ransomware

Boeing entered the top leaders, but does the company need such a rating? In October 2023, Boeing became a victim of the LockBit ransomware program. This week, the company reported that the attackers demanded a ransom of $200 million. Boeing confirmed to the CyberScoop news portal that it is...

Is this a real revelation or another deception? Intelligence agencies revived the seized LockBit website to announce new information disclosed by law enforcement agencies. After the large-scale operation Kronos, law enforcement agencies shut down the LockBit infrastructure and transformed one...

The malicious campaign demonstrates hackers desire for covert management of infected systems. Cybersecurity experts from the ASEC identified a series of advanced cyber attacks targeting Microsoft SQL (MS-SQL) servers. A group of attackers known as TargetCompany uses the Mallox ransomware virus...

The LockBit 3.0 ransomware builder, leaked in 2022, became the basis for many modifications that have already appeared on the market. As Kaspersky Lab researchers found out (https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/), some of the attacks using modifications were...

Why are companies paying less and less ransom? Are hackers losing their grip? In the first quarter of 2024, the share of companies that agreed to pay a ransom to attackers reached a record low of 28%. This data was provided by Coveware, a cybersecurity company. The comparison with the fourth...

This is a rare case when the public will take the side of cybercriminals. Cybersecurity researchers have discovered an unusual malware campaign targeting people searching for child pornography online. Instead of extorting money from random victims, as is usually the case, this time the...

Участники угрозы используют не исправленные серверы Atlassian для развертывания Linux-версии Cerber (также известной как C3RB3R)-программы-вымогателя. В атаках используется CVE-2023-22518 (оценка CVSS: 9.1), критическая уязвимость системы безопасности, влияющая на Центр обработки данных...

On March 30, the Chilean division of PowerHost, IxMetro, was the victim of a cyberattack by a new group of SEXI ransomware. As a result of the attack, the company's VMware ESXi servers and data backups were encrypted. PowerHost is a data center, hosting, and internetworking company located in...

The story of hacking and blackmailing a failed hacker. An Idaho man has confessed to hacking into medical clinics and a police station with subsequent extortion. Robert Purbeck, known under the pseudonyms Lifelock and Studmaster, was arrested on charges of cybercrime committed between 2017 and...

The multi-stage execution technique allows you to bypass any protection. Security researchers have discovered a new variant of the StopCrypt ransomware, also known as STOP. This version uses a multi-step execution process using shellcodes to bypass security tools, making the malware...

How will the latest attempts of hackers to revive their evil empire turn out? Recently, we reported that the infrastructure of the LockBit hacker group, widely known for its ransomware attacks, was eliminated as a result of Operation Kronos, conducted by the British authorities. This event was...

Operators continue to carry out attacks, despite the elimination of their infrastructure. Attackers are actively exploiting the ScreenConnect vulnerability to break into non-updated servers in order to deploy the LockBit ransomware program on compromised networks. The authentication bypass...

Employees of the Ministry of Internal Affairs of Russia, with the support of specialists from F. A. C. C. T., a Russian developer of technologies to combat cybercrime, identified and detained members of the criminal group of SugarLocker ransomware. The attackers worked under the guise of a...

The Netwalker group disappeared from the radar back in 2021, but researchers noticed suspicious similarities while studying other software. Experts have found disturbing links between the recent Alpha ransomware virus and the Netwalker criminal group, which was eliminated several years ago...

What does RansomHouse hackers have to do with creating a new malware? The RansomHouse group, known for its activities in the field of extortion using specialized programs, has developed a new malicious tool called "MrAgent". It is designed to automate the distribution of the data encryptor...

How did researchers from Seoul manage to solve the secret hacker cipher? Cybersecurity experts have discovered an implementation vulnerability in the Rhysida ransomware that allowed them to recover encryption keys and decrypt data blocked by the malware. The discovery was published by a team of...

The malware feels at home in other people's networks, not sparing the data of victims. Cybersecurity researchers have discovered a new variant of the Phobos ransomware family, called Faust. A report on the latest iteration of the virus was published by FortiGuard Labs researchers from Fortinet...

Which companies pay the buyout first and how much are they willing to pay? A new study by Dutch specialist Tom Moers from the University of Twente has identified factors that affect the likelihood that victims of ransomware will pay ransom to attackers. For the analysis, data from the Dutch...

Southern Water's actions will show how reliable the updated cryptographer is. A major British firm, Southern Water, responsible for water supply and sanitation in the south of England, including the counties of Hampshire, the Isle of Wight, West and East Sussex, as well as parts of Kent, was...

75% of organizations have been affected by at least one ransomware attack in the last 12 months. According to Veeam's Data Protection Trends report, three-quarters (75%) of organizations were affected by at least one ransomware attack in the past year. A survey was conducted among managers and...