Information security specialists noticed that at the end of last week, the funds of the DarkSide hack group began to move: the attackers hastily moved about $7 million to other wallets. Moreover, with each new transaction, a smaller amount is transferred, which makes it difficult to track money. CEO and co-founder of Profero first noticed… Continue reading After REvil shut down, members of the hack group DarkSide hastily moved $7 million
Tag: Ransomware
Media said that the REvil sites were hacked by law enforcement agencies
Reuters reports that the recent shutdown of the REvil hack group was due to hack of hacker’s sites by law enforcement agencies. Let me remind you that earlier this week the operations of the ransomware REvil were again suspended, as an unknown person hacked the group’s website, through which hackers accepted payments from victims and… Continue reading Media said that the REvil sites were hacked by law enforcement agencies
VirusTotal said that almost 95% of ransomware target Windows
VirusTotal specialists presented a large report on the recent ransomware activity and said that almost 95% of ransomware targets Windows. To do this, experts analyzed 80 million samples of ransomware. It turned out that in 2020 and the first half of 2021, a total of 130 different ransomware families were detected, and Israel, South Korea,… Continue reading VirusTotal said that almost 95% of ransomware target Windows
Free decryptor for BlackByte ransomware published
Experts from Trustwave have released a free decryptor utility for victims of the BlackByte ransomware that they can use to recover damaged files. The decryptor already available on GitHub works thanks to the exploitation of a bug in the ransomware code. The researchers published a detailed technical analysis of the malware in two parts, in… Continue reading Free decryptor for BlackByte ransomware published
REvil ransomware stopped working again, now after hacking sites
The REvil encryptor stopped working again – all operations were stopped, as an unknown person hacked the group’s website, through which hackers accepted payments from victims and “leaked” data stolen from companies. Bleeping Computer reports that all Tor sites of the group have been disabled, and a representative of REvil posted a message on the… Continue reading REvil ransomware stopped working again, now after hacking sites
Hack group REvil deceived their partners due to a backdoor
The researchers found that the creators of REvil deceived their partners using a scheme that allowed them to decrypt any systems blocked by the ransomware and take the entire ransom for themselves. Their partners ended up with nothing. Let me remind you that REvil (aka Sodinokibi) has existed since 2019 and is considered to be… Continue reading Hack group REvil deceived their partners due to a backdoor
FBI Kept Secret Key To Decrypt Data After REvil Attacks
Journalists of The Washington Post found out how the FBI obtained the key to decrypt the data, which was affected in the attacks of the REvil ransomware. First, should be recalled that the background of what is happening: last week Bitdefender published a universal utility for decrypting files affected by the attacks of the ransomware… Continue reading FBI Kept Secret Key To Decrypt Data After REvil Attacks
BlackMatter ransomware attacked American farmers from NEW Cooperative
The BlackMatter ransomware attacked the American farmers organization NEW Cooperative, which produces feed and grain, as well as works in the fields of agronomy, energy and software for farmers. The hackers demanded $5.9 million for the decryptor, and said the amount would rise to $ 11.8 million if the ransom was not paid within five… Continue reading BlackMatter ransomware attacked American farmers from NEW Cooperative
REvil ransomware resumed attacks
Last week, the infrastructure of REvil (Sodinokibi) returned online after months of downtime, and now the ransomware has resumed attacks. The fact is that in July 2021, the hack group went offline without giving any reason. Then it was a question of shutting down an entire network of conventional and darknet sites that were used… Continue reading REvil ransomware resumed attacks
Servers of the hack group REvil are back online
In July 2021, the infrastructure of REvil (Sodinokibi) was turned off without explanation, but now the information security specialists have noticed that the REvil servers are back online. It was about a whole network of conventional and darknet sites that were used to negotiate a ransom, leak data stolen from victims, as well as the… Continue reading Servers of the hack group REvil are back online