Feb 11, 2023Ravie LakshmananRansomware / Endpoint Security After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on … [Read more...] about New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
ransomware
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
Feb 04, 2023Ravie LakshmananEnterprise Security / Ransomware VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on … [Read more...] about New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort
In what's a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the … [Read more...] about Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort
Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
Dec 21, 2022Ravie LakshmananEmail Security / Data Security Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite … [Read more...] about Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
Royal Ransomware Threat Takes Aim at U.S. Healthcare System
Dec 12, 2022Ravie LakshmananHealthcare IT / Ransomware The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial … [Read more...] about Royal Ransomware Threat Takes Aim at U.S. Healthcare System
Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware
Dec 06, 2022Ravie LakshmananEndpoint Security / Data Security A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor … [Read more...] about Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware
Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities
The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies highlighted a "sharp increase in both the … [Read more...] about Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers’ and Employees’ Data
The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net. The threat actors allegedly claim to have obtained the personal data associated with five million … [Read more...] about Daixin Ransomware Gang Steals 5 Million AirAsia Passengers’ and Employees’ Data
Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware
A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. "Observed DEV-0569 attacks show a pattern of continuous … [Read more...] about Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware
Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland
Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to … [Read more...] about Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland