Discover and read the best of Twitter Threads about #ransomware

Most recents (24)

Klusterfuck bei Kisters

(einem wirklich dicken dicken #KRITIS Dienstleister!)

Cloud, alle DBdumps & Systemabbilder, Protokolle und Infos per Email von Kunden sind abgegriffen(!) und verschlüsselt worden. Aua :/

Derzeit ist alles Offline! 😑

#Ransomware
kisters.de/fileadmin/KIST… ImageImage
APT-Dienstleister von der BSI Liste wurde beauftragt und Forensiker sind bereits vor Ort und prüfen.

Ich hoffe auf das beste und gutes gelingen bei denen. Mist ey.
Read 6 tweets
Director Christopher Wray will join our partners from @TheJusticeDept, @StateDept, and @USTreasury today at 12:30 p.m. EST to make several major cybercrime announcements. You can watch the press conference live at justice.gov/live.
The #FBI and our partners announced that Yaroslav Vasinskyi, a Ukrainian national, faces charges for allegedly launching ransomware attacks against multiple victims, including a July attack against information technology management company Kaseya. go.usa.gov/xebhZ Director Christopher Wray said, "The arrest of Yaroslav
On October 8, Polish authorities took custody of Vasinskyi in Poland, where he remains pending proceedings to secure his extradition to the U.S.
Read 8 tweets
#Ransomware-Angriff auf #Mediamarkt und #Saturn

"Am Wochenende haben Kriminelle die Server der MediaMarktSaturn-Holding mit einem Verschlüsselungstrojaner angegriffen. Die Läden bleiben geöffnet."
heise.de/news/Ransomwar…
"Betroffen sind offenbar die Kassen- und Warenwirtschaftssysteme in den Filialen. Rund 3100 Windows-Server seien mit einem Krypto-Virus infiziert worden, heißt in offenbar internen Dokumenten, die auf Twitter kursieren."
Read 3 tweets
Die 19. Stadtvertretersitzung beginnt in Kürze 🥳
Livestream: fckaf.de/qfc
Die Tagesordnung ist noch verschlüsselt, wir dürfen uns heute also überraschen lassen 😅
#ransomware #fürschwerinreichts
Die Spannung steigt. Allerdings mindestens noch bis 17:15, denn es gibt wohl noch Beratungsbedarf seitens der Unabhängigen Bürger.
Read 44 tweets
Over the last several days, we’ve seen media outlets publish faulty blockchain analysis related to the movement of funds by #DarkSide, the #ransomware group behind the Colonial Pipeline hack.
Blockchain analysis firms erroneously identified DarkSide’s movement of funds as a simple peel chain, without identifying the mixer involved. They incorrectly traced the funds to exchanges & other services based on that conclusion. bit.ly/3pSSDxU
A peel chain is a transaction pattern commonly seen in blockchain analysis, in which funds appear to move through several intermediate addresses. Peel chains occur naturally and aren’t inherently obfuscatory or evidence of money laundering. bit.ly/3pSSDxU
Read 9 tweets
During a virtual meeting with the Economic Club of New York, Director Christopher Wray stressed how public-private #partnerships help the #FBI combat criminal and national security cyber threats like ransomware and intellectual property theft. go.usa.gov/xexyy Image
Wray: Today’s #cyber threats are more pervasive ... than ever before. ... We’re investigating over a hundred #ransomware strains today, and their impact has been growing. ... But if there’s one thing the FBI understands, it’s taking down criminal enterprises.
Wray: Our strategy centers on prevention and disruption—hitting hackers before they attack or before their intrusions can cause major harm. … Actors, infrastructure, and money are all important individually, but we achieve the biggest impact when we disrupt all three together.
Read 7 tweets
🧵The latest Threat Landscape Update from @RelativityHQ’s Calder7 security team focuses on Evil Corp and its new Macaw Locker #ransomware that is being used to evade U.S. sanctions which previously prevented victims from paying ransoms. (1/7) #CyberSecurity #Legaltech
Background: Evil Corp, also known as Indrik Spider, Gold Drake, and Dridex gang, is an international cybercrime network that has stolen over $100 million USD in over 40 countries through a variety of attacks on banking institutions (2/7)
The group also dabbles in #ransomare, including their notorious #BitPaymer operation which utilized Dridex malware to attack compromised networks and subsequently led to sanctions from the US Treasury in 2019: home.treasury.gov/news/press-rel… (3/7)
Read 7 tweets
#KRITIS Sektor #Staat und #Verwaltung

