attacks, was eliminated as a result of Operation Kronos, conducted by the British authorities. This event was...

Operators continue to carry out attacks, despite the elimination of their infrastructure. Attackers are actively exploiting the ScreenConnect vulnerability to break into non-updated servers in order to deploy the LockBit ransomware program on compromised networks. The authentication bypass...

Employees of the Ministry of Internal Affairs of Russia, with the support of specialists from F. A. C. C. T., a Russian developer of technologies to combat cybercrime, identified and detained members of the criminal group of SugarLocker ransomware. The attackers worked under the guise of a...

The Netwalker group disappeared from the radar back in 2021, but researchers noticed suspicious similarities while studying other software. Experts have found disturbing links between the recent Alpha ransomware virus and the Netwalker criminal group, which was eliminated several years ago...

What does RansomHouse hackers have to do with creating a new malware? The RansomHouse group, known for its activities in the field of extortion using specialized programs, has developed a new malicious tool called "MrAgent". It is designed to automate the distribution of the data encryptor...

How did researchers from Seoul manage to solve the secret hacker cipher? Cybersecurity experts have discovered an implementation vulnerability in the Rhysida ransomware that allowed them to recover encryption keys and decrypt data blocked by the malware. The discovery was published by a team of...

The malware feels at home in other people's networks, not sparing the data of victims. Cybersecurity researchers have discovered a new variant of the Phobos ransomware family, called Faust. A report on the latest iteration of the virus was published by FortiGuard Labs researchers from Fortinet...