News – Page 506

BlackMatter ransomware group claims to be Darkside and REvil succesor

Posted on 28 July 2021

From securityaffairs.co

BlackMatter is a new ransomware gang that started its activity this week, the cybercriminals group claims to be the successor of Darkside and REvil groups.

Lile other ransomware operations, BlackMatter also set up its leak sitewhere it will publish data exfiltrated from the victims before encrypting their system.

The birth of the BlackMatter ransomware was first spotted by researchers at Recorded Future who also reported that the gang is setting up a network of affiliates using ads posted on two cybercrime forums, such as Exploit and XSS.

Over 100 active ransomware groups are on FBI Tracking Radar

Posted on 28 July 2021

From cybersecurity-insiders.com

The US Federal Bureau of Investigation (FBI) has made it official that it has been tracking over 100 active ransomware groups that are busy attacking American Businesses, schools, and other organizations.

Bryan Vorndran, the Assistant Director to the cyber division of FBI, disclosed the above stated news through a media statement issued on Tuesday, i.e. July 27th, 2021.

Vorndran added that his federal agency will put in all efforts to try mitigating the effects of the file encrypting malware hitting the networks.

Historically, if analyzed data is taken into consideration, FBI has tracked over 1000 variants of ransomware that hit over 20,000 organizations on a serious note. This includes the recently attacks launched on JBS Meat and Colonial Pipeline by DarkSide ransomware group.

LockBit ransomware now encrypts Windows domains using group policies

Posted on 28 July 2021

From bleepingcomputer.com

A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies.

The LockBit ransomware operation launched in September 2019 as a ransomware-as-a-service, where threat actors are recruited to breach networks and encrypt devices.

In return, the recruited affiliates earn 70-80% of a ransom payment, and the LockBit developers keep the rest.

Over the years, the ransomware operation has been very active, with a representative of the gang promoting the activity and providing support on hacking forums.

Kaseya Denies Paying $70 Million Bitcoin Ransom

Posted on 27 July 2021

From decrypt.co

On July 2, IT software provider Kaseya was crippled by an attack attributed to Russia-based hacking group REvil. The ransomware compromised the software and removed the clients’ administrator access. REvil demanded $70 million in Bitcoin to restore normal operations.

Last week, it announced it had received the decryptor key to undo the attack, which affected hundreds of businesses that use Kaseya software worldwide. But it declined to say how—beyond that it had come from a “trusted third party,” leading to speculation that it had paid the $70 million ransom.

Not so, said Kaseya on Monday. “We are confirming in no uncertain terms that Kaseya did not pay a ransom—either directly or indirectly through a third party—to obtain the decryptor,” it said in an update on its website.

Hiding Malware inside a model of a neural network

Posted on 27 July 2021

From securityaffairs.co

Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network models to evade the detection without impacting the performance of the network.

Tests conducted by the experts demonstrated how to embed 36.9MB of malware into a 178MB-AlexNet model within 1% accuracy loss, this means that the threat is completely transparent to antivirus engines.

Experts believe that with the massive adoption of artificial intelligence, malware authors will look with an increasing intered in the use of neural networks. We hope this work could provide a referenceable scenario for the defense on neural network-assisted attacks.

What is Aeur ransomware?

Posted on 27 July 2021

From 2-spyware.com

Aeur ransomware is a computer virus that will leave the victim’s personal files locked and renamed until a ransom of $980 is forwarded in Bitcoins. Or cybercriminals would like to persuade you into thinking that by dropping the _readme.txt ransom note on your desktop after the infection.

This file-locker is distributed primarily through file-sharing platforms, specifically the most popular torrent websites. It belongs to the Djvu ransomware family, and most cyberthreats from this lineage are camouflaged as the latest or the most anticipated game cracks.^[1]

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

Posted on 27 July 2021

From thehackernews.com

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year.

The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory corruption issue (CVE-2021-30807) in the IOMobileFrameBuffer component, a kernel extension for managing the screen framebuffer, that could be abused to execute arbitrary code with kernel privileges.