HackDig : Dig high-quality web security articles

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

On the 14th of May, the Health Service Executive (HSE), Ireland’s publicly funded healthcare system, fell victim to a Conti ransomware attack, forcing the organization to shut down more than 80,000 affected endpoints and plunging them back to the age of pen and paper. This happened a week after DarkSide, another ransomware strain, hit the USA’s Colonial Pipe
Publish At:2021-05-28 14:27 | Read:446 | Comments:0 | Tags:Ransomware Threat spotlight Bazar BokBot Colonial Pileline c

PYSA, the ransomware attacking schools

The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. If this is the first time you’ve heard of this family, read on. What is PYSA ransomware? Home page image of the
Publish At:2021-03-30 12:52 | Read:784 | Comments:0 | Tags:Ransomware Threat spotlight CERT France CERT-FR education cy

HelloKitty: When Cyberpunk met cy-purr-crime

On February 9, after discovering a compromise, CD Projekt Red (CDPR) announced to its 1+ million followers on Twitter that it was the victim of a ransomware attack against its systems (and made it clear they would not yield to the demands of the threat actors, nor negotiate). Cyberpunk 2077, the latest game released by CD Projekt Red and once hailed as th
Publish At:2021-03-18 12:06 | Read:718 | Comments:0 | Tags:Threat spotlight 78afe88dbfa9f7794037432db3975fa057eae3e4dc0

Ryuk ransomware develops worm-like capability

The French government’s computer emergency readiness team, that’s part of the National Cybersecurity Agency of France, or ANSSI, has discovered a Ryuk variant that has worm-like capabilities during an incident response. For those unacquainted with Ryuk, it is a type of ransomware that is used in targeted attacks against enterprises and organiz
Publish At:2021-03-02 17:48 | Read:882 | Comments:0 | Tags:Malwarebytes news ANSSI arp botnet emotet KRBTGT rpc ryuk sc

Threat profile: Egregor ransomware is making a name for itself

What is Egregor? Egregor ransomware is a relatively new ransomware (first spotted in September 2020) that seems intent on making its way to the top right now. Egregor is considered a variant of Ransom.Sekhmet based on similarities in obfuscation, API-calls, and the ransom note. As we’ve reported in the past, affiliates that were using Maze ransom
Publish At:2020-12-15 13:18 | Read:1073 | Comments:0 | Tags:Ransomware Threat spotlight cobalt strike egregor exfiltrate

Threat spotlight: WastedLocker, customized ransomware

WastedLocker is a new ransomware operated by a malware exploitation gang commonly known as the Evil Corp gang. The same gang that is associated with Dridex and BitPaymer. The attribution is not based on the malware variants as WastedLocker is very different from BitPaymer. What was kept was the ability to add specific modules for different targets. The
Publish At:2020-07-10 15:15 | Read:1390 | Comments:0 | Tags:Threat spotlight evil corp Ransom.BinADS ransomware wasted w

Search hijackers change Chrome policy to remote administration

The latest type of installer in the saga of search hijacking changes a Chrome policy which tells users it can’t be removed because the browser is managed from the outside. As you can imagine, that has freaked out quite a few Chrome users. We have talked about the search hijacker’s business model in detail. Suffice to say, it is a billion-dollar indust
Publish At:2020-06-11 12:57 | Read:1168 | Comments:0 | Tags:Threat spotlight capita chrome policies chrome policy extens

Maze: the ransomware that introduced an extra twist

An extra way to create leverage against victims of ransomware has been introduced by the developers of the Maze ransomware. If the victim is not convinced that she should pay the criminals because her files are encrypted, there could be an extra method of extortion. Over time, more organizations have found ways to keep safe copies of their important files or
Publish At:2020-05-29 16:05 | Read:1592 | Comments:0 | Tags:Threat spotlight data Fallout Maze pulse ransomware Spelevo

Threat spotlight: RobbinHood ransomware takes the driver’s seat

Despite their name, the RobbinHood cybercriminal gang is not stealing from the rich to give to the poor. Instead, these ransomware developers are more like big game hunters—attacking enterprise organizations and critical infrastructure and keeping all the spoils for themselves. In 2019, the RobbinHood ransomware creators successfully attacked and receive
Publish At:2020-02-20 17:07 | Read:2140 | Comments:0 | Tags:Threat spotlight .enc_robbinhood Anti-Ransomware baltimore b

Business in the front, party in the back: backdoors in elastic servers expose private data

It seems like every day we read another article about a data breach or leak of cloud storage exposing millions of users’ data. The unfortunate truth is that the majority of these leaks require no actual “hacking” on the part of the attacker. Most of the time, this highly confidential data is just sitting in open databases, ripe for the
Publish At:2020-01-17 16:50 | Read:2242 | Comments:0 | Tags:Threat spotlight aws AWS buckets cloud database cloud databa

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware’s got its hooks in global businesses and shows no signs of stopping. That includes a malware family known as Phobos ransomware, named afte
Publish At:2020-01-10 16:50 | Read:3364 | Comments:0 | Tags:Threat spotlight brute force coveware crysis crysis ransomwa

Threat spotlight: The curious case of Ryuk ransomware

Ryuk. A name once unique to a fictional character in a popular Japanese comic book and cartoon series is now a name that appears in several rosters of the nastiest ransomware to ever grace the wild web. For an incredibly young strain—only 15 months old—Ryuk ransomware gaining such notoriety is quite a feat to achieve. Unless the threat actors behind its
Publish At:2019-12-12 21:50 | Read:3055 | Comments:0 | Tags:Threat spotlight AES average ransom amount BitPaymer BitPaym

Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomwa

This post was authored by Nick Biasini with contributions from Joel Esler, Nick Hebert, Warren Mercer, Matt Olney, Melissa Taylor, and Craig Williams.Executive SummaryToday, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit.  Angler is one of the largest exploit kit
Publish At:2015-10-06 18:20 | Read:5860 | Comments:0 | Tags:Threat Research angler exploit kit Talos threat spotlight ex

Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors

This post was authored by Ben Baker and Alex Chiu.Executive SummaryThreat actors and security researchers are constantly looking for ways to better detect and evade each other.  As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples.  Better static, dynamic, and automated ana
Publish At:2015-05-04 18:05 | Read:7655 | Comments:0 | Tags:Threat Research malware reverse engineering Rombertik Talos

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

This post was authored by: Andrea Allievi, Earl Carter & Emmanuel TacheauAfter the takedown of Cryptolocker, we have seen the rise of Cryptowall. Cryptowall 2 introduced “features” such as advanced anti-debugging techniques, only to have many of those features removed in Cryptowall 3. Ransomware is becoming an extremely lucrative business, leading to man
Publish At:2015-04-27 21:30 | Read:7325 | Comments:0 | Tags:Threat Research ransomware Talos TeslaCrypt threat spotlight


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud