Ransom.LockBit DLL Hijacking

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/96de05212b30ec85d4cf03386c1b84af.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.LockBit Vulnerability: DLL Hijacking Description: LockBit ransomware looks for and executes...

Ransomware: March 2022 review

The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this March 2022 ransomware review, we go over some of the most successful ransomware incidents based on both open source and dark web intelligence. The March da...

Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload

Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware...

Weekly Threat Digest: 14 – 20 March 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 567 22 5 36 15 60 The third week of March 2022 witnessed the discovery of 567 vulnerabilities out of which 22 gain...

Bridgestone Hit as Ransomware Torches Toyota Supply Chain

On Friday, Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in February, prompting it to shut down the computer network and production at its factories in North and Middle America for about a week, said Reuters. Among other things, Bridgestone is a major supplier of...

Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second...

LockBit 2.0 Ransomware affiliates targeting Renowned Organizations

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Since September 2021, LockBit 2.0 has targeted 500+ organizations in vital areas globally. The most recent attack targeted well-known tire producer Bridgestone, software behemoth Accenture, and the French Ministry of Justice...

Ransomware: February 2022 review

The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. BlackByte...

PT-2022-1661 · Microsoft · Windows Print Spooler +1

Name of the Vulnerable Software and Affected Versions: Windows Print Spooler versions prior to the fixed version Description: The issue is related to errors in security settings, allowing an attacker to elevate their privileges. This can affect the system, potentially leading to further...

LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong

Law enforcement, C-suite executives and the cybersecurity community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs,...

FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware

The Federal Bureau of Investigation FBI has released a Flash report detailing indicators of compromise IOCs associated with attacks, using LockBit 2.0, a Ransomware-as-a-Service that employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and...

LockBit ransomware gang claims PayBito crypto exchange as new victim

By Waqas LockBit ransomware operators claim that they stole the PayBito database that contains 100,000 customers information including email addresses… This is a post from HackRead.com Read the original post: LockBit ransomware gang claims PayBito crypto exchange as new victim...

LockBit ransomware hits French Ministry of Justice & European firms

By Waqas The LockBit ransomware operators claim to have hit business in France, Spain, Italy, Germany, and United Kingdom. The… This is a post from HackRead.com Read the original post: LockBit ransomware hits French Ministry of Justice & European firms...

Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant

LockBit ransomware's operators announced the release of its first Linux and ESXi variant in October. With samples also spotted in the wild, we discuss the impact and analysis of this variant...

Who is the Network Access Broker ‘Wazawaka?’

In a great many ransomware attacks, the criminals who pillage the victims network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman know...

PYSA Emerges as Top Ransomware Actor in November

PYSA, which is also known by Mespinoza, has overtaken Conti as the top ransomware threat group for the month of November. It joined Lockbit, which has dominated the space since August. According to NCC Group’s November insights on the ransomware sector, PYSA increased its market share with a 50...

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token NFT, and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that's capable of bypassing antivirus solutions and stage a variety of attacks. "This malware installer has been used in ...

The Top Ransomware Threats Aren’t Who You Think

While there seem to be legions of ransomware gangs, it turns out that just a handful of ransomware-as-a-service RaaS actors dominate the entire ecosystem of encryption-attack threats. In fact, just three ransomware families, none of them household names, make up 64 percent of all threats detected...

This Week in Security News - September 3, 2021

Proxytoken vulnerability can modify Exchange server configs and Lockbit jumps its own countdown, publishes Bangkok Air files...

LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files

After Bangkok Airways disclosed that it had been clobbered by a cyberattack last week, the LockBit 2.0 ransomware gang tossed its own countdown clock in the trash and went ahead and published what it claims are the airline’s encrypted files on its leak site. BleepingComputer posted an image shown...