Security News
Cisco Talos analyzed the top 14 ransomware groups between 2023 and 2024 to expose their attack chain and highlight interesting Tactics,Techniques and Protocols. The security company also exposed the most leveraged vulnerabilities being triggered by ransomware actors.
Fujitsu Japan says an unspecified "Advanced" malware strain was to blame for a March data theft, insisting the strain was "Not ransomware", yet it hasn't revealed how many individuals are affected. Despite initially downplaying the likelihood of data theft, Fujitsu confirmed on Tuesday that affected individuals had been directly notified.
A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. "Before the ransomware attack, there were VPN brute-force attempts noted in April 2024 using a dormant account identified as 'Acc1.' Several days later, a successful VPN login using 'Acc1' was traced back to the remote IP address 149.28.106[.]252.".
As ransomware crews increasingly shift beyond just encrypting victims' files and demanding a payment to unlock them, instead swiping sensitive info straight away, some of the more mature crime organizations are developing custom malware for their data theft. "Over the past year, we have witnessed major shifts in the ransomware space with the emergence of multiple new ransomware groups, each exhibiting unique goals, operational structures and victimology," the report's authors note.
Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. [...]
An emerging ransomware-as-a-service operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.
Researchers at Avast have provided decryptors to DoNex ransomware victims on the down-low since March after discovering a flaw in the crims' cryptography, the company confirmed today. Avast offered a brief explanation about how DoNex encrypts victims' data, but annoyingly didn't actually offer any insight into the flaw in its schema.
A cryptographic weakness in the DoNex ransomware and its previous incarnations - Muse, fake LockBit 3.0, and DarkRace - has allowed Avast researchers to create a decryptor for files encrypted by all those ransomware variants. "In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024," the company's Threat Research Team has shared on Monday.
A new ransomware-as-a-service called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. Eldorado is a Go-based ransomware that can encrypt both Windows and Linux platforms through two distinct variants with extensive operational similarities.
Brain Cipher, the group responsible for hacking into Indonesia's Temporary National Data Center and disrupting the country's services, has seemingly apologized for its actions and released an encryption key to the government. The cyber criminals had demanded a ransom of 131 billion Rupiah to release data it ransomwared June 20, but the Indonesian government refused to pay up.