Lawrence Abrams reports: A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack. […] Yesterday, MalwareHunterTeam shared a PowerShell script with BleepingComputer used by the Pysa ransomware operation to search for and exfiltrate data from a server. This script is designed…
Category: Malware
Hacking group nicknamed SparklingGoblin is accused of stealing usernames and IP addresses from US computer retailer and Canadian schools
Adam Manno reports: A hacking group has targeted the networks of US media and retail companies to gather usernames and IP addresses, according to research from an antivirus company. Slovakia-based cybersecurity company Eset has identified a ‘backdoor’ used by a group it calls SparklingGoblin to enter firm’s supposedly secure servers, according to a post on the company’s…
Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc
Ravie Lakshmanan reports: Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims. “While the ransomware…
FBI sends its first-ever alert about a ‘ransomware affiliate’
Catalin Cimpanu reports: The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a “ransomware affiliate.” A relatively new term, a ransomware affiliate refers to a person or group who rents access to Ransomware-as-a-Service (RaaS) platforms, orchestrates intrusions into corporate networks, encrypt files with the “rented ransomware,”…
Atlanta Allergy & Asthma first mails notices to patients; data was dumped back in March
On March 3, DataBreaches.net reported that Atlanta Allergy & Asthma had apparently been compromised by Nefilim threat actors, who had dumped more than 2 GB of patient-related files on a dedicated leak site. DataBreaches.net not only reported that, but provided a redacted screencap and noted that this site had reached out to the covered entity…
Tokio Marine Insurance Singapore Hit by Ransomware Attack
As seen on Tokio Marine Insurance’s web site: August 16, 2021 Tokio Marine Holdings, Inc. Cyber Incident at Tokio Marine Insurance Singapore Ltd. We announce that Tokio Marine Insurance Singapore Ltd. (hereafter referred to as “TMiS”), one of Tokio Marine Group companies in Singapore, was subject to a ransomware cyber-attack. Upon a detection of the…