Zephyrnet Logo

Tag: ransomware strain

Top News

Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks

Organizations using older versions of VMWare ESXi hypervisors are learning a hard lesson about staying up-to-date with vulnerability patching, as a global ransomware attack on...

Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread

A global ransomware attack on VMware ESXi hypervisors is expanding, according to multiple government agencies and researchers, having already infected thousands of targets. The...

Ransomware Profits Decline as Victims Dig In, Refuse to Pay

In another sign that the tide may be finally turning against ransomware actors, ransom payments declined substantially in 2022 as more victims refused to...

Ransomware Attackers Bypass Microsoft’s ProxyNotShell Mitigations With Fresh Exploit

The operators of a ransomware strain called Play have developed a new exploit chain for a critical remote code execution (RCE) vulnerability in Exchange...

Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response

Threat actors have focused on two ends of the spectrum — quick, impactful attacks or stealthy intrusions — making strong prevention and faster response more important for enterprises.

Anonymous set for cyberwar with Bitcoin-powered Russian hacker crew

Hacktivist collective Anonymous has joined the global majority in backing Ukraine. Russian ransomware hackers are ready to strike back.

The post Anonymous set for cyberwar with Bitcoin-powered Russian hacker crew appeared first on Protos.

Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks

The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. In addition to cautioning of the "threat of an increase in the intensity of computer attacks," Russia's National Computer Incident Response and Coordination Center said that the "attacks can be aimed at disrupting

Dridex Malware Deploying Entropy Ransomware on Hacked Computers

Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API calls),

Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm

Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's private key, by using a cryptographic vulnerability identified through analysis," a group of academics

Ransomware Attacks Grew To $602 Million In 2021, Report

A blockchain research firm, Chainalysis, revealed crypto-ransomware attacks of 2021 racked up $602 million in Bitcoin and other currencies, and that figure could be even higher. In addition, the report pronounced a Russian-based hacker group named Conti as the most active and largest group of hackers by revenue last year. The analysis firm expressed that they have counted for all of it yet, and the figure of stolen money may be even more extensive, rising as high as $1 billion. Related Reading | Over $5 Billion In BTC Paid In Top 10 Ransomware Variants, Says U.S. Treasury In a Chainalysis preview report of 2022, the firm has confirmed the rapid growth in ransomware crimes. It explained that its initial estimate (that’s still an underestimate) of $350 million has jumped to $692 million.   Chainalysis stated, In fact, despite these numbers, anecdotal evidence, plus the fact that ransomware revenue in the first half of 2021 exceeded that of the first half of 2020, suggests to us that 2021 will eventually be revealed to have been an even bigger year for ransomware. The firm explained that ransomware attacks, pretty much like computer viruses, are dangerous and ever-changing too, so they can easily avoid law enforcement and updated security measures in a system. Ransomware Attacks: 2020 VS 2021 Similarly, the average payout of ransomware rose to $118,000 in 2021, up 26% compared to its previous $88,000 in 2020. The most significant cause behind the higher increase of these numbers per the Chainalysis is a ‘big game hunting strategy. Ransomware strains have been employed in it increasingly to target big corporations for ransomware. The number of most active strains in 2021 also has broken all its previous records with 140 groups that received cryptocurrencies. It is up 21 from 2020’s figure and 61 from 2019. Conti Group Becomes The Biggest Strain Of 2021’s Ransomware Attacks The recorded ransomware payments of 2019 stand at $152 million and only $39 million in 2018. In contrast, the last year’s figure has increased dramatically. As a result, the Russian-based hacker group ‘Conti’ is the biggest strain by revenue, per the Chainalysis. Last year, the Russia-based hacker group Conti became one of the ransomware’s most active and profitable strains. The Conti Group has extorted nearly $200 million from their victims in Bitcoin and Monero. The group uses the ransomware-as-a-service (RaaS) model as the key and believes in sharing its program with affiliates to exchange a fee. Another ransomware strain named ‘DarkSide’ who previously marked the historic attack on U.S Colonial Pipeline, which resulted in petroleum shortage, came in second to Conti. DarkSide asked the company to pay them $5 million in Bitcoin at the hack time. Additionally, it nearly fetched over $75 million through the course of a year in similar hacks. Related Reading | The US Offers A $10M Reward For Information On DarkSide Ransomware Group Chainalysis found Conti to be the only active strain throughout this past year. At the same time, most others “Wavered in and out like a wave going up then down.” Featured image by Pixabay and chart from Tradingview.com

Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's

QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices

Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to the latest

Latest Intelligence

spot_img
spot_img