#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

ransomware | Breaking Cybersecurity News | The Hacker News

Category — ransomware
5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy

5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy

Jul 08, 2024 Cybersecurity / Enterprise Security
Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.  Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls around, everyone wants answers: Are we safe from attacks? Are we making progress? Could <insert name of CVE or incident that keeps you up at night here> happen to us? These are all fair concerns.  The question is, how do we best answer them? A company board deserves clear, concise information tied to business goals , not technical details about fixes or attack methods. A communication gap between the CISO and the board can lead to misunderstandings, increased risk, and potentially devastating cyberattacks. And this is why one of the overriding challenges for CISOs today remains: How to pr
Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

Jul 05, 2024 Cybersecurity / Identity Protection
Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don't be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity. Gain insider knowledge on Identity Threat Detection and Response (ITDR) , the latest technology designed to protect your identity like never before. In this power-packed session, you'll discover: Hidden Vulnerabilities in Your Security: Learn why traditional solutions are falling short and how ITDR fills these critical gaps. Top Features of ITDR Solutions: Get an insider's perspective on what sets the best ITDR solutions apart. ITDR in Action: See real-world scenarios where ITDR has thwarted sophisticated identity-based attacks. Future Trends in Identity Security: Stay a
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Oct 01, 2024Generative AI / Data Protection
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security concerns, many have been forced to choose between unrestricted GenAI usage to banning it altogether. A new e-guide by LayerX titled 5 Actionable Measures to Prevent Data Leakage Through Generative AI Tools is designed to help organizations navigate the challenges of GenAI usage in the workplace. The guide offers practical steps for security managers to protect sensitive corporate data while still reaping the productivity benefits of GenAI tools like ChatGPT. This approach is intended to allow companies to strike the right balance between innovation and security. Why Worry About ChatGPT? The e
GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

Jul 05, 2024 SEO Poisoning / Cyber Attack,
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason said in an analysis published last week. "While some of the particulars of GootLoader payloads have changed over time, infection strategies and overall functionality remain similar to the malware's resurgence in 2020." GootLoader, a malware loader part of the Gootkit banking trojan, is linked to a threat actor named Hive0127 (aka UNC2565). It abuses JavaScript to download post-exploitation tools and is distributed via search engine optimization (SEO) poisoning tactics. It typically serves as a conduit for delivering various payloads such as Cobalt Strike, Gootkit, IcedID, Kronos, REvil, and SystemBC. In recent months, the threat actors behind GootLoader have
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
How MFA Failures are Fueling a 500% Surge in Ransomware Losses

How MFA Failures are Fueling a 500% Surge in Ransomware Losses

Jul 02, 2024 Multi-Factor Authentication
The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from $400,000 in 2023. Separately, RISK & INSURANCE, a leading media source for the insurance industry reported recently that in 2023 the median ransom demand soared to $20 million in 2023 from $1.4 million in 2022, and payment skyrocketed to $6.5 million in 2023 from $335,000 in 2022, much more than 500%. This shocking surge is a testament to the increasing sophistication of cyberattacks and the significant vulnerabilities inherent in outdated security methods. The most significant factor contributing to this trend is a broad reliance on twenty-year-old, legacy Multi-Factor Authentic
Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

Jun 28, 2024 Cybersecurity / Cloud Security
The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS .  SaaS continues to dominate software adoption , and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming on-prem pegs into SaaS security holes  The mature security controls CISOs and their teams depended on in the age of on-prem dominance have vanished. Firewalls now protect a small perimeter, visibility is limited, and even if SaaS vendors offer logs, security teams need homegrown middleware to digest them and push into their SIEM.  SaaS vendors do have well-defined security scopes for their products, but their customers must manage SaaS compliance and data governance, identity and access management (IAM), and application controls — the areas where most incidents occur. While this SaaS shared responsibility mod
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

Jun 27, 2024 Cryptojacking / Data Protection
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates the malware author's continued efforts into profiting off their illicit access and spreading the network further, as it continues to worm across the internet," Cado Security said in a report published this week. P2PInfect came to light nearly a year ago, and has since received updates to target MIPS and ARM architectures. Earlier this January, Nozomi Networks uncovered the use of the malware to deliver miner payloads. It typically spreads by targeting Redis servers and its replication feature to transform victim systems into a follower node of the attacker-controlled server
Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion

Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion

Jun 27, 2024 Cyber Crime / Cyber Warfare
A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). He remains at large. If convicted, he faces a maximum penalty of five years in prison. Concurrent with the action, the U.S. Department of State's Rewards for Justice program is offering a reward of up to $10 million for information pertaining to his whereabouts or the malicious cyber attacks he is associated with. "The defendant conspired with Russian military intelligence on the eve of Russia's unjust and unprovoked invasion of Ukraine to launch cyberattacks targeting the Ukrainian government and later targeting its allies, including the United States,&quo
Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!

Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!

Jun 26, 2024 Vulnerability / Data Protection
A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.6, and  From 2024.0.0 before 2024.0.2 "Improper authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass," the company said in an advisory released Tuesday. Progress has also addressed another critical SFTP-associated authentication bypass vulnerability (CVE-2024-5805, CVSS score: 9.1) affecting MOVEit Gateway version 2024.0.0. Successful exploitation of the flaws could allow attackers to bypass SFTP authentication and gain access to MOVEit Transfer and Gateway systems. watchTowr Labs has since published additional technical specifi
Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware

Jun 26, 2024 Cyber Attack / Malware
Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean state-sponsored groups, cybersecurity firms SentinelOne and Recorded Future said in a joint report shared with The Hacker News. This includes ChamelGang's attacks aimed at the All India Institute of Medical Sciences (AIIMS) and the Presidency of Brazil in 2022 using CatB ransomware , as well as those targeting a government entity in East Asia and an aviation organization in the Indian subcontinent in 2023. "Threat actors in the cyber espionage ecosystem are engaging in an increasingly disturbing trend of using ransomware as a final stage in their operations for the purposes of financia
Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices

Jun 24, 2024 Mobile Security / Threat Intelligence
Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities from data theft to device manipulation," Check Point said in an analysis published last week. It boasts a wide range of features, such as the ability to wipe SD cards, delete call logs, siphon notifications, and even act as ransomware. The use of Rafel RAT by DoNot Team (aka APT-C-35, Brainworm, and Origami Elephant) was previously highlighted by the Israeli cybersecurity company in cyber attacks that leveraged a design flaw in Foxit PDF Reader to trick users into downloading malicious payloads. The campaign, which took place in April 2024, is said to have utilized military-them
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Jun 16, 2024 Cybercrime / SIM Swapping
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is part of a joint effort between the U.S. Federal Bureau of Investigation (FBI) and the Spanish National Police that began last May. News of the arrest was first reported by Murcia Today on June 14, 2024, with vx-underground subsequently revealing that the apprehended party is "associated with several other high profile ransomware attacks performed by Scattered Spider." The malware research group further said the individual was a SIM swapper who operated under the alias "Tyler." SIM swapping attacks work by calling the telecom provider to transfer a target's phone number to a SIM under their control with the goal of intercepting their messages, including one-
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

Jun 14, 2024 Cyber Espionage / Cryptocurrency
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian government and Brazil's aerospace, technology, and financial services sectors," Google's Mandiant and Threat Analysis Group (TAG) divisions said in a joint report published this week. "Similar to their targeting interests in other regions, cryptocurrency and financial technology firms have been a particular focus, and at least three North Korean groups have targeted Brazilian cryptocurrency and fintech companies." Prominent among those groups is a threat actor tracked as UNC4899 (aka Jade Sleet, PUKCHONG, and TraderTraitor), which has targeted cryptocurrency professionals with a malware-laced trojanized Python app. The attack chains involve reaching out to pote
Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

Jun 13, 2024 Cyber Crime / Ransomware
The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious payloads in order to evade detection by security programs. The product is believed to have been offered to the Conti and LockBit ransomware syndicates that then used the crypter to disguise the file-encrypting malware and launch successful attacks. "And at the end of 2021, members of the [Conti] group infected the computer networks of enterprises in the Netherlands and Belgium with hidden malware," according to a translated version of the statement released by the agency. As part of the investigation, authorities conducted searches in Kyiv and Kharkiv, and seized computer equipment, mobile phones, and notebooks. If found guilty, the defendant is expected to face up to 15 years
Expert Insights / Articles Videos
Cybersecurity Resources