A decryptor for a Donex ransomware, also known under the name of Muse, DarkRace and LockBit 3.0, has been released by Avast specialists. They used a flaw in the cipher known for almost half a year to help with decryption privately, and now make the decryptor tool available to everyone. This is yet another ransomware… Continue reading Donex, DarkRace, fake LockBit 3.0 and Muse Ransomware Decryptor Released
Tag: Ransomware
How can an attacker execute malware through a script?
Over the last four years, the share of script-based attacks of malware offenses worldwide has grown so drastically that it raised alerts among security specialists and ordinary users. In this post, we shall regard script-based malware, assess its strengths and weaknesses, explain how the attacks happen, and suggest measures to maintain security in your workgroup.… Continue reading How can an attacker execute malware through a script?
Trojan:Win32/Cerber
Trojan:Win32/Cerber is a detection name that Microsoft Defender uses to flag ransomware. Its name was once associated with a specific malware family, but as it ceased its activity, this name has been used for a wide range of ransomware samples. It is common to see this malware type in attacks on corporations, though all of… Continue reading Trojan:Win32/Cerber
New Embargo Ransomware Discovered, Possible ALPHV Reborn
A new strain of ransomware, named Embargo, written in Rust, recently surfaced along with its Darknet infrastructure. It uses double extortion tactics and is very reminiscent of a recently seized ALPHV group. The novice gang already boasts of 4 victims from different countries. Embargo Ransomware Discovered, Coded in Rust In May 2024, cybersecurity researchers discovered… Continue reading New Embargo Ransomware Discovered, Possible ALPHV Reborn
New Red Ransomware Group Discovered
In March 2024, threat analysts detected a new ransomware group, called Red Ransomware. The group, which began its activities during the waning days of prominent groups such as Lockbit and ALPHV, has quickly established a presence in cyberspace. Who is Red Ransomware? Red Ransomware, also known as Red CryptoApp, first revealed itself on March 5,… Continue reading New Red Ransomware Group Discovered
Hunt Ransomware ([email protected])
Hunt ransomware is a new sample of the Dharma/CrySis ransomware family that appeared on April 5, 2024. This malware aims at encrypting the files and asking a ransom payment for their decryption. It unselectively targets both home users and corporations, correcting the ransom depending on the target. Jakub Kroustek was the first to discover this… Continue reading Hunt Ransomware ([email protected])
UnitedHealth Hack Leaks 6 TB of User Data
UnitedHealth Group, one of the largest providers of health insurance and health care services in the United States, suffered a cyberattack with the following data breach. The company admitted that the personal data of millions of patients was “stolen” in a cyberattack. This incident is already being called one of the largest in healthcare history.… Continue reading UnitedHealth Hack Leaks 6 TB of User Data
BianLian Exploits TeamCity Vulnerability to Deploy Backdoors
BianLian, a group of cybercriminals known for their ransomware attacks, recently caught the attention of the information security community. By exploiting vulnerabilities in the JetBrains TeamCity platform, they managed to carry out multistage cyberattacks. Threat actors reportedly start their attack chain with a Golang-based backdoor, and work their way all the way to the ransomware… Continue reading BianLian Exploits TeamCity Vulnerability to Deploy Backdoors
ALPHV Ransomware Shut Down, Exit Scam Supposed
On March 5, 2024, ALPHV/BlackCat ransomware claimed its shutdown, “due to the FBI takeover”. Despite the actions from law enforcement really happening to this gang before, there are quite a few signs of this being a false claim. Analysts suppose that ALPHV admins are just trying to pull an exit scam. ALPHV/BlackCat Ransomware Shuts Down… Continue reading ALPHV Ransomware Shut Down, Exit Scam Supposed
LockBit is Back With New Claims and Victims
The story around LockBit ransomware takedown on February 19 continues to unfold. After almost a week of downtime and silence, the infamous gang is back online on a new Onion domain, boasting new hacks. To top it all off, an infamous LockBitSupp released a lengthy statement about what happened and what’s next. LockBit Ransomware is… Continue reading LockBit is Back With New Claims and Victims