Geek-Guy.com

Category: Ransomware

Auto Added by WPeMatico

Cybersecurity vendors are themselves under attack by hackers, SentinelOne says

Cybersecurity companies don’t just defend their customers against cyberattacks — they also have to defend themselves, and a SentinelOne report published Monday examines some of the biggest threats they’re facing. Those include ransomware, Chinese government-sponsored hackers and North Korean IT workers posing as job applicants, according to the report from SentinelOne’s SentinelLabs. “In recent months,…

Attackers hit security device defects hard in 2024

Attackers are having a field day with software defects in security devices, according to a new report released Wednesday by Mandiant  Exploits were the most common initial infection vector, representing 1 of every 3 attacks in 2024, and the four most frequently exploited vulnerabilities were all contained in edge devices, such as VPNs, firewalls and…

10 key numbers from the 2024 FBI IC3 report

It looks like 2024 was a record year in cybercrime for all the wrong reasons, according to the FBI’s annual Internet Crime Complaint Center (IC3) report released Wednesday.  As cyber-enabled fraud and ransomware continue to harm individuals, businesses, and critical infrastructure, the report, now in its 25th year, provides crucial insight into evolving criminal tactics…

Verizon discovers spike in ransomware and exploited vulnerabilities

Cybercriminals and state-sponsored threat groups exploited vulnerabilities and initiated ransomware attacks with vigor last year, escalating the scope of their impact by hitting more victims and outmaneuvering defenses with speed. The rate of ransomware detected in data breaches jumped 37%, occurring in 44% of the 12,195 data breaches reviewed in Verizon’s 2025 Data Breach Investigations…

Cyberangriff kostet IKEA-Betreiber mehrere Millionen

Die Folgen des Ransomware-Angriffs auf den Franchise-Nehmer der IKEA-Filialen in Südosteuropa sind noch immer zu spüren. dimitris_k – shutterstock.com Ende des vergangenen Jahres meldete die Fourlis Group, dass die technischen Probleme der IKEA-Onlineshops auf „böswillige externe Handlungen“ zurückzuführen seien. Aus der Mitteilung ging hervor, dass der Cyberangriff sich im November 2024 ereignete und die Geschäftstätigkeit…

Ransomware-Attacken stoßen in Windows-Lücke

srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?quality=50&strip=all 2800w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=768%2C432&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=1024%2C576&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=1536%2C864&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=1240%2C697&quality=50&strip=all 1240w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=150%2C84&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=854%2C480&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=640%2C360&quality=50&strip=all 640w, https://b2b-contenthub.com/wp-content/uploads/2025/04/shutterstock_2201386007.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Cyberkriminelle missbrauchen eine Sicherheitslücke in Windows, um eine Backdoor-Malware und Ransomware einzuschleusen. Kanoktuch – shutterstock.com Sicherheitsforscher von Microsoft haben eine Schwachstelle im CLFS-Treiber (Common Log File System) von…

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft addressed 126 vulnerabilities affecting its systems and core products, including a zero-day in the Windows Common Log File System (CLFS) that’s been actively exploited in a series of ransomware attacks, the company said in its latest security update Tuesday. A group Microsoft tracks as Storm-2460 has exploited CVE-2025-29824 to initiate ransomware attacks “against a…

Hackerangriff auf Heilbronner Marketing

width=”2421″ height=”1362″ sizes=”(max-width: 2421px) 100vw, 2421px”>Hacker haben die IT-Systeme der Heilbronn Marketing verschlüsselt. Suttipun – shutterstock.com Laut einem Bericht des Südwestrundfunk (SWR) haben Cyberkriminelle kürzlich die IT-Systeme der Heilbronn Marketing GmbH (HMG) verschlüsselt und einen Erpresserbrief hinterlassen. Bisher ist unklar, ob dabei auch Daten gestohlen wurden. Da das Unternehmen unter anderem Feste und Events für…

Identity lapses ensnared organizations at scale in 2024

Cybercriminals predominantly relied on weaknesses in identity controls to afflict organizations in 2024, with valid accounts being the main way they gained access for the second year in a row, Cisco Talos said in an annual report released Monday. Across the incident response cases Cisco Talos responded to last year, 60% involved an identity attack…

Neue VanHelsing-Ransomware breitet sich rasant aus

width=”3200″ height=”1800″ sizes=”(max-width: 3200px) 100vw, 3200px”>Das neue Ransomware-Programm VanHelsing zielt auf Windows-, Linux-, BSD-, ARM- und ESXi-Systeme. Andrey_Popov – shutterstock.com Das neue RaaS-Projekt namens VanHelsing wurde erstmals am16. März von Forschern von CYFIRMA entdeckt, als Angreifer es für Verschlüsselung und doppelte Erpressung nutzten. Da es für Ziele der Gemeinschaft Unabhängiger Staaten (GUS) verboten ist, gehen…

Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US

A Canadian citizen is one step closer to standing trial in the United States for his alleged involvement in a series of attacks targeting as many as 165 Snowflake customers, one of the most widespread and damaging attack sprees on record.  Connor Moucka consented to extradition on Friday to face 20 federal charges, including conspiracy…

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day

Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers. The vulnerability, which Trend Micro tracks as ZDI-CAN-25373, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut…

Ransomware-Attacke auf Mönchengladbacher Altenheimbetreiber

width=”2461″ height=”1384″ sizes=”(max-width: 2461px) 100vw, 2461px”>Eine Ransomware-Bande erpresst den Altenheimbetreiber der Stadt Mönchengladbach mit verschlüsselten Daten. Das Unternehmen weigert sich jedoch, das geforderte Lösegeld zu bezahlen. Max Acronym – shutterstock.com Wie der Westdeutsche Rundfunk (WDR) berichtet, haben Cyberkriminelle am Montag (17. März) die IT-Systeme der Mönchengladbacher Stadttochter Sozial-Holding lahmgelegt. Von dem Angriff betroffen sind demnach…

Ransomware-Attacke auf SMC Europa

Der japanische Spezialist für industrielle Automatisierungstechnik SMC ist weltweit in zahlreichen Ländern vertreten – auch in Deutschland. Studio Holger Knauf, Düsseldorf – SMC Deutschland GmbH Der Spezialist für industrielle Automatisierungstechnik SMC wurde vermutlich von einer Ransomware-Attacke getroffen. Die Quilin-Bande veröffentlichte kürzlich einen Darknet-Post, wonach sie angeblich rund ein Terabyte Daten von der europäischen SMC-Tochter gestohlen…

Infostealers fueled cyberattacks and snagged 2.1B credentials last year

Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report. Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a…

Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware

AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-071A) published on March 12, 2025, which details new behaviors exhibited by Medusa Ransomware. The post Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware appeared first on AttackIQ. The post Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware appeared first on Security…

Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand

What happens when a healthcare giant’s legal threats ignite a Streisand Effect wildfire… while a ransomware gang appears to ditch the dark web for postage stamps? Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Alleged Co-Founder of Garantex Arrested in India

Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the…

Ransomware-Attacke auf Willms Fleisch

Der Lebensmittelproduzent Willms Fleisch wurde vermutlich von Hackern angegriffen. Nataliia Maksymenko – Shutterstock Willms zählt zu den größten Fleischproduzenten in Deutschland. Die Ransomware-Gruppe Safepay hat das Unternehmen nun auf ihre Opferliste im Darknet gesetzt. Die Hacker behaupten, zwei Terabyte Daten gestohlen zu haben. Um was für Informationen es sich dabei genau handelt, ist jedoch unklar.…

Ransomware poseurs are trying to extort businesses through physical letters

The FBI and threat researchers are warning executives to be on the lookout for physical letters in the mail threatening to leak sensitive corporate data.  The letters, which are stamped “time sensitive read immediately” and shipped directly to executives through the Postal Service, are part of a nationwide scam designed to extort victims into paying…

US charges admins of Garantex for allegedly facilitating crypto money laundering for terrorists and hackers

The administrators of Garantex, Aleksej Besciokov and Aleksandr Mira Serda, allegedly knew their crypto exchange was used to launder money, according to U.S. prosecutors. © 2024 TechCrunch. All rights reserved. For personal use only.

Russian crypto exchange Garantex seized in international law enforcement operation

U.S. and European law enforcement agencies have seized the infrastructure of Garantex, a cryptocurrency exchange accused of laundering billions in criminal proceeds, in a sweeping international operation that signals heightened focus on illicit financial flows in cryptocurrency markets. According to Justice Department documents unsealed Friday, the Moscow-based exchange processed approximately $96 billion in cryptocurrency transactions…

FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless…

Cybercriminals picked up the pace on attacks last year

Threat actors became increasingly efficient last year, rapidly achieving lateral movement and swiftly stealing data at a faster clip than ever before, according to multiple threat intelligence firms.  The reduced time frame is a clear indicator that cybercriminals are constantly improving their ability to be successful. With the abuse of legitimate system tools to help…

The dirty dozen: 12 worst ransomware groups active today

Ransomware-as-a-service (RaaS) models, double extortion tactics, and increasing adoption of AI characterize the evolving ransomware threat landscape. Law enforcement takedowns of groups such as LockBit have contributed to making the ransomware marketplace more fragmented, with emergent players attempting to muscle in on the action. Attackers range from nation-state actors to RaaS operations, lone operators, and…

Stop targeting Russian hackers, Trump administration orders US Cyber Command

The Trump administration has told US cyber command and CISA to stop following or reporting on Russian cyber threats. Yes, Russia! That country everyone used to agree was home to lots of ransomware gangs and hackers. Hmmm… Read more in my article on the Hot for Security blog.

