Source: https://www.bleepingcomputer.com/
The NFL's San Francisco 49ers team is recovering from a cyberattack by the BlackByte ransomware gang who claims to have stolen data from the American football organization.
Jakub Kroustek found new STOP Ransomware variants that append the .qnty and .iips extensions.
Jakub Kroustek found a new Dharma Ransomware variant that appends the .kl extension.
Amigo-A found a a new ransomware named Sojusz that appends the .sojusz extension.
Sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after being hit by ransomware, BleepingComputer has learned from sources familiar with the attack.
The US Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.
In this section, we’ll delve into two intertwined areas of Russia’s crypto crime ecosystem that, together, have serious implications for cybersecurity, compliance, and national security: ransomware and money laundering.
This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.”
Amigo-A found a a new ransomware dubbed D3adCrypt that appends the .d3ad extension and drops ransom notes named d3ad_Help.txt and d3ad_Help.hta.
The BlackCat ransomware group, aka ALPHV, has claimed responsibility for the recent cyber attack on Swissport that caused flight delays and service disruptions.
Karsten Hahn spotted a new variant of the LockDown ransomware variant that appends the .cantopen extension.
Sure enough, we updated our ransomware numbers a few times throughout 2021, reflecting new payments we hadn’t identified previously. As of January 2022, we’ve now identified just over $692 million in 2020 ransomware payments — nearly double the amount we initially identified at the time of writing last year’s report.
As a result of hunting for the SugarLocker ransomware, it is presumed that the operator has been producing SugarLocker ransomware since at least early 2021. It seems that ransomware has actually been distributed since the second half of last year, but no attack cases have been confirmed so far. They do not operate a data leak site, and it seems that the ransomware name has been changed recently, so it does not appear to be active yet.
PCrisk found new STOP Ransomware variants that append the .ckae and .eucy extensions.
Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data. In this paper, we analyzed Hive ransomware, which appeared in June 2021. Hive ransomware has caused immense harm, leading the FBI to issue an alert about it. To minimize the damage caused by Hive Ransomware and to help victims recover their files, we analyzed Hive Ransomware and studied recovery methods. By analyzing the encryption process of Hive ransomware, we confirmed that vulnerabilities exist by using their own encryption algorithm. We have recovered the master key for generating the file encryption key partially, to enable the decryption of data encrypted by Hive ransomware. We recovered 95% of the master key without the attacker's RSA private key and decrypted the actual infected data. To the best of our knowledge, this is the first successful attempt at decrypting Hive ransomware. It is expected that our method can be used to reduce the damage caused by Hive ransomware.
While a very interesting read on decrypting ransomware, Michael Gillespie says that it may not be a practical method to decrypt files encrypted by Hive.
After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware.
Amigo-A found a a new ransomware dubbed MonaLisa that appends the .barrel or .nekochan extensions and drops ransom notes named info.txt or info.hta.