Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm

Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's...

CISA Ransomware report warns “triple threat” attacks still on the prowl

Though we may be stuck with endless COVID-19 scams and a gradual visible rise in all manner of cryptocurrency hijinks, the old school attacks are as perilous as ever; CISA, the Cybersecurity & Infrastructure Security Agency, have released their 2021 report detailing the increasing globalised thre...

Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares

The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a forum post. The liberator, using the handle “Topleak,” described themselves as the developer of the three ransomwares. It’s been lovely,...

LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong

Law enforcement, C-suite executives and the cybersecurity community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs,...

QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices

Taiwanese company QNAP has warned customers to secure network-attached storage NAS appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," th...

Ransomware gangs are recruiting breached individuals to persuade companies to pay up

Youve heard about ransomware, where attackers lock up your files and demand a payment for the decryption key. You may also have heard about ransomware attackers not only locking up your files, but also threatening to release the stolen data in an attempt to get you to pay up. What you may not hav...

How CISOs are preparing to tackle 2022

Looking back over the last year, the security landscape has continued to experience significant change and escalation. Every day, we see the toll this is taking on organizations of all sizes as they navigate the enduring challenges of the pandemic, the expansion of the digital estate, and the...

A Trip to the Dark Site — Leak Sites Analyzed

Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion or, as we...

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware...

New ‘White Rabbit’ Ransomware May Be New FIN8 Tool

A new ransomware family, White Rabbit, chewed through a local U.S. bank last month — and it may be connected to the financially motivated advanced persistent threat APT group known as FIN8, researchers said. In a Tuesday report, Trend Micro researchers said that this twicky wabbit knows how to...

Night Sky: the new corporate ransomware demanding a sky high ransom

Theres a new ransomware in town—isnt there always?—and its, unsurprisingly, after corporation-sized businesses. Its called Night Sky, and it was first spotted and revealed by MalwareHunterTeam, a group on Twitter who hunts malware online, on the first day of 2022. First day of the year, and a new...

Portugal Media Giant Impresa Crippled by Ransomware AttackMedia Giant Impresa Crippled by Ransomware Attack

Media giant Impresa, which owns the largest television station and newspaper in Portugal, was crippled by a ransomware attack just hours into 2022. The suspected ransomware gang behind the attack goes by the name Lapsus$. The attack included Impresa-owned website Expresso newspaper and television...

PYSA Emerges as Top Ransomware Actor in November

PYSA, which is also known by Mespinoza, has overtaken Conti as the top ransomware threat group for the month of November. It joined Lockbit, which has dominated the space since August. According to NCC Group’s November insights on the ransomware sector, PYSA increased its market share with a 50...

Ransom DDoS Enters its Fourth Wave

Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...

Karakurt: A New Emerging Data Theft and Cyber Extortion Hacking Group

A previously undocumented, financially motivated threat group has been connected to a string of data theft and extortion attacks on over 40 entities between September and November 2021. The hacker collective, which goes by the self-proclaimed name Karakurt and was first identified in June 2021, i...

BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild

Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or...

‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware

There is a new financially motivated threat group on the rise and for a change, it doesn’t appear to be interested in deploying ransomware or taking out high-profile targets. Researchers from Accenture Security have been tracking a group that calls itself “Karakurt,” which means “black wolf” in...

RANSOMWARE: Ranzy Locker

On 25 October 2021, the FBI released a report documenting their findings about a ransomware variant known as Ranzy Locker. While Ranzy Locker has not been used as prolifically as Conti or Darkside, it does leverage some of the same old ransomware tricks to attack its victims. In conjunction with...

The story of the year: ransomware in the headlines

In the past twelve months, the word "ransomware" has popped up in countless headlines worldwide across both print and digital publications: The Wall Street Journal, the BBC, the New York Times. It is no longer just being discussed by CISOs and security professionals, but politicians, school...

Attacker unmasked by VPN flubs charged with Ubiquiti hack

A veritable barn-stormer of an insider threat story has recently come to light. A former employee of Ubiquiti Networks, Nickolas Sharp, has been arrested and charged for allegedly hacking company servers, stealing gigabytes of information, and then rounding it all off with a splash of extortion...