Discover and read the best of Twitter Threads about #Ransomware

Most recents (24)

#Veeam Community Edition Install on server 2022 for the #Ransomware Lab
Backup and Replication License Agreement goes brrr
Now here is the default config
Read 28 tweets
ok let's #ransomware some servers! (in a lab of mine not for real coz it's NASTY!)


But wait... we are gonna look at how we can PROTECT, RESPOND and RECOVER! I'm going to deploy @Veeam to help me (coz I like the product, it rocks!)
to start with I'm going to just do some PREP. We are going to need to think about Initial Access then Escalation to Domain Admin and then RAMPAGE!
I'm gonna thread some stuff whilst I build.. I'm going to start with using @VMware workstation PRO. I might do some stuff with the RACK mounted servers but let's see.
Read 45 tweets
🛡️|| La Alcaldía de Medellín, Colombia, es víctima de Lockbit.

Entre los datos robados por el grupo de #ransomware, están reportes de homicidios y suicidios, además de información personal de funcionarios.

Repasemos como cuidarse de estos ataques digitales.

Va #CiberHilo 🧵 Image
¿Qué es LockBit?

Es un grupo de ransomware que opera bajo el esquema ‘Secuestro de Datos como Servicio’, o RaaS.

Es decir, vender kits a otros para que puedan cometer ciberataques.

Operan desde 2019, y entre sus cientos de víctimas están organizaciones de México. Image
El pasado 11 de febrero, la Secretaría de Seguridad y Convivencia de Medellín sufrió un ataque de ransomware.

Se estiman 99 gigabytes de información que el grupo de ransomware amenaza con hacer públicas si la Alcaldía no accede a sus requerimientos. Image
Read 7 tweets
Das @BSI_Bund hat zum 1. Mal in seiner Geschichte eine Chefin! Herzlichen Glückwunsch an #ClaudiaPlattner (bisher CIO der EZB, davor CIO DBSystel), die Beweis dafür ist, dass man hochqualifizierte Frauen findet, in jedem Fachgebiet, wenn man es wirklich will. /1
Ich wünsche #ClaudiaPlattner im neuen Amt von Herzen viel Erfolg und bin schon sehr gespannt auf einen Kennenlerntermin im #Digitalausschuss des Bundestages. Ihre Aufgabe ist komplex, die Herausforderung groß, sowohl wg internat. als auch wg. nat. Rahmenbedingungen./2
#ClaudiaPlattner muss es schaffen, das @BSI_Bund in eine stärkere Unabhängigkeit vom @BMI_Bund zu führen u die Behörde als potenzielle Zentralstelle auszurichten, die Länder dabei ins Boot zu holen, um zB Kommunen besser unterstützen zu können. Das ist ein sehr dickes Brett./3
Read 9 tweets
🚨 "Il Computer Security Incident Response Team Italia (Csirt-IT) dell’Agenzia per la Cybersicurezza Nazionale (ACN), ha rilevato un massiccio attacco" #hacker "tramite ransomware già in circolazione che prende di mira i server VMware ESXi".
Secondo l'agenzia, l'attacco è in corso in tutto il mondo e riguarda "qualche migliaio di server compromessi", da "Paesi europei come Francia – paese più colpito - Finlandia e Italia, fino al Nord America, in Canada e negli Stati Uniti".
I tecnici dell'Acn hanno già censito "diverse decine di sistemi nazionali verosimilmente compromessi e allertato numerosi soggetti i cui sistemi sono esposti ma non ancora compromessi".
Read 8 tweets
#LOPMI et cybercriminalité
quelques nouveautés:
1/ Création d'une infraction spécifique visant les market place sur le #Darkweb et les plateformes d'Escrow (+ intégration dans les techniques spéciales d'enquête)👇
2/ Encadrement du paiement des rançons suite à une cyber attaque (notamment par #ransomware)
(entrée en vigueur dans 3 mois)
3/ Augmentation du quantum de peines encourues pour les atteintes aux STAD (piratage, etc)
Read 8 tweets
1/8 A few months back, we stopped a #ransomware attack by the group #BlackBasta. We spent a lot of time studying their backend servers, malware and more.

