Displaying items by tag: Emsisoft

Ransomware attacks on Windows systems in the US during 2021 showed a small dip from the previous year, with 2323 local governments, schools and healthcare providers hit, the security firm Emsisoft reports.

Another Windows ransomware group, BlackMatter, appears to have shut down operations, according to a message sent out by the people behind the group.

A ransomware gang known as Groove is claimed to have been an elaborate hoax meant to deceive the security sector and the media, with even a site backed by a CIA-funded threat intelligence firm falling for the spoof.

Security firm Emsisoft has lost the ability to produce keys that could decrypt files encrypted by the BlackMatter Windows ransomware gang, something it has been doing for a while.

A number of Windows ransomware gangs have reacted to the reported takedown of the REvil gang, with one of them, Darkside, now known as BlackMatter, moving some of the bitcoin it holds, according to a statement from the cryptocurrency tracking firm Elliptic.

The REvil ransomware group was taken offline by intelligence agencies and law enforcement from the US and a number of its allies, the news agency Reuters claims.

A seasoned ransomware threat researcher has warned against taking any of the chatter around the disappearance of the Windows REvil ransomware group for a second time seriously, given that the forums on which these posts have appeared are heavily monitored.

Issues have been identified with a decryptor released by security firm Bitdefender for files encrypted by the REvil ransomware group before it temporarily disappeared on 13 July.

A ransomware gang has warned victims that any data that has been exfiltrated from their networks during attacks would be destroyed were they to contact companies to negotiate ransom payments.

The people behind a new ransomware group, Groove, have threatened to start attacking public sector businesses in Ukraine if the government of that country does not stop extraditing citizens to the US.

The chief technology officer of New Zealand-headquartered Emsisoft, a firm well known for its efforts in helping ransomware victims, has poked fun at the "new 'innovative' ways people will claim to be the next big fix for ransomware".

ANALYSIS Claims that the Colonial Pipeline Company paid US$5 million as a ransom to the group behind the DarkSide Windows ransomware after it was attacked on 7 May need to be taken with a pinch of salt, seeing as the report was an "exclusive" from Bloomberg.

Australian healthcare provider UnitingCare Queensland has identified the Windows ransomware that hit its systems on 25 April as the REvil strain, aka Sodinokibi.

Billions of dollars of damage has been caused by ransomware to both business and home users in the last 12 months, the New Zealand-headquartered security firm Emsisoft says in figures released on Tuesday, adding that the average ransom demand increased by more than 80% during the same period, with a total of US$18 billion (A$23.2 billion) paid in ransoms globally.

Claims that a leak of the user data of 533 million Facebook users has just taken place is a bit of a stretch. A major part of this data has been out on the Web for a long time.

In a strictly legal sense, Nine Entertainment is correct in continuing to push the notion that it has not received a ransom note after it announced on 28 March that it had fallen victim to what was described as a "cyber attack", a senior security researcher has told iTWire.

Incident response firm Coveware has deleted a small portion of an article it had posted online in 2019, after the actors behind the REvil ransomware group — also known as Sodinokibi — used it to promote the efficiency of their own decryptor over that of the one used by rival ransomware actor, Ryuk.

Microsoft's Remote Desktop Protocol tool was the attack vector of choice for ransomware attackers in 2020 as they stepped up as the pandemic created an environment suitable for this malware genre to thrive.

Security firm Qualys has become the latest to be affected by a breach of a file transfer system manufactured by the firm Accellion, the company says.

Law enforcement authorities in France and Ukraine have joined forces to arrest a number of people in Ukraine who were using the Windows Egregor ransomware to make money.