Security News

Cisco Talos: Top Ransomware TTPs Exposed
2024-07-10 21:21

Cisco Talos analyzed the top 14 ransomware groups between 2023 and 2024 to expose their attack chain and highlight interesting Tactics,Techniques and Protocols. The security company also exposed the most leveraged vulnerabilities being triggered by ransomware actors.

Malware that is 'not ransomware' wormed its way through Fujitsu Japan's systems
2024-07-10 13:47

Fujitsu Japan says an unspecified "Advanced" malware strain was to blame for a March data theft, insisting the strain was "Not ransomware", yet it hasn't revealed how many individuals are affected. Despite initially downplaying the likelihood of data theft, Fujitsu confirmed on Tuesday that affected individuals had been directly notified.

New Ransomware Group Exploiting Veeam Backup Software Vulnerability
2024-07-10 13:06

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. "Before the ransomware attack, there were VPN brute-force attempts noted in April 2024 using a dormant account identified as 'Acc1.' Several days later, a successful VPN login using 'Acc1' was traced back to the remote IP address 149.28.106[.]252.".

Ransomware crews investing in custom data stealing malware
2024-07-10 10:00

As ransomware crews increasingly shift beyond just encrypting victims' files and demanding a payment to unlock them, instead swiping sensitive info straight away, some of the more mature crime organizations are developing custom malware for their data theft. "Over the past year, we have witnessed major shifts in the ransomware space with the emergence of multiple new ransomware groups, each exhibiting unique goals, operational structures and victimology," the report's authors note.

Avast releases free decryptor for DoNex ransomware and past variants
2024-07-08 18:51

Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. [...]

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems
2024-07-08 13:15

An emerging ransomware-as-a-service operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.

Avast secretly gave DoNex ransomware decryptors to victims before crims vanished
2024-07-08 12:44

Researchers at Avast have provided decryptors to DoNex ransomware victims on the down-low since March after discovering a flaw in the crims' cryptography, the company confirmed today. Avast offered a brief explanation about how DoNex encrypts victims' data, but annoyingly didn't actually offer any insight into the flaw in its schema.

Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released
2024-07-08 09:57

A cryptographic weakness in the DoNex ransomware and its previous incarnations - Muse, fake LockBit 3.0, and DarkRace - has allowed Avast researchers to create a decryptor for files encrypted by all those ransomware variants. "In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024," the company's Threat Research Team has shared on Monday.

New Eldorado ransomware targets Windows, VMware ESXi VMs
2024-07-05 15:56

A new ransomware-as-a-service called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. Eldorado is a Go-based ransomware that can encrypt both Windows and Linux platforms through two distinct variants with extensive operational similarities.

Ransomware scum who hit Indonesian government apologizes, hands over encryption key
2024-07-04 05:47

Brain Cipher, the group responsible for hacking into Indonesia's Temporary National Data Center and disrupting the country's services, has seemingly apologized for its actions and released an encryption key to the government. The cyber criminals had demanded a ransom of 131 billion Rupiah to release data it ransomwared June 20, but the Indonesian government refused to pay up.