All posts in ryuk

An examination of the malware gang’s payments reveals insights into its economic operations. The Ryuk ransomware has earned its operators an estimated $150 million, according to an examination of the malware’s money-laundering operations. Joint research released this week from Brian Carter, principal researcher at HYAS, and Vitali Kremez, CEO at . . . Read more
05 Jan, 2021
BazarLoader, Botnets, CISA advisory, Cloud Security, Cobalt Strike. DDoS, conti, COVID-19, Critical Infrastructure, health care, healthcare cybersecurity, Hospitals, Malware, Ransomware, ransomware as a service, ryuk, Security News, Sodinokibi, Software as a Service, TrickBot, Vulnerabilities, Web Security
0
The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike.
16 Dec, 2020
Backdoor, cobalt strike, egregor, Hacks, Malware, qbot, Ransomware, Ransomware Attack, ryuk, Security News, socks5 proxy, systembc, Tor
0
In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks.
30 Oct, 2020
CISA, COVID-19, cyberattack Trump, election security, elections security, FBI, Government, Hacks, hospital ransomware, hospital security, Malware, Microsoft, patch, patient death, patient safety, Podcasts, Ransomware, ryuk, Security News, smbghost, U.S. elections, Vulnerabilities, Web Security, Windows, windows flaw, zerologon
0

Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry — including bugs that just won’t die. This Halloween week, Threatpost editors discuss the spookiest security stories, including: Listen to the full podcast below or download here. For more Threatpost podcast episodes – including . . . Read more

by Paul Ducklin You’ve probably heard or seen the news that the US CISA issued an alert this week with the unassuming identifier AA20-302A. CISA is short for Cybersecurity and Infrastructure Security Agency, and the AA20-302A report was a joint alert from CISA, the FBI and the HHS (US Department . . . Read more
29 Oct, 2020
Cyberattacks, healthcare system, Hospitals, kegtap, Malware, mandiant report, Phishing, Ransomware, ryuk, Security News, singlemalt, Spam, u.s. cybercommand, UNC1878, warning, winekey, zerologon
0
Amid an uptick in attacks on healthcare orgs, malware families, Kegtap, Singlemalt and Winekey are being used to deliver the Ryuk ransomware to already strained systems.

by Paul Ducklin If you’ve followed the inglorious history of malware in recent years, you’ll almost certainly have heard the name Emotet. That’s a long-lived and extensive family of malware that we’ve had the unfortunate necessity to warn you about on many occasions, Emotet is what’s known as a bot . . . Read more
28 Oct, 2020
Canton-Potsdam, COVID-19, device sprawl, Dusseldorf University Hospital, emergency room, Forcepoint, Gouverneur, hospital ransomware, IoT, Lazarus, Malware, Massena, MIoT, New York, Oregon, patient safety, Ransomware, rerouting, ryuk, Security News, Sky Lakes Medical Center, St. Lawrence Health System
0

Hospitals in New York and Oregon were targeted on Tuesday by threat actors who crippled systems and forced ambulances with sick patients to be rerouted, in some cases. Two more hospitals were hit with ransomware attacks this week as a growing number of criminals target healthcare facilities during the COVID-19 . . . Read more
23 Oct, 2020
BazarLoader Universal Health Services, cyber attack, Cybersecurity, digital transformation, IT services, Malware, Point3 Security, Ransomware, ryuk, Security News, Sopra Steria, TrickBot
0
Sopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct. 20 but has remained mostly mum on details. French IT giant Sopra Steria was hit with a cyber attack this week that disrupted the business of the firm and is widely believed to be the . . . Read more
19 Oct, 2020
Active Directory, attack analysis, bazar loader, cobalt strike, CVE-2020-1472, dfir report, five hours, initial phishing email, Malware, privilege escalation, ryuk, Security News, Vulnerabilities, Web Security, zerologon
0

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.