If you're interested in #ransomware, then you'll want to read this story...
2/8 It ends up that the #BlackBasta gang uses victims networks to log back into their own network! The leads to some interesting monitor opportunities.

This allowed us to monitor _them_.

On the victims servers, we deploy "clip board" monitoring.
3/8 This means we could see everything the attacker "cuts and pastes" within the victims environment. This includes passwords, commands, Russian comments, etc.

We are publishing it all.
Read 8 tweets
Here is how #platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. 1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on, my surveillance-free, ad-free, tracker-free blog:… 2/
I call this #enshittification, and it is a seemingly inevitable consequence arising from the combination of the ease of changing how a platform allocates value, combined with the nature of a "two sided market." 3/
Read 125 tweets
Thread zur aktuellen Recherche (€): @ReneReh1 und ich haben den Unis und Hochschulen auf den Zahn gefühlt. Das Ergebnis ist erschreckend: Wir haben viele kritische Sicherheitslücken gefunden. Und Daten, die wirklich niemand zu Gesicht bekommen sollte.…
Wir haben 73 Hochschulen getestet - die Wikipedia-Liste aller dt Hochschulen, sortiert nach Größe. Eine erste kühne Idee war, alle 421 zu testen. Aber die Recherche lief völlig aus dem Ruder, weil 15 der ersten 73 (jede fünfte Uni!) schon teils massive Sicherheitslücken aufwiesen
Bei mindestens drei Unis fanden wir potentielle Einfallstore für #Ransomware-Banden mit teils unverschlüsselt abgelegten Passwörtern etc. Viele Unis hatten massive Datenlecks. Die Daten zu sichten und vor allem die Lücken zu melden, war extrem zeitaufwendig. Und schockierend.
Read 13 tweets
Did the #ransomware attack at @HaverAnalytics result in an inadvertent #FOMC projection error?


#FOMC presser (12/14) contained a statement by #Powell that seemed at odds with incoming data

- #Powell said “we’re going into next year with higher inflation” vs Sept FOMC

As their SEP (survey of economic projections) shows:

- ‘22 raised 4.8% vs 4.5%
- this raised 2023 inflation
- and added to “higher for longer”

But here is what is at ‘odds’

- the MoM% chg in inflation
- would have to be staggeringly high to get to #Fed 4.8%
Read 5 tweets

FIN7 UNVEILED: A deep dive into notorious cybercrime gang

The big day is finally here! 🎊After months of tireless research and analyses, we can present you with the most insightful information: an extensive report on the notorious #cybercrime gang #FIN7.
Thanks to the PTI team, we obtained never-seen-before information about FIN7’s inner workings. We got a deeper understanding of their organizational structures, identities, attack vectors, and proof-supported affiliations with other ransomware groups, among others.
The most enticing remarks of the report are:

🔹 Unveiling FIN7’s development of an auto attack system to exploit the most profitable targets based on their revenue, employee count, headquarters’ location, and website information
Read more👇
Read 7 tweets
🚨New #MicrosoftExchange #vulnerabilities were disclosed, including CVE-2022-41040 and CVE-2022-41082. Threat actors can easily exploit the new vulnerabilities, and bypass #ProxyNotShell URL rewrite mitigations, resulting in many companies facing further #ransomware #attacks.
An example of what such an exploit can do is shown in the picture below, where the #threat actor #FIN7 developed tailored systems to quickly discover and infiltrate the high-value targets by performing mass scans using #Microsoft #exchange #vulnerabilities.
Our PTI team has already observed activities involving recent vulnerabilities in the wild. Therefore, #PRODAFT recommends that companies fix the vulnerabilities as soon as possible to avoid serious consequences.
Read 4 tweets
553 days ago, Steve Morgan's astronomically large yet unexplained #guesstimate for "the cost of cybercrime" exceeded the entire U.S. national debt.

