A cyber-security firm released a free decryptor for the popular and sophisticated “DarkSide” ransomware, enabling victims to recover encrypted files without having to pay. The following day, DarkSide’s operators posted a press release on their data leak website, stating that they had corrected the flaw that had enabled decryption, and that only three companies may have used the decryptor successfully. They also claimed that threat actors using DarkSide would be compensated USD 600,000 to cover any loss of potential profit. Press releases and ensuring “customer” satisfaction have become commonplace as threat groups adopt a business-like approach to ransomware management. Professionalizing operations is likely to remain a focus for ransomware operators in 2021, to attract new customers and more profits.
Technical analysis of a cyber-threat campaign using the dangerous and widespread “Lokibot” malware has reve...
Most Recent Flipbooks
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.
A configurable, malicious Traffic Direction System (TDS) has been enabling widespread malware attacks.
A years-long reconnaissance campaign against an employee of a US aerospace defense company was discovered and attributed to “TA456”, an Iranian state-backed advanced persistent threat (APT) group.
The new “BlackMatter”, “Haron”, and “El_Cometa” ransomware groups, which surfaced in the past three weeks, bear significant similarities to ransomware groups that disappeared last month
A vulnerability in Kaseya’s virtual system/server administrator (VSA) software has been exploited to deliver the “REvil” ransomware to multiple managed service providers.
The 14th Five Year Plan (FYP) adopted by the People’s Republic of China (PRC) in March 2021 has laid out key areas of focus for the country that are likely to prompt nation-state cyber espionage.
Several Clop members were arrested in association with money laundering, and the officials seized infrastructure the group has used in ransomware attacks globally.
The notorious Russia-based ransomware group “REvil” (aka Sodinokibi) has been blamed for the latest high-profile ransomware attack, on the world’s largest meat supplier.
The latest work of the notorious Russian state-associated “NOBELIUM” threat group is an email phishing campaign against multiple countries and sectors.