ransomware

Pierluigi Paganini January 15, 2022
One of the REvil members arrested by FSB was behind Colonial Pipeline attack

A senior Biden administration official said that the one of the Russian hacker arrested by FSB was behind the Colonial Pipeline attack. Yesterday, the Russian Federal Security Service (FSB) announced to have dismantled the REvil ransomware operation and arrested 14 alleged members of the gang. The group that is behind a long string of attacks […]

Pierluigi Paganini January 11, 2022
Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and […]

Pierluigi Paganini January 11, 2022
AvosLocker ransomware now targets Linux systems, including ESXi servers

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. “While we couldn’t find what targets were attacked using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one […]

Pierluigi Paganini January 07, 2022
FIN7 group continues to target US companies with BadUSB devices

The Federal Bureau of Investigation (FBI) warns US companies that the FIN7 cybercriminals group is targeting the US defense industry with BadUSB devices. The US Federal Bureau of Investigation issued a flash alert to warn that the financially motivated group FIN7 has sent malicious USB devices, BadUSB devices, to US companies over the past few […]

Pierluigi Paganini January 07, 2022
How to secure QNAP NAS devices? The vendor’s instructions

QNAP is warning customers of ransomware attacks targeting network-attached storage (NAS) devices exposed online. Taiwanese vendor QNAP has warned customers to secure network-attached storage (NAS) exposed online from ransomware and brute-force attacks. “Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the […]

Pierluigi Paganini January 07, 2022
Night Sky, a new ransomware operation in the threat landscape

Researchers warn of a new ransomware family, called ‘Night Sky,’ that uses a double-extortion model in attacks again businesses. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. Once encrypted a file, the ransomware appends the ‘.nightsky‘ extension to encrypted file names. The […]

Pierluigi Paganini December 28, 2021
Shutterfly hit by a Conti ransomware attack

Shutterfly, an online platform for photography and personalized products, has been affected by a ransomware attack. Shutterfly, is American photography, photography products, and image sharing company that owns multiple brands such as BorrowLenses, GrooveBook, Lifetouch, Shutterfly, Snapfish, Spoonflower, and Tiny Prints. The service allows users to create personalized photo gifts such as smartphone cases, photo books, wall art, and […]

Pierluigi Paganini December 22, 2021
PYSA ransomware gang is the most active group in November

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs. Experts observed a 400% […]

Pierluigi Paganini December 19, 2021
TellYouThePass ransomware resurges and exploits Log4Shell in recent attacks

The TellYouThePass ransomware resurged and exploits the Apache Log4j flaw (Log4Shell) to target both Linux and Windows systems. Researchers from KnownSec 404 Team and Sangfor Threat Intelligence Team reported that the TellYouThePass ransomware resurged and is exploiting the Apache Log4j CVE-2021-44228 flaw to target both Linux and Windows systems. “On December 13, Sangfor’s terminal security […]

Pierluigi Paganini December 14, 2021
Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability (CVE-2021-44228) to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw […]