Lucene search
K

31 matches found

The Hacker News
The Hacker News
added 2025/10/17 6:3 a.m.6 views

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/19 10:12 a.m.11 views

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest formerly DEV-083...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/02/12 1:12 p.m.34 views

Rhysida Ransomware Cracked, Free Decryption Tool Released

Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/16 12:3 p.m.107 views

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...

10CVSS9.2AI score0.99512EPSS
Exploits75
Trellix
Trellix
added 2023/10/09 12:0 a.m.23 views

Rhysida Ransomware

Rhysida Ransomware By Alexandre Mundo, Max Kersten, and Leandro Velasco · October 9, 2023 New ransomware victims are made every day by ransom gangs with a variety of ransomware malware families, one of which is the Rhysida ransomware family. Within this blog, an anonymised version of an attack by...

7.2AI score
Exploits0
Trellix
Trellix
added 2023/10/09 12:0 a.m.13 views

Rhysida Ransomware

Rhysida Ransomware By Leandro Velasco · October 9, 2023 This blog was also written by Alexandre Mundo and Max Kersten New ransomware victims are made every day by ransom gangs with a variety of ransomware malware families, one of which is the Rhysida ransomware family. Within this blog, an...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/09 4:20 a.m.24 views

New Report Exposes Vice Society's Collaboration with Rhysida Ransomware

Tactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society, including in their targeting of education and healthcare sectors. "As Vice Society was observed deploying a variety of commodity ransomware payloads, this link does not sugge...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/05 11:0 a.m.12 views

The 2023 State of Ransomware in Education: 84% increase in attacks over 6-month period

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/08 1:45 p.m.58 views

Ransomware review: May 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

9.8AI score0.99999EPSS
Exploits24
The Hacker News
The Hacker News
added 2023/04/17 8:1 a.m.2 views

Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors TAs using built-in data exfiltration methods like living off the...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/08 4:30 p.m.48 views

Ransomware review: February 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacke...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/29 5:0 p.m.12 views

A week in security (January 23—29)

Last week on Malwarebytes Labs: T-Mobile reports data theft of 37 million customers in the US Ransomware revenue significantly down over 2022 Microsoft to end direct sale of Windows 10 licenses at the end of January TikTok CEO told to "step up efforts to comply" with digital laws 4 ways to protec...

0.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/26 1:30 p.m.50 views

5 facts about Vice Society, the ransomware group wreaking havoc on the education sector

Move over Lockbit, there's a new ransomware-as-a-service RaaS player in town attacking the education sector--and its name is Vice Society. Vice Society is believed to be a Russian-based intrusion, exfiltration, and extortion group. And their ideal prey? You guessed it: universities, colleges, and...

0.8AI score
Exploits0
hivepro
hivepro
added 2023/01/26 3:3 a.m.22 views

Brazil’s manufacturing industry under attack by Vice Society ransomware group

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Vice Society ransomware group is a cyber threat group that made headlines in late 2022 and early 2023 for a series of attacks against various targets, including the rapid transit system in San...

0.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/01/24 12:0 a.m.14 views

Vice Society Ransomware Group Targets Manufacturing Companies

In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry...

1.5AI score
Exploits0
hivepro
hivepro
added 2022/12/26 12:50 p.m.15 views

Vice Society gang switches to new custom ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Vice Society is a well-established ransomware group that has successfully targeted a range of enterprises. They aim to maximize their financial gain by using the standard double extortion strategy. In...

1.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/23 10:5 a.m.24 views

Vice Society Ransomware Attackers Adopt Robust Encryption Methods

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed 'PolyVice,' implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms," SentinelOne...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/07 2:34 p.m.36 views

Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022

The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive. Other prominent industry verticals targeted include healthcare, governments,...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/26 8:13 a.m.280 views

Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the gro...

7.8CVSS9.2AI score0.07304EPSS
Exploits2
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/10/25 4:0 p.m.42 views

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, QuantumLocker, and Zeppelin,...

4.6CVSS1.4AI score0.07304EPSS
Exploits2
Rows per page
Query Builder