ransomware Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber Attack

Gurubaran — Mon, 04 Nov 2024 11:58:04 +0000

The “You Dun” hacking group exploited vulnerable Zhiyuan OA software using SQL injection, leveraging tools like WebLogicScan, Vulmap, and Xray for reconnaissance. They further escalated privileges on compromised hosts with tools like traitor and CDK. Active Cobalt Strike server leaked, revealing its use in various cyberattacks, including ransomware deployment (LockBit 3) and data theft. The […]

The post A Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Embargo Ransomware Actors Abuses Safe Mode To Disable Security Solutions

Aman Mishra — Mon, 04 Nov 2024 11:50:52 +0000

In July 2024, the ransomware group Embargo targeted US companies using the malicious loader MDeployer and EDR killer MS4Killer. MDeployer deployed MS4Killer, which disabled security products, before executing the Embargo ransomware. The ransomware encrypted files with a random six-letter extension and dropped a ransom note, while Embargo, operating as a RaaS provider, used double extortion […]

The post Embargo Ransomware Actors Abuses Safe Mode To Disable Security Solutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Dark Angels Ransomware Attacking Windows And Linux/ESXi Systems

Aman Mishra — Wed, 09 Oct 2024 11:15:23 +0000

The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial ransom payments by employing third-party ransomware payloads like Babuk, RTM Locker, and RagnarLocker to encrypt files on Windows and Linux systems. It employs ransomware in a strategic manner, taking into account the potential impact of file encryption, in order to minimize […]

The post Dark Angels Ransomware Attacking Windows And Linux/ESXi Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

Divya — Fri, 04 Oct 2024 08:51:31 +0000

A new ransomware campaign targeting individuals and organizations in the UK and the US has been identified. The attack, known as the “Prince Ransomware,” utilizes a phishing scam that impersonates the British postal carrier Royal Mail. This campaign highlights the growing sophistication of cyber threats and the need for heightened vigilance among internet users. The […]

The post Prince Ransomware Hits UK and US via Royal Mail Phishing Scam appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New Mallox Ransomware Linux Variant Attacking Enterprise Linux Servers

Gurubaran — Thu, 26 Sep 2024 09:00:15 +0000

Kryptina RaaS, a free and open-source RaaS platform for Linux, initially struggled to attract attention. Still, after a Mallox affiliate’s staging server was leaked in May 2024, Kryptina’s modified version, branded Mallox v1.0, gained prominence. The research examines the data exposed in the leak, highlighting differences between the original Kryptina RaaS (v2.2) and Mallox v1.0 […]

The post New Mallox Ransomware Linux Variant Attacking Enterprise Linux Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TWELVE Threat Attacks Windows To Encrypt Then Deleting Victims’ Data

Gurubaran — Thu, 26 Sep 2024 08:48:31 +0000

The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations. It encrypts and deletes victim data, exfiltrates sensitive information, and aims to inflict maximum damage on critical assets. The threat actor likely scans IP address ranges in Russia to identify VPN servers and applications accessible from the internet that could serve […]

The post TWELVE Threat Attacks Windows To Encrypt Then Deleting Victims’ Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kansas County Ransomware Attack Exposed Nearly 30,000 Residents’ Sensitive Data

Divya — Wed, 25 Sep 2024 07:11:13 +0000

Franklin County, Kansas, has fallen victim to a ransomware attack that compromised the sensitive data of nearly 30,000 residents. The breach occurred on May 19, 2024, and was not discovered until August 29, 2024. According to a report submitted by Matthew Meade, an attorney with Eckert Seamans Cherin & Mellott and legal counsel for Franklin […]

The post Kansas County Ransomware Attack Exposed Nearly 30,000 Residents’ Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ransomware Groups Abusing Azure Storage Explorer For Stealing Data

Aman Mishra — Wed, 18 Sep 2024 14:14:17 +0000

Ransomware attackers are increasingly exfiltrating data using tools like MEGAsync and Rclone. Shellbags analysis by modePUSH reveals their navigation of directories and file shares to find sensitive data. Despite exfiltrating large amounts of data, attackers prioritize valuable and protected information. The BianLian and Rhysida ransomware groups have been using Azure Storage Explorer to extract data […]

The post Ransomware Groups Abusing Azure Storage Explorer For Stealing Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Key Russian Hacker Group Attacking Users With .NET Built Ransomware

Aman Mishra — Tue, 17 Sep 2024 08:27:43 +0000

The Russian ransomware group Key Group, active since early 2023, is targeting organizations globally, as their modus operandi involves encrypting files and stealing data before demanding ransom via Telegram. The group utilizes the .NET-based Chaos ransomware builder to create their malware, which poses a significant risk to organizations worldwide due to the potential for data […]

The post Key Russian Hacker Group Attacking Users With .NET Built Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CosmicBeetle Exploiting Old Vulnerabilities To Attacks SMBs All Over The World

Varshini — Thu, 12 Sep 2024 12:38:16 +0000

CosmicBeetle, a threat actor specializing in ransomware, has recently replaced its old ransomware, Scarab, with ScRansom, a custom-built ransomware that continues to evolve. The threat actor has been actively targeting SMBs worldwide, exploiting vulnerabilities to gain access to their systems and experimenting with the leaked LockBit builder, attempting to leverage its reputation by impersonating the […]

The post CosmicBeetle Exploiting Old Vulnerabilities To Attacks SMBs All Over The World appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.