Ransomware access playbook: What Black Basta’s leaked logs reveal

Black Basta, one of the most successful ransomware groups over the past several years, had a major leak of its internal communications recently. The logs provide a glimpse into the playbook of a high-profile ransomware group and its preferred methods for gaining initial access to networks, as analysis from security researchers shows. “Key attack vectors…

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a…

Hacker verschlüsseln Daten von rund 12.000 Patienten

srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?quality=50&strip=all 16634w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=768%2C432&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=1024%2C576&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=1536%2C864&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=1240%2C697&quality=50&strip=all 1240w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=150%2C84&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=854%2C480&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=640%2C360&quality=50&strip=all 640w, https://b2b-contenthub.com/wp-content/uploads/2025/02/shutterstock_2321046757_71010c.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Hacker haben sich Zugriff auf Daten von Tausenden Patienten aus Hamburg verschafft. Inactive design – Shutterstock.com Laut einem Bericht des Hamburger Abendblatt wurde das Praxisinformationssystem der MVZ Herz-Lungen-Praxis…

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies

U.S. authorities say a 21-year-old U.S. Army soldier attempted to sell stolen sensitive information to a foreign intelligence service as part of a broader effort to extort victims and leak call records of high-ranking public officials. In November while on active duty, Cameron Wagenius made multiple attempts to extort $500,000 from a major telecommunications company…

Orange Group von Datenleck betroffen

Die Orange Group wurde von einer Ransomware-Attacke getroffen. JeanLucIchard – Shutterstock.com Ein Mitglied der Ransomware-Bande HellCat behauptet, rund 6,5 Gigabyte an Daten von der Orange Group gestohlen zu haben. Das erbeutete Datenpacket umfasst demnach 380.000 eindeutige E-Mail-Adressen, Quellcode, Rechnungen, Verträge sowie Kunden- und Mitarbeiterinformationen. Der französische TK-Anbieter bestätigte gegenüber dem Technikmagazin Bleeping Computer, dass es…

Data Theft Drove 94% of Global Cyberattacks in 2024 & Ransomware Defenses are “Increasingly Complex”

Ransomware groups now steal, encrypt, and threaten to leak company data on the dark web, forcing victims to pay or risk exposing sensitive information.

Threat actors are increasingly trying to grind business to a halt

Cybercriminals intentionally disrupted operations at a growing rate last year, Palo Alto Networks’ threat intelligence firm Unit 42 said in an annual incident response report released Tuesday. Of the nearly 500 major cyberattacks Unit 42 responded to last year, 86% involved business disruption, including operational downtime, fraud-related losses, increased operating costs and negative reputational impacts. …

Dragos: Surge of new hacking groups enter ICS space as states collaborate with private actors

Cyberattacks against industrial organizations surged in 2024 as a glut of new threat actors increasingly targeted operational technology (OT) and industrial control systems (ICS), according to cybersecurity firm Dragos. According to a report released Tuesday, attacks on industrial organizations soared by 87% last year, while the number of ransomware groups impacting the OT/ICS space jumped…

Stürmer Maschinen von Ransomware-Attacke getroffen

Die Ransomware-Bande Lynx erpresst den Großhändler Stürmer Maschinen mit gestohlenen Daten. DC Studio – Shutterstock.com Die Ransomware-Bande Lynx hat den Maschinengroßhändler Stürmer Maschinen kürzlich auf ihre Opferliste gesetzt. Auf ihrer Leak-Seite im Darknet behaupten die Cyberkriminellen, einen Datensatz von 800 Gigabyte abgezogen zu haben. Um welche Daten es sich dabei genau handelt ist unklar. Informationen…

What defenders are learning from Black Basta’s leaked chat logs

Black Basta’s internal chat logs, which were leaked earlier this month, are providing defenders with actionable intelligence on the ransomware group’s operations, cybercrime experts told CyberScoop.  Researchers sifting through Black Basta’s exposed communications found details about the group’s preferred tools and techniques, including custom malware loaders, indicators of compromise, cryptocurrency wallets and email addresses associated…

