HackDig : Dig high-quality web security articles

Are Ransomware Attacks Declining, or Has Reporting Worsened?

While examining the state of ransomware in 2023, the statistics show promise — at least on the surface. According to the IBM X-Force Threat Intelligence Index 2023, “Ransomware’s share of incidents declined from 21% in 2021 to 17% in 2022.” Also promising: ransomware groups had a shaky 2022. The Trickbot group, for example, faced sig
Publish At:2023-05-17 11:13 | Read:493958 | Comments:0 | Tags:Risk Management Conti lockbit endpoint detection and respons

Leaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXi

The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021. The experts pointed out that these ransomware
Publish At:2023-05-12 17:10 | Read:466490 | Comments:0 | Tags:Breaking News Cyber Crime Malware Babuk ransomware Conti Cyb

TrickBot gang members sanctioned after pandemic ransomware attacks

In a collaborative partnership, officials in the United States and the United Kingdom unmasked and imposed financial sanctions against seven members of the notorious Russian gang TrickBot (alias "TrickLoader"), a mainstream banking Trojan turned malware-as-a-service (MaaS) platform for other criminals. Apart from taking over bank accounts
Publish At:2023-02-15 22:16 | Read:404941 | Comments:0 | Tags:News Conti ransomware TrickBot sanction

CISA issues alert with South Korean government about DPRK's ransomware antics

CISA and other federal agencies were joined by the National Intelligence Service (NIS) and the Defense Security Agency of the Republic of Korea (ROK) in releasing the latest cybersecurity advisory in the US government's ongoing #StopRansomware effort. This alert highlights continuous state-sponsored ransomware activities by the Democratic
Publish At:2023-02-13 22:16 | Read:581091 | Comments:0 | Tags:News Ransomware CISA ransomware Democratic People’s Republic

Ransomware money laundering operation disrupted, founder arrested

The US Department of Justice (DOJ) has released information about the arrest of Anatoly Legkodymov, the founder and majority owner of a cryptocurrency exchange called Bitzlato, on money laundering charges. Legkodymov, a Russian national who lives in China, is accused of processing over $700 million of illicit funds. The US Department of the Treasury’s
Publish At:2023-01-20 22:15 | Read:391622 | Comments:0 | Tags:News Ransomware Cryptocurrency exchange Bitzlato Conti ranso

Ransomware review: July 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained the place it has occupied all year as the most active ransom
Publish At:2022-08-04 20:01 | Read:1154494 | Comments:0 | Tags:Threat Intelligence 0mega BianLian BlackBasta Cheers conti h

Ransomware rolled through business defenses in Q2 2022

Ransomware has given security professionals a headache for the better part of a decade. Fast forward to 2022, and the headache has become a migraine—not just for IT teams but business owners, employees, and customers as well. Over the last three months, ransomware gangs have increased the pressure by multiplying in number and unleashing targeted attacks on v
Publish At:2022-07-13 20:00 | Read:1455707 | Comments:0 | Tags:Business black basta conti government lockbit ransomware

North Korean APT targets US healthcare sector with Maui ransomware

State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health (HPH) sector for the past year using the Maui ransomware, according to a joint cybersecurity advisory (CSA) from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury. CISA Director Jen Easterly also announced t
Publish At:2022-07-10 20:00 | Read:623603 | Comments:0 | Tags:Ransomware APT cisa conti Cybersecurity and Infrastructure S

Ransomware review: June 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In June, LockBit was the most active ransomware, just as it has been all year. The month
Publish At:2022-07-01 20:00 | Read:1124865 | Comments:0 | Tags:Threat Intelligence ALPHV conti Karakurt lockbit ransomware

A week in security (June 20 – June 26)

Last week on Malwarebytes Labs: LinkedIn scams are a “significant threat”, warns FBIDDoS-for-hire service provider jailedInternet Safety Month: 7 tips for staying safe online while on vacationClient-side Magecart attacks still around, but more covertSecurity vulnerabilities: 5 times that organizations got hackedYou can be tracked online using
Publish At:2022-06-27 07:53 | Read:758920 | Comments:0 | Tags:A week in security 311 7-zip APT28 catfishing chrome conti C

Conti ransomware group’s pulse stops, but did it fake its own death?

The dark web leak site used by the notorious Conti ransomware gang has disappeared, along with the chat function it used to negotiate ransoms with victims. For as long as this infrastructure is down the group is unable to operate and a significent threat is removed from the pantheon of ransomware threats. The Conti leak site is down (June 22, 2022) Ran
Publish At:2022-06-23 16:01 | Read:1035610 | Comments:0 | Tags:Ransomware conti Conti ransomware ransomware

Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions

Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is go
Publish At:2022-05-31 20:37 | Read:1159445 | Comments:0 | Tags:A Little Sunshine Data Breaches Ne'er-Do-Well News Ransomwar

A week in security (May 9 – 15)

Last week on Malwarebytes Labs: How to spot the signs of a virtual kidnap scamVirtual credit cards coming to Chrome: What you need to knowClearview AI banned from selling facial recognition data in the USCyberattacks on SATCOM networks attributed to Russian threat actorsF5 BIG-IP vulnerability is now being used to disable serversCollege closes down after
Publish At:2022-05-16 09:01 | Read:846451 | Comments:0 | Tags:A week in security APT34 canon chrome Clearview AI conti F5

Costa Rica continues defence against sustained Conti ransomware attacks

It’s not been plain sailing recently for Conti ransomware, the Ransomware as a Service (RaaS) group with several major attacks under its belt. In August last year, a pen tester leaked valuable manuals and documents related to the operation. These leaks continued as the Conti gang expressed support for the Russian Government in the midst of their invasi
Publish At:2022-05-09 12:52 | Read:599896 | Comments:0 | Tags:Ransomware conti costa rica data fbi losses ransomware treas

Adventures in the land of BumbleBee

Authored by: Nikolaos Totosis, Nikolaos Pantazopoulos and Mike Stokkel Executive summary BUMBLEBEE is a new malicious loader that is being used by several threat actors and has been observed to download different malicious samples. The key points are: BUMBLEBEE is statically linked with the open-source libraries OpenSSL 1.1.0f, Boost (version 1.68).
Publish At:2022-04-29 08:54 | Read:847705 | Comments:0 | Tags:Uncategorized bumblebee cobalt strike conti meterpreter


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud