In March 2022, the source codes of the Conti malware were made public, and now, apparently, other hackers are starting to use them, turning the ransomware against Russian authorities and companies. Let me remind you that this story began back in February 2022, when an anonymous information security researcher who had access to the infrastructure… Continue reading Leaked Conti ransomware source codes were used to attack Russian authorities
Tag: Ransomware
Hydra Market Shut Down by the German Authorities
The United States, together with its European allies, has managed to get Hydra market shut down. Servers of this shop, a Russian-language darknet platform, were reported on Tuesday, April 5, 2022, to be seized by German authorities. The marketplace used to be a place to mainly trade illegal drugs and documents, mix cryptocurrency, and exchange… Continue reading Hydra Market Shut Down by the German Authorities
Researchers found a Hive ransomware master key via cryptographic vulnerability
A group of South Korean researchers from Kunming University published a report detailing how they found the Hive ransomware master key and a method to recover files encrypted with it. With the help of a cryptographic vulnerability, experts were able to recover the master key of the malware used to create encryption keys. Hive uses… Continue reading Researchers found a Hive ransomware master key via cryptographic vulnerability
Decryption keys for Maze, Egregor and Sekhmet ransomware were posted on the Bleeping Computer forum
The Bleeping Computer forum published master keys for decrypting data affected by Maze, Egregor and Sekhmet ransomware attacks. Apparently, the keys were “leaked” by one of the developers of the malware. Journalists remind that the Maze ransomware has been active since May 2019 and quickly gained wide popularity, as its operators first came up with… Continue reading Decryption keys for Maze, Egregor and Sekhmet ransomware were posted on the Bleeping Computer forum
Experts linked BlackCat (ALPHV) ransomware to BlackMatter and DarkSide groups
A Recorded Future analyst interviewed a member of the hack group behind the BlackCat (ALPHV) ransomware, who confirmed that ALPHV is linked to notorious groups such as BlackMatter and DarkSide. Let me remind you that the unusual ransomware ALPHV (aka BlackCat and BC.a Noberus) written in Rust was discovered by researchers at the end of… Continue reading Experts linked BlackCat (ALPHV) ransomware to BlackMatter and DarkSide groups
The FBI believes that the HelloKitty cryptor is controlled by operators from Ukraine
A medical organization from Oregon, which recently reported a breach and data leak, accidentally made it clear that, according to the FBI, HelloKitty (FiveHands) malware is controlled by operators from the territory of Ukraine. As a rule, law enforcement agencies do not disclose the collected information about hacker groups while the process of gathering evidence,… Continue reading The FBI believes that the HelloKitty cryptor is controlled by operators from Ukraine
US Cyber Command confirms cyberattacks against ransomware
The United States Cyber Command has publicly recognized the use of offensive actions (cyberattacks) in order to neutralize cybercriminal groups that attacked American companies using ransomware programs. The Head of Cyber Command and director of the National Security Agency Paul Nakasone, in an interview with the New York Times, declined to elaborate on exactly what… Continue reading US Cyber Command confirms cyberattacks against ransomware
Clop ransomware exploits vulnerability in SolarWinds Serv-U
The NCC Group warns of a spike of Clop ransomware attacks (hack group also known as TA505 and FIN11), which exploits a vulnerability in SolarWinds Serv-U. Most of them start off by exploiting the CVE-2021-35211 bug in Serv-U Managed File Transfer and Serv-U Secure FTP. This issue allows a remote attacker to execute commands with… Continue reading Clop ransomware exploits vulnerability in SolarWinds Serv-U
US authorities arrest Kaseya hacker and attacker associated with REvil and GandCrab
Law enforcement agencies, as well as European and American authorities, have taken up the fight against ransomware in earnest and the other day they arrested a Kaseya hacker. However, over the past few days, several important events have taken place at once. Operation Cyclone, which was carried out by Interpol, the law enforcement agencies of… Continue reading US authorities arrest Kaseya hacker and attacker associated with REvil and GandCrab
Operators of the BlackMatter ransomware announced the termination of activity
The hackers behind the BlackMatter ransomware the termination of activity experiencing pressure from local authorities. The group announced it was “shutting down” on November 1, 2021, in the backend part of its darknet site, which is usually used by attackers’ partners. Representatives of the group did not explain what kind of pressure they are talking… Continue reading Operators of the BlackMatter ransomware announced the termination of activity