Deutscher IT-Dienstleister im Visier von Ransomware-Angreifern

Die Hackerbande Akira soll Daten von InSyst gestohlen haben. Quality Pixel – Shutterstock.com Der IT-Dienstleister InSyst wurde offenbar Ziel einer Ransomware-Attacke. Die Ransomware-Gruppe Akira fügte das Unternehmen kürzlich zu ihrer Opferliste im Darknet hinzu. Die Hacker behaupten, vertrauliche Daten wie NDAs, Führerscheine, Finanzdaten sowie Kontaktdaten von Mitarbeitern und Kunden erbeutet zu haben. Die Angreifer drohen…

Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace

The United States is falling “increasingly behind” its adversaries in cyberspace, a former Cyber Command and National Security Agency boss said Saturday. Speaking at the DistrictCon cybersecurity conference in Washington, D.C., retired Gen. Paul Nakasone said that “our adversaries are continuing to be able to broaden the spectrum of what they’re able to do to…

Ransomware-Attacke auf Gesundheitsdienstleister

Die Ransomware-Gruppe Medusa will den britischen Gesundheitsdienstleister HCRG Care Group um mehr als 2.000 Daten erleichtert haben. Sasun Bughdaryan – Shutterstock.com Die Ransomware-Bande Medusa behauptet in einem Darknet-Post, mehr als 2.000 sensible Datensätze  der HCRG Care Group erbeutet zu haben. Das Unternehmen zählt zu den größten unabhängigen Anbietern von Gesundheits- und Pflegedienstleistungen im Vereinigten Königreich…

Smashing Security podcast #405: A crypto con exchange, and soaring ticket scams

From shadowy Bitcoin exchanges to Interpol’s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are being warned about a swathe of scams hitting stadiums and arenas around…

GRIT’s 2025 Report: Ransomware Group Dynamics and Case Studies

Ransomware threats continue evolving, with the most successful groups refining their tactics to maximize impact over the last year. Understanding […] The post GRIT’s 2025 Report: Ransomware Group Dynamics and Case Studies appeared first on Security Boulevard.

Smashing Security podcast #404: Podcast not found

The story of how hackers managed to compromise the US Government’s official SEC Twitter account to boost the price of Bitcoins, AI isn’t helping reduce the rife conspiracy theories inside classrooms, and is the funeral bell tolling for ransomware? All this and more is discussed in the latest edition of the “Smashing Security” podcast by…

U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure

A consortium of U.S., Australian and U.K. officials announced coordinated sanctions Tuesday against Zservers, a Russia-based bulletproof hosting provider. The action targets the company for its role in facilitating ransomware attacks, most notably those conducted by the LockBit ransomware-as-a-service (RaaS) group. Officials detailed that Zservers has long been linked to cybercriminal forums, where it has…

Thai authorities detain four Europeans in ransomware crackdown

In a sweeping international law enforcement operation, Thai authorities arrested four Europeans in Phuket, accusing them of orchestrating ransomware attacks affecting Swiss companies worldwide. The suspects are allegedly tied to the 8Base ransomware-as-a-service (RaaS) gang, which extorted $16 million worth of Bitcoin from over 1,000 individuals. The operation, termed “Phobos Aetor,” reflected a tightly coordinated…

Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom

In episode 403 of “Smashing Security” we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham’s DMs, Geoff gives a poor grade for PowerSchool’s security, and Carole takes a curious look at QR codes. All this and more is discussed in the latest edition of the “Smashing…

Ransomware payments dropped 35% in 2024

Ransomware payments saw a dramatic 35% drop last year compared to 2023, even as the overall frequency of ransomware attacks increased, according to a new report released by blockchain analysis firm Chainalysis.  The considerable decline in extortion payments is somewhat surprising, given that other cybersecurity firms have claimed that 2024 saw the most ransomware activity…

Ransomware payments dropped in 2024 as victims refused to pay hackers

Ransomware payments fell by more than one-third in 2024 as an increasing number of victims refused to negotiate with hackers. In a report published Wednesday, crypto forensics firm Chainalysis said that while ransomware gang leak sites posted more victims than in previous years during 2024, fewer victims gave in to the hackers’ demands. Chainalysis reported…

The Transformative Role of AI in Cybersecurity

2025 marks a pivotal moment in the integration of artificial intelligence (AI) and cybersecurity. Rapid advancements in AI are not only redefining industries; they are reshaping the cybersecurity landscape in profound ways. Through this evolution, I have noted three primary […] The post The Transformative Role of AI in Cybersecurity appeared first on TechSpective. The…

House bill aims to better protect financial institutions from ransomware attacks

A bipartisan pair of House lawmakers are seeking to improve private-public coordination for financial institutions amid a surge of ransomware attacks on the sector. The Public and Private Sector Ransomware Response Coordination Act, introduced this week by Reps. Zach Nunn, R-Iowa, and Josh Gottheimer, D-N.J., would direct the Treasury secretary to deliver a report on…

WordPress Appliance - Powered by TurnKey Linux