Tag: Ransomware

Tortilla (Babuk) Ransomware Decryptor Available

Cisco Talos and Avast Threat Labs elaborated a decryptor for Tortilla ransomware

On January 9, 2024, Avast and Cisco Talos announced the release of a free decryptor for one of the Babuk ransomware variants – Tortilla. Analysts ensure that all the victims of the said threat actor can use the decryptor to get their files back. That is the second ransomware strain to get the decryptor in… Continue reading Tortilla (Babuk) Ransomware Decryptor Available

Black Basta Ransomware Free Decryptor Available

It is now possible to decrypt Black Basta ransomware, specifically its variants from November 2022 to December 2023

SRLabs researchers published a free decryptor for BlackBasta ransomware. They discovered the vulnerability in the way malware handles the encryption process and found the way to recover the encryption key and get the files back. The decryptor is called Black Basta Buster and is available for free on the devs’ GitHub page. Black Basta Decryptor… Continue reading Black Basta Ransomware Free Decryptor Available

What are Remote Encryption Attacks? Explanation & Mitigation

Hackers found a straightforward yet effective way to circumnavigate the security

The digital world is seeing a surge in remote encryption attacks – a sophisticated ransomware attack. Although there is nothing new in this technology, it looks like a YouTube video uploaded ten years ago that is gaining recommendations just now. In this article, we’ll look at the intricacies, evolution, and effective countermeasures of these attacks.… Continue reading What are Remote Encryption Attacks? Explanation & Mitigation

ALPHV Site Taken Down by the FBI

One of ALPHV group's sites are taken down by the FBI

On December 19, 2023, one of the ALPHV/BlackCat ransomware sites was taken down by the FBI. The typical FBI banner now decorates its main, while other sites of the cybercrime gang are still online. This event is possibly related to the 5-day downtime of all the gang’s Darknet infrastructure a week ago. ALPHV/BlackCat Ransomware Site… Continue reading ALPHV Site Taken Down by the FBI

KraftHeinz Hacked by Snatch Ransomware Gang

It seems the season of ransomware attacks is currently in swing.

The global food and beverage company KraftHeinz became a target of an infamous Snatch ransomware gang. Hackers listed the company on its Darknet leak site. This is yet another hack of a food industry company throughout the last time. KraftHeinz Hacked by Snatch Ransomware On December 13th, the Snatch ransomware gang listed KraftHeinz on their… Continue reading KraftHeinz Hacked by Snatch Ransomware Gang

Cactus Ransomware Attacks – Microsoft Alerts

Hear this out loud Microsoft warns of Cactus ransomware actors using malvertising to infect victims

Microsoft has raised the alarm about a growing wave of ransomware attacks utilizing malvertising tactics to spread Cactus ransomware. The sophisticated malware campaign hinges on deploying DanaBot as an initial access vector, orchestrated by the ransomware operator Storm-0216, also known as Twisted Spider or UNC2198. Cactus Ransomware Deployed by DanaBot Microsoft’s Threat Intelligence team has… Continue reading Cactus Ransomware Attacks – Microsoft Alerts

Qilin Ransomware Focuses on VMware ESXi Servers

Linux users are tense. Using a virtualized environment does not guarantee 100% protection against ransomware.

In a disturbing development, security researchers have uncovered a Linux version of the Qilin ransomware gang’s encryptor, specifically tailored to target VMware ESXi servers. This encryptor is one of the most advanced and customizable Linux encryptors observed. Qilin Targets VMware ESXi Today, more and more businesses are adopting virtualization technologies for server hosting. For example,… Continue reading Qilin Ransomware Focuses on VMware ESXi Servers

Henry Schein was hacked twice by BlackCat ransomware

Healthcare company Henry Schein is restoring systems after a ransomware group re-encrypted files during negotiations.

Henry Schein Global, a healthcare solutions provider, faced a persistent cybersecurity nightmare. The BlackCat/ALPHV ransomware gang is launching a second wave of attacks, claiming to have re-encrypted files after stalled negotiations. The company, headquartered in Melville, New York, is restoring systems. It happened after the cybercrime group took credit for an initial breach on October… Continue reading Henry Schein was hacked twice by BlackCat ransomware

Ethyrial: Echoes of Yore Ransomware Attack Wiped Player Accounts

A rare occasion of ransomware attack on a game developer led to the wipe of player accounts

“Ethyrial: Echoes of Yore” fell victim to a ransomware attack last Friday. The attack hit 17,000 player accounts, wiping them – a yet unseen outcome of a ransomware attack. Ransomware encrypted main server “Ethyrial: Echoes of Yore” On October 19, 2023, ransomware actors successfully attacked the main server of the Ethyrial: Echoes of Yore game.… Continue reading Ethyrial: Echoes of Yore Ransomware Attack Wiped Player Accounts

Dharma Ransomware Criminals Captured in Ukraine, Europol Reports

Another successful operation of law enforcement lead to the detainment of the Dharma ransomware group leader

On November 28, 2023, Europol claimed successful detainment of ransomware operators, particularly related to Dharma and Hive ransomware. The operation took place in 4 Ukrainian cities, and is most likely a continuation of a similar operation from 2021. Dharma Ransomware Actors Detained in Ukraine In the statement on the official website, Europol claimed searches in… Continue reading Dharma Ransomware Criminals Captured in Ukraine, Europol Reports