Morgan has bragged that his wild-ass guess is already larger "than the global drug trade":
"Staggering" is ✌️right✌️ — it amazes me how often Steve Morgan's absurdities #dupe cyber experts like @dralissajay, @WaleMicaiah, @lhmphaphuli, @KenBeattyJr, @eSentire, @LilyLopate, etc.

So, let's chart him against the GLOBAL GROSS DOMESTIC PRODUCT
This chart plots Steve Morgan's asinine #guesstimates against's figures for the 2015-2021 Global Gross Domestic Product with projections up to 2024. For 2025 onward, these charts show a 2.5% increase from an acceptable 2-3% for a healthy global GDP.
Read 10 tweets
👇🧵Here are 10 reliable tools we use for research and discovery in the darkweb. A thread >> 🧵 1/12
Fresh Onions 🧅 - long-standing, ultra-reliable spider/scraper. Updates every few hours. Shows the Up/Down status of each site and its age. Many mirrors, #opensource 2/12 …hdrww7wnt5qmkoertwxmcuvm4woo4ad.onion
Ahmia Search - probably the closest you will get to “Google” on the Dark Web. Ahmia is stable, with reliably interesting results. Results can also be filtered by age, which not all engines allow for. 3/12
Read 12 tweets
Vu que le sujet #cybersécurité arrive chez les avocats (c'est très bien), quelques conseils pour les avocat(e)s qui me suivent:
- pas de boite mail en Gmail, Outlook, etc (Cloud Act)
- choisissez un hébergeur 🇫🇷 et faites votre propre serveur de messagerie / site web
- pas de double emploi des téléphones / ordinateurs:
-> un téléphone / ordinateur pour le travail
-> un téléphone / ordinateur pour la vie privée

- Attention à la SSI des cabinets (wifi notamment).
En déplacement, usage d'un VPN impératif
- Sauvegardes impératives et régulières des données pour anticiper le risque #ransomware
- ne pas utiliser une session administrateur sur vos ordinateurs, en particulier sur Windows. 👇
Read 5 tweets
👇Here are the top #macOS malware we saw in 2022, a thread 🧵👇
1. #Shlayer malware is one of the top macOS malware discoveries in 2022. It's known for disguising itself as a legitimate Adobe Flash Player update.
2. #EvilQuest #ransomware has made its way onto macOS systems, encrypting user files and demanding a ransom to restore access.
Read 12 tweets
1️⃣ NICCS Federal Virtual Training Environment (FedVTE)

2️⃣ SANS Cyber Aces Free Cyber Security Training Course

Read 7 tweets
🛡️Cuba Ransomware, un grupo de cibercriminales que ha robado más de 60 millones de dólares en el mundo.

¿Sabías que el secuestro de datos es una de las mayores amenazas digitales en el mundo?

Veamos de que trata y como protegerte.

🖥️ Image
El @FBI y la @CISAgov lanzaron un comunicado conjunto sobre la amenaza de #Cuba #Ransomware.

En agosto recaudó más de $ 60 millones en rescates después de atacar a más de 100 entidades en todo el mundo.

En diciembre, logró vulnerar a la infraestructura 49 organizaciones de 🇺🇸. Image
El FBI y CISA agregaron que la banda de ransomware ha ampliado sus tácticas, técnicas y procedimientos (TTP) desde principios de año.

También se han relaciones con cibercriminales como RomCom RAT (troyano de acceso remoto) y el grupo de ransomware Industrial Spy. Image
Read 10 tweets
NEW: "The greatest long-term threat to out nation's ideas, innovation & economic security, our national security, is that from #China" @FBI Dir Christopher Wray tells House Homeland Security Committee
"The Chinese gvt aspires to equal or surpass the US as a global superpower & influence the world w/a value system shaped by undemocratic authoritarian ideals" per @FBI's Wray "We are confronting that threat head-on"
"The @FBI has scores of investigations open into the #China in all 56 of our field offices" per Wray
Read 17 tweets
Der #Digitalausschuss des Bundestages besucht mit 1 Delegation Japan u Südkorea. heute früh: Besuch Vizeminister im Min. für Inneres u Telekommunikation Takeuchi Yoshiaki. Glasfaser gibts in Japan in 2027 für 99.9% der Haushalte, zZ haben < 170.000 HH keine Glasfaser.
Unsere (demokratischen) Delegationsmitglieder des #btADi aus dem Bundestag sind: @maik_aussendorf @CatarinaDosSa @Hansjoerg_Durz @JensZSPD @max_fksr #btADiJpKor
Anschließend Besuch bei @NTTDocomoNews Tokio, Infos u Austausch zu #5G u #6G. Fotos posten aus dem Lab war leider verboten. 6G erwartet man in Japan kommerziell spätestens 2030, 5G ist hier schon fast überall verfügbar. 6G ist noch 100mal schneller als 5G! #btADiJpKor
Read 33 tweets
NEW: #Russia's war in #Ukraine & #cyber - "We have learned a tremendous amount" @CYBERCOM_DIRNSA Gen. Paul Nakasone tells @CFR_org

Says #Ukraine has hardened its networks & has been a step ahead of the Russians in #cyberspace
"Having 10 folks on the ground that are tied back to our command & our agency, that's power I think is really helpful" per @CYBERCOM_DIRNSA re US #cyber aid to #Ukraine

Says US "surged to well over 30...we flooded the zone" to help #Kyiv in #cyber
#Ukraine's warnings abt looming #cyber attacks by #Russia on energy, financial sectors - "They have gone after energy, certainly" @CISAJen tells @CFR_org

"We've been working very closely w/the energy sector ... we are not at a place where we should be putting our shields down"
Read 15 tweets
📢 📖 C’est avec un immense plaisir que je vous annonce la sortie de mon livre "Cyberattaques, les dessous d’une menace mondiale" ! Tous les détails dans le fil 🧵 /1
Cet ouvrage, c’est plus d’un an de travail visant à décrypter pour le grand public les affrontements entre les attaquants et les défenseurs de notre monde numérique. /2
🖐 Au-delà des classiques listes d’attaques et de bonnes pratiques de sécurisation, j’ai souhaité donner une dimension humaine à ce livre. /3
Read 14 tweets
1/ So, site impersonating @Fortinet downloads signed MSI that uses Powershell to run #BatLoader, if the user is connected to a domain (corporate network) it deploys:

1) #Ursnif (Bot)
2) #Vidar (Stealer)
3) #Syncro RMM (C2)
4) #CobaltStrike
And possibly
5) #Ransomware 💥 ImageImageImageImage
2/ For initial deployment they use NirCmd, NSudo and GnuPG (to encrypt payloads) among other utilities.

* Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}" -Recurse
* Remove-Encryption -FolderPath $env:APPDATA -Password '105b' ImageImageImageImage
3/ The websites are boosted through SEO poisoning and impersonate brands such as @Zoom, @TeamViewer, @anydesk, @LogMeIn, @CCleaner, #FileZilla and #Winrar among others.

/ ImageImageImageImage
Read 10 tweets
New: #Ukraine bracing for new round of #Russia|n cyber attacks targeting its energy, financial sectors, Deputy Minister of Digital Transformation Georgii Dubynskyi tells reporters
"We saw this scenario before-before the winter they [#Russia] are trying to find a way how to undermine, how to defeat our energy system & how to make circumstances even more severe for Ukrainians" per Dubynskyi
#Russia also trying to employ "precision" #cyberattacks

"Using social engineering & using some it's also possible #hybrid attacks as well" per Dubynskyi
Read 12 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!