![]() ![]() ![]() Also known as FIN12, DEV-0237 is notable for its distribution of Hive, Conti, and Ryuk ransomware. “Microsoft tracks one of these affiliate groups as DEV-0237. As a result, attackers can switch their payloads of choice much as a legitimate company would change software vendors. It is worth noting that the ransomware strain is a product of a Ransomware as a Service (RaaS) group, which means that the developers of the malware usually are not responsible for performing the breaches. The Microsoft 365 Defender Threat Intelligence Team released a report that digs into further details surrounding this threat, including increased adoption as the team “observed two of the most prolific affiliate groups associated with ransomware deployments have switched to deploying BlackCat.” Rust is known to be fast and cross-platform – meaning that the malware can be run on Microsoft Windows, Apple MacOS or Linux – which provides obvious advantages to malicious actors. The BlackCat ransomware came to widespread awareness in November of 2021 as one of the first strains to leverage the Rust programming language. “Unlike other ransomware groups, this ransomware family doesn’t have an active leak site instead it prefers to direct the impacted victim to negotiations through TOX chat and onion-based messenger instances.” During our research we observed multiple variants impacting Windows and Linux systems,” the researchers wrote in the report. “HelloXD is a ransomware family performing double extortion attacks that surfaced in November 2021. Palo Alto’s Unit 42 researchers released a report on the HelloXD strain of ransomware, which is noteworthy because the operator has not resorted to double extortion techniques and the payload seems to have “very similar core functionality to the leaked Babuk/Babyk source code.” Camassa said SISPI had taken the necessary measures to mitigate data violations,” Hope reported. “The Italian website Cybersecurit圓60.it reported that hackers accessed sensitive documents such as birth, marriage, family, and residence status certificates. This week, Alicia Hope at CPO Magazine reported that Vice Society – a known ransomware operator – claimed responsibility. “While some were quick to point the finger at Killnet, the cyberattack on Palermo bears the signs of a ransomware attack rather than a DDoS.” “Italy recently received threats from the Killnet group, a pro-Russian hacktivist who attacks countries that support Ukraine with resource-depleting cyberattacks known as DDoS (distributed denial of service),” Toulas wrote in the article. Residents (of which Palermo is home to 1.3 million) were – and reportedly still are - unable to access digital services, but questions remained at the time of publication if the outage was a result of a DDoS or a ransomware attack. Last week, Bill Toulas at Bleeping Computer reported on a disruption in services of Palermo, a city in Italy. Italian City of Palermo most likely the target of a ransomware attack Burn out in the uphill climb against ransomware. ![]() Maybe don’t advertise your ransomware on Instagram?.Italian City of Palermo most likely the target of a ransomware attack. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |