Tag: Ransomware Attacks

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern
News

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

Regardless of the file-encrypting malware used, ransomware assaults against VMware ESXi infrastructure follow a well-established pattern, according to recent research. Cybersecurity firm Sygnia stated in a report shared with The Hacker News that virtualization platforms are an essential part of organizational IT infrastructure, but they frequently have built-in misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse. The Israeli business discovered that attacks on virtualization environments follow a similar pattern of events through its incident response work with different ransomware families, including LockBit, HelloKitty, BlackMatter, RedAlert (N13V), Scattered Spider, Akira, Cactus, BlackCat, and Cheerscrypt read mor...
BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks
News

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

The threat actors responsible for the BianLian ransomware have been seen using security holes in JetBrains TeamCity software to carry out their attacks, which are limited to extortion. A recent intrusion prompted GuidePoint Security to release a report in which it stated that the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's Go backdoor." Having first surfaced in June 2022, BianLian has since changed its focus to extortion based on exfiltration when a decryptor was made public in January 2023. The cybersecurity firm observed an attack chain that involves the use of CVE-2024-27198 or CVE-2023-42793 to exploit a vulnerable TeamCity instance to obtain initial access to the environment read mor...
FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks
News

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks

As recently as this month, the U.S. government issued a warning regarding the reappearance of BlackCat (also known as ALPHV) ransomware assaults that target the healthcare industry. The authorities added in an updated advisory that since mid-December 2023, the healthcare sector has been the most frequently victimized out of the roughly 70 victims who have been exposed. This is probably a reaction to a statement made by the ALPHV/BlackCat administrator, who encouraged its affiliates to target hospitals following the group's and its infrastructure's operational activity in early December 2023. The Department of Health and Human Services (HHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) are the organizations that provid...
TeamViewer abused to breach networks in new ransomware attacks
News

TeamViewer abused to breach networks in new ransomware attacks

Once more, ransomware actors are trying to install encryptors based on the disclosed LockBit ransomware constructor by utilizing TeamViewer to get early access to organization endpoints. Because of its versatility and ease of use, TeamViewer is a reliable remote access tool that is widely utilized in the business world. Regrettably, scammers and ransomware operators also love to utilize this application. They use it to access remote PCs and dump and execute dangerous files without any restrictions. A comparable incident was initially documented in March 2016 after multiple victims acknowledged on the BleepingComputer forums that TeamViewer read more TeamViewer abused to breach networks in new ransomware attacks. Get up to date on the latest cybersecurity news and enhance your ...
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks
News

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

Threat actors may use a variety of newly demonstrated attack techniques against Google Workspace and the Google Cloud Platform to carry out ransomware, data exfiltration, and password recovery attacks. Martin Zugec, technical solutions director at Bitdefender, stated in a recent report that "threat actors could progress in several ways, starting from a single compromised machine: they could move to other cloned machines with GCPW installed, gain access to the cloud platform with custom permissions, or decrypt locally stored passwords to continue their attack beyond the Google ecosystem." In order for these attacks to occur, the malicious actor must have previously obtained access to a local computer through another method read more Hackers Could Exploit Google Workspace and Cloud Pl...
FBI and CISA warn of opportunistic Rhysida ransomware attacks
News

FBI and CISA warn of opportunistic Rhysida ransomware attacks

The FBI and CISA issued a warning today about the Rhysida ransomware gang's opportunistic attacks on organizations in a variety of industries. Rhysida, a ransomware enterprise that first appeared in May 2023, rose to prominence after breaching the Chilean Army (Ejército de Chile) and leaking stolen data online. The US Department of Health and Human Services (HHS) recently issued a warning that the Rhysida gang was responsible for recent attacks on healthcare organizations. As of September 2023, the joint cybersecurity advisory provides defenders with indicators of compromise read more FBI and CISA warn of opportunistic Rhysida ransomware attacks. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the danger...
FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks
News

FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks

Sardonic is a backdoor that has been "revamped" by the financially motivated threat actor known as FIN8 in order to spread the BlackCat ransomware. The development is reportedly an effort on the part of the e-crime organisation to diversify its emphasis and maximise earnings from infected businesses, according to the Symantec Threat Hunter Team, a division of Broadcom. The attempted infiltration happened in December 2022. The cybersecurity firm uses the moniker Syssphinx to monitor FIN8. The adversary, which has been active at least since 2016, was initially blamed for assaults on point-of-sale (PoS) systems employing malware like PUNCHTRACK and BADHATCH read more FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks. Stay informed with the best cybersecurit...
Backup Repositories Targeted in 93% of Ransomware Attacks
News

Backup Repositories Targeted in 93% of Ransomware Attacks

According to Veeam's 2023 Ransomware Trends Report, the ransomware threat is still very much present, with 85% of organisations having experienced at least one such assault during the past 12 months. The research forewarns that if this pattern persists, "more organisations will suffer a ransomware attack than turn a profit." Additionally, Veeam discovered that in 93% of ransomware cases, the threat actors target the backup repositories, causing 75% of victims to lose at least some of their backups during the assault and more than 39% of backup repositories to be totally lost read more Backup Repositories Targeted in 93% of Ransomware Attacks. With ReconBee.com Stay ahead of the latest threats with in-depth coverage of cyber attacks and cybersecurity trends, and the latest cyberse...