IT-Wiederaufbau in Schwerin könnte Wochen dauern

"Nach dem #Ransomware-Angriff auf Systeme der Stadt Schwerin und eines Landkreises müssen Bürger wohl länger mit Einschränkungen rechnen." /1
golem.de/news/ransomwar…
"Nach dem Angriff auf den kommunalen IT-Dienstleister der Landeshauptstadt Schwerin werden die Bürger bis in die nächste Woche auf viele Verwaltungsdienstleistungen verzichten müssen." /2
""Die Rechner sind aus, deswegen können wir noch nicht sagen, wie groß der Schaden ist", sagte der Oberbürgermeister der Stadt Schwerin" /3
Read 9 tweets
#Proxyshell in #tortillas recipe #ransomware
We have seen a new actor named tortillas abusing proxyshell to run ransomware.
The ransomware maybe born from the leaked #Babuk code.
The attack is originated by the IP: 185.219.52.]229
@58_158_177_102 @sugimu_sec Image
Chain: proxyshell -> webshell (a lot) -> certutil -> download and execute the payload.
The encrypted files has .babyk extension and end with "choung dong looks like hot dog!!" string that is typical from #Babuk, but the ransom note are different.
So we guess they used Babuk code. ImageImage
Ioc:
3556821DD4184777D340ACE0D17D3A53
DA6C6C0A07723DE52912AFA07B8D06C8
5000E5FDDAA93D43C8FE8CE833BFEA43

http://185.219.52.]229/tortillas/tore.exe
http://185.219.52.]229:8083/NRy1EZKJRn4GH.hta
sample dwnld from pastebin.]pl\view\raw\a57be2ca
and inject to AddInProcess32.exe
Read 4 tweets
📚 tl;dr sec 105
* #DevSecOps - @NIST on microservices + service mesh
* @ErmeticSec Defending S3 from ransomware
* @falco_org labs
* Risk-Based Security Decision Making at @netflix
* @brutelogic XSS exercises
* @trailofbits osquery + macOS EndpointSec

tldrsec.com/blog/tldr-sec-…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits 📢 Sponsor: Learn how “Detection-as-Code” is changing how security teams write, test and harden detections. blog.runpanther.io/detections-as-…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits Risk-Based Security Decision Making at @netflix
eventbrite.com/e/risk-based-s…

@ztgrace A tool for detecting default and backdoor creds
github.com/ztgrace/change…

@omer_gil Bypassing required reviews using GitHub Actions
medium.com/cider-sec/bypa…
Read 9 tweets
A thread on what caught my eye from the @WhiteHouse's Fact Sheet on 'Ongoing Public U.S. Efforts to Counter #Ransomware'.

#InThaCybers #CyberDiplomacy
The second paras describe the national security threat posed by ransomware and the global nature of that threat. No surprises here.
Counter-ransomware policy = Multi-stakeholder by design.

The state must work with industry and other states because of inherent technological and economic realities.

Plus, it takes a network to take down a network like a transnational ransomware gang.
Read 18 tweets
Okay so I've had a chance to go through the Cth government's Ransomware Action Plan.

Here's a thread comprising some of my thoughts thereon.

#InThaCybers #Ransomware
I applaud the Cth for finally delivering this document, given the severity of the national security threat posed by the ransomware ecosystem.

A threat which the Minister for Home Affairs, @karenandrewsmp, highlights in her foreword.
The Action Plan rightly acknowledges the nature of counter-ransomware policy as multi-stakeholder by design.

