Ransomware Decryption | Breaking Cybersecurity News | The Hacker News

The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. "Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and around the world, causing costly disruptions to operations and the destruction or exfiltration of sensitive information," the State Department  said . "More than $144 million in ransom payments have been made to recover from LockBit ransomware events." The development comes as a sweeping law enforcement operation led by the U.K. National Crime Agency (NCA)  disrupted  LockBit, a Russia-linked ransomware gang that has been active for more than four years, wreaking havoc on business and critical infrastructure entities around the world. Ransomware-as-a-service (RaaS) operations like LockBit and others work by e

Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). "Through a comprehensive analysis of Rhysida Ransomware, we identified an implementation vulnerability, enabling us to regenerate the encryption key used by the malware," the researchers  said . The development marks the first successful decryption of the ransomware strain, which first made its appearance in May 2023. A  recovery tool  is being distributed through KISA. The study is also the latest to achieve data decryption by exploiting implementation vulnerabilities in ransomware, after  Magniber v2 , Ragnar Locker,  Avaddon , and  Hive . Rhysida , which is known to share overlaps with another ransomware crew called Vice Society, leverages a ta

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

A decryptor for the Tortilla variant of the Babuk ransomware has been  released  by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations. The encryption key has also been shared with Avast, which had previously  released a decryptor  for Babuk ransomware after its  source code was leaked  in September 2021. The updated decryptor can be accessed  here  [EXE file]. "A single private key is used for all victims of the Tortilla threat actor," Avast  noted . "This makes the update to the decryptor especially useful, as all victims of the campaign can use it to decrypt their files." The Tortilla campaign was  first disclosed  by Talos in November 2021, with the attacks leveraging  ProxyShell flaws in Microsoft Exchange servers  to drop the ransomware within victim environments. Tortilla

The U.S. Justice Department (DoJ) has officially  announced  the disruption of the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate for the BlackCat group and gain access to a web panel used for managing the gang's victims, in what's a case of hacking the hackers. The confiscation effort involved collaboration and assistance from multiple law enforcement agencies from the U.S., Germany, Denmark, Australia, the U.K., Spain, Switzerland, and Austria. BlackCat , also called ALPHV, GOLD BLAZER, and Noberus,  first emerged  in December 2021 and has since gone on to be the second most prolific ransomware-as-a-service variant in the world after LockBit. It's also the first Rust-language-based ransomware strain spotted in the