Experts from the Palo Alto Network analysed the Ransom Cartel hacker group’s ransomware and believe that it is very similar to the REvil malware. Although there is no conclusive evidence of a connection between these groups, researchers believe that former members of REvil could have founded the Ransom Cartel. Let me remind you that REvil… Continue reading Researchers Linked Ransom Cartel members to Famous Hack Group REvil
Tag: Ransomware
Police Swindle Decryption Keys from DeadBolt Ransomware Gang
The Dutch National Police, together with information security specialists from RespondersNU, tricked the operators of the DeadBolt encryptor into giving them 155 keys to decrypt data. For this, the experts had to fake payments of ransoms. Let me remind you that the DeadBolt ransomware has been active since the beginning of 2022 and attacks NAS… Continue reading Police Swindle Decryption Keys from DeadBolt Ransomware Gang
Another 0-Day Bug Was Found in Microsoft Exchange, and LockBit Ransomware Operators Are Exploiting It
Although Microsoft still hasn’t fixed the ProxyNotShell vulnerabilities found in Exchange last month, the company is now investigating a report of a new 0-day bug that is being used to compromise Exchange servers. Hackers are exploiting this bug to deploy the LockBit ransomware. Let me remind you that we also wrote that ProxyToken Vulnerability Allows… Continue reading Another 0-Day Bug Was Found in Microsoft Exchange, and LockBit Ransomware Operators Are Exploiting It
Ferrari Has So Far Denied If It Attacked by Ransomware
Sports and racing car maker Ferrari persistently denies it was ransacked. At the same time, the RansomEXX hack group added the automaker to the list of its victims and claims to have stolen 7 GB of data from Ferrari. Let me remind you that we also talked about 13 Problems Threat to Medical Devices, Automobiles… Continue reading Ferrari Has So Far Denied If It Attacked by Ransomware
Fargo Ransomware aims at vulnerable Microsoft SQL servers
Ransomware rarely chooses the sole type of targets for their attacks. They roam from attacks on small coffee shops to strikes on governmental organisations, with the corresponding adaptations to their software. However, all classic handbooks about offensive operations state that it is important to find a vulnerability of a target and exploit it. Such a… Continue reading Fargo Ransomware aims at vulnerable Microsoft SQL servers
Hack Group Bl00Dy Is Already Using Leaked LockBit Builder
Researchers have discovered that the young ransomware group Bl00Dy is already using in its attacks the LockBit builder, which leaked to the network last week. Let me remind you that the builder of the well-known encryptor LockBit was published in the public domain about a week ago. It is assumed that the LockBit 3.0 builder… Continue reading Hack Group Bl00Dy Is Already Using Leaked LockBit Builder
LockBit 3.0 Builder leaked to the public
On September 21, 2022, a new Twitter user Ali Qushji published what is supposed to be a LockBit Ransomware builder. According to what the user says, this application is for LockBit 3.0 ransomware – the latest version of malware used by these cybercriminals. The exact user pretends to be an anonymous hacker who breached LockBit… Continue reading LockBit 3.0 Builder leaked to the public
Lorenz Ransomware Penetrates Company Networks through Mitel VoIP Products
Security firm Arctic Wolf has warned that Lorenz ransomware is exploiting a critical vulnerability in Mitel MiVoice VoIP devices to infiltrate corporate networks. Let me remind you that we also wrote that Ransomware publishes data stolen from Cisco. Lorenz has been active since at least 2021 and is engaged in the usual double extortion: not… Continue reading Lorenz Ransomware Penetrates Company Networks through Mitel VoIP Products
Ransomware publishes data stolen from Cisco
The Yanluowang hack group published data stolen from Cisco back in May 2022. Cisco representatives acknowledged that the data leak took place, but still insist that the incident did not affect the company’s business in any way. Let me remind you that last month, Cisco representatives confirmed that back in May, the company’s corporate network… Continue reading Ransomware publishes data stolen from Cisco
Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses
Trend Micro experts have discovered that hackers are abusing the system anti-cheat driver of the popular game Genshin Impact to disable anti-virus software during ransomware attacks. Mhypro2.sys gives access to the memory of any process and kernel, and is also able to terminate processes with the highest privileges. Let me remind you that we also… Continue reading Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses