Over the last four years, the share of script-based attacks of malware offenses worldwide has grown so drastically that it raised alerts among security specialists and ordinary users. In this post, we shall regard script-based malware, assess its strengths and weaknesses, explain how the attacks happen, and suggest measures to maintain security in your workgroup.… Continue reading Script-Based Malware
Tag: Ransomware
Hunt Ransomware ([email protected])
Hunt ransomware is a new sample of the Dharma/CrySis ransomware family that appeared on April 5, 2024. This malware aims at encrypting the files and asking a ransom payment for their decryption. It unselectively targets both home users and corporations, correcting the ransom depending on the target. Jakub Kroustek was the first to discover this… Continue reading Hunt Ransomware ([email protected])
UnitedHealth Hack Leaks 6 TB of User Data
UnitedHealth Group, one of the largest providers of health insurance and health care services in the United States, suffered a cyberattack with the following data breach. The company admitted that the personal data of millions of patients was “stolen” in a cyberattack. This incident is already being called one of the largest in healthcare history.… Continue reading UnitedHealth Hack Leaks 6 TB of User Data
BianLian Exploits TeamCity Vulnerability to Deploy Backdoors
BianLian, a group of cybercriminals known for their ransomware attacks, recently caught the attention of the information security community. By exploiting vulnerabilities in the JetBrains TeamCity platform, they managed to carry out multistage cyberattacks. Threat actors reportedly start their attack chain with a Golang-based backdoor, and work their way all the way to the ransomware… Continue reading BianLian Exploits TeamCity Vulnerability to Deploy Backdoors
ALPHV Ransomware Shut Down, Exit Scam Supposed
On March 5, 2024, ALPHV/BlackCat ransomware claimed its shutdown, “due to the FBI takeover”. Despite the actions from law enforcement really happening to this gang before, there are quite a few signs of this being a false claim. Analysts suppose that ALPHV admins are just trying to pull an exit scam. ALPHV/BlackCat Ransomware Shuts Down… Continue reading ALPHV Ransomware Shut Down, Exit Scam Supposed
LockBit is Back With New Claims and Victims
The story around LockBit ransomware takedown on February 19 continues to unfold. After almost a week of downtime and silence, the infamous gang is back online on a new Onion domain, boasting new hacks. To top it all off, an infamous LockBitSupp released a lengthy statement about what happened and what’s next. LockBit Ransomware is… Continue reading LockBit is Back With New Claims and Victims
MrB Ransomware (.mrB Files) – Analysis & File Decryption
MrB ransomware is a new Dharma ransomware sample, discovered on February 21, 2024. It is distinctive for applying a complex extension to the encrypted files that ends up with “.mrB”. This ransomware primarily attacks small corporations and asks the ransom only for decrypting the files, i.e. it does not practice double extortion. Jakub Kroustek was… Continue reading MrB Ransomware (.mrB Files) – Analysis & File Decryption
LockBit Ransomware Taken Down by NCA
On February 19, 2024, LockBit ransomware was taken down by the UK National Crime Agency in cooperation with a selection of other law enforcement agencies. The banner typical for such takedowns now illustrates all the web assets of LockBit ransomware. There is quite a hope about the possible release of decryption keys and even a… Continue reading LockBit Ransomware Taken Down by NCA
SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal
SYSDF is a ransomware-type program that belongs to the Dharma malware family. Such malicious software aims mainly at small companies, aiming at file encryption with further requests for ransom payment for their decryption. It was originally discovered by Jakub Kroustek on February 16, 2024. What is SYSDF Ransomware? SYSDF ransomware is a yet another example… Continue reading SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal
White Phoenix Decryptor by CyberArk Updated With Web Interface
CyberArk has released an online version of a file decryptor. This is a simplified, web version of the “White Phoenix” decryptor, initially available from the source code placed on GitHub. White Phoenix Decryptor by CyberArk Goes Online CyberArk, a public information security company that previously developed White Phoenix decrypter, has recently published a simplified web… Continue reading White Phoenix Decryptor by CyberArk Updated With Web Interface