LEAK – Page 82 – Cybersecurity News Everyday

Midas Ransomware: Tracing the Evolution of Thanos Ransomware Variants

March 16, 2022 Securonix

Key Takeaways: An in-depth analysis of Midas and trends across other Thanos ransomware variants reveals how ransomware groups shifted tactics in 2021 to:

lower sunk costs by using RaaS builders to reduce development time increase payouts with double extortion tactics by using their own data leak sites extend the length and effectiveness of campaigns to get the highest investment returns by updating payloads and/or rebranding their own ransomware group

Advertised on the darkweb for Ransomware-as-a-Service (RaaS), Thanos ransomware was first identified in February 2020.…

Threat Research

Conti Affiliate Exposed: New Domain Names, IP Addresses and Email…

March 15, 2022 Securonix

A Cobalt Strike Cybercrime Syndicate and the Ransomware Hackers’ Favorite Weapon

On March 9, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service issued an updated alert about the Conti ransomware group, encouraging organizations to review their advisory and apply the recommended mitigations.…

Threat Research

Cyble – Deep Dive Analysis – Pandora Ransomware

March 8, 2022 Securonix

Pandora ransomware came into the spotlight in March 2022 after targeting some high-profile victims on its leak site. The ransomware group announced its first victim on 21 Feb 2022 and has posted around five victims to date.

Figure 1: Pandora ransomware data leak site

During a routine threat hunting exercise, Cyble Research Labs came across the sample for this ransomware.…

Threat Research

New Nokoyawa Ransomware Possibly Related to Hive

February 28, 2022 Securonix

In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their attack chain, from the tools used to the order in which they execute various steps.

Hive, which is one of the more notable ransomware families of 2021, made waves in the latter half of the year after breaching over 300 organizations in just four months — allowing the group to earn what could potentially be millions of US dollars in profit.…

Threat Research

NaturalFreshMall: a Magento Mass Hack

February 2, 2022November 2, 2024 Securonix

More than 350 ecommerce stores infected with malware in a single day.

Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the malware via https://naturalfreshmall[.]com/image/pixel[.]js.

— Sansec (@sansecio) January 25, 2022

Last week Sansec’s Early Breach Detection Network detected a mass breach of over 500 web stores running the Magento 1 ecommerce platform.…

Threat Research

Cybereason vs. Lorenz Ransomware

February 1, 2022November 2, 2024 Securonix

Lorenz is a ransomware strain observed first in February of 2021, and is believed to be a rebranding of the “.sZ40” ransomware that was discovered in October 2020. Lorenz targets organizations worldwide with customized attacks demanding hundreds of thousands of dollars, and even millions in ransom fee. …

Threat Research

StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations

January 24, 2022November 2, 2024 Securonix

Over the past months, the Cybereason Nocturnus Team has been tracking the Iranian hacker group known as Moses Staff. The group was first spotted in October 2021 and claims their motivation is to harm Israeli companies by leaking sensitive, stolen data. …

Threat Research

Watering hole deploys new macOS malware, DazzleSpy, in Asia

January 19, 2022November 2, 2024 Securonix

On November 11th, Google TAG published a blogpost about watering-hole attacks leading to exploits for the Safari web browser running on macOS. ESET researchers had been investigating this campaign the week before that publication, uncovering additional details about the targets and malware used to compromise its victims.…

Threat Research

McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware | McAfee Blog

April 7, 2021November 2, 2024 McAfee

Executive Summary

Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact and revenue, much like we have seen recently with other major ransomware campaigns.

In our analysis, we observed that the attackers had access to the network before the infection and were able to collect specific information in order to orchestrate the attack and have the greatest impact.…

Threat Research

McAfee Defender’s Blog: Cuba Ransomware Campaign | McAfee Blog

April 7, 2021November 2, 2024 McAfee

Cuba Ransomware Overview

Over the past year, we have seen ransomware attackers change the way they have responded to organizations that have either chosen to not pay the ransom or have recovered their data via some other means. At the end of the day, fighting ransomware has resulted in the bad actors’ loss of revenue.…

Info Data Leak

Kaspersky Lab detected a new threat to user data

March 5, 2021January 18, 2025 admin

Kaspersky Lab experts discovered a targeted cyber espionage campaign, where attackers infect computers with malware that collects all recent documents on the victim’s device, archives them and passes them back to them.

The UEFI program is loaded before the operating system and controls all processes at an “early start”.…

Tag: LEAK