That is, the state working with domestic partners and overseas partners.
Read 28 tweets
📚 tl;dr sec 104
* New Phrack
* @hakluke, @farah_hawaa 10 often missed web vulns
* @_fel1x C/C++ semantic search tool
* @black2fan, @s1r1u5_ Finding prototype pollution at scale
* @r2cdev Securing your GitHub Actions
* @alex_dhondt Exploiting drones

tldrsec.com/blog/tldr-sec-…
@hakluke @Farah_Hawaa @_fel1x @Black2Fan @S1r1u5_ @r2cdev @alex_dhondt 📢 Sponsor: The DevSecGuide to Infrastructure as Code:
🔬 Research on the state of IaC security
🦋 Practical steps for embracing a DevSecOps culture
🔐 Tips for embedding security throughout the DevOps lifecycle
➡️ Download for free from @bridgecrewio
bridgecrew.io/resource/the-d…
Read 9 tweets
#Ciberataque El Banco Bicentenario, en Venezuela, confirmó ésta noche que fue objeto de un ataque remoto a su plataforma informática con el objetivo de ingresar a la misma y alterar la data bancaria. El intento fue fallido aunque afectó la continuidad de los servicios desde ayer.
De acuerdo con la información compartida por el banco (registros de un sistema de protección de intrusos) fue un ataque DDoS, con miles de peticiones de acceso (de 13 mil a 15 mil) por cada atacante, con direcciones IP de Colombia en su mayoría. Eso causa un "atasco de tráfico".
El ataque de "denegación de servicio distribuida" o #DDoS (siglas en inglés) tuvo como objetivo los puertos 80 y 443 que son los que permiten la navegación web. Además de Colombia los ataques (según las direcciones IP) provenían de Angola, Brasil, Canadá, Chile, Ecuador y Perú.
Read 4 tweets
[1/5]

LATEST NEWS: Both @CISAgov and @FBI just released an advisory on #Conti #ransomware, which they’ve recently observed being used to attack US and international organizations.

Learn more about Conti’s attack chain and tactics here 👉 research.trendmicro.com/3lOTxrx
[2/5]

#Conti operators use several methods to gain initial access like spear phishing and exploiting public-facing applications, followed by the use of Cobalt Strike. We investigated how Conti #ransomware operators used Cobalt Strike to launch attacks: research.trendmicro.com/3CDba4C
[3/5]

Aside from Cobalt Strike, #Rclone is another legitimate tool abused by Conti operators in their previous campaigns. We discuss some of the most commonly abused legitimate tools here 👉 research.trendmicro.com/2W8cNaS
Read 5 tweets
#Sabotaje Ataque contra plataforma del Banco de Venezuela se originó en EEUU. La vicepresidenta ejecutiva de la República, Delcy Rodríguez, anunció que la intrusión informática quedó registrada en el Sistema de Prevención de Intrusos o Intrusion Prevention System #IPS.
Explicó a través de la televisora estatal que el 90% de las operaciones realizadas en el banco desde el 15SEP ya se han restaurado. “Se procesan unas 5 mil operaciones por segundo”, dijo. También indicó que se ha restablecido una comisión para "blindar las plataformas del país".
Recordemos que el comunicado de la entidad financiera del VIE17SEP informó sobre un "ataque terrorista”: "un hackeo masivo que pretendía desaparecer y alterar la data bancaria". Es decir, #ransomware o secuestro de datos (la devolución pasa por el pago de un "rescate").
Read 4 tweets
LATEST NEWS: Cring #ransomware recently made headlines due to a recent attack that exploited a bug in the 11-year-old version of the Adobe ColdFusion 9 software. Follow this thread and let’s look at the techniques typically wielded by this ransomware.

👇 👇 👇 [1/5] Image
[2/5] #Cring ransomware gains initial access through unsecure remote desktop protocol (RDP) or through unpatched vulnerabilities. Image
[3/5] The threat also abuses tools such as #Mimikatz for credential access and Cobalt Strike for lateral movement. More details on how these tools are abused for ransomware attacks:
research.trendmicro.com/3hYEMkT
Read 5 tweets
Una #segundalectura" del comunicado del #bancodevenezuela, que el viernes 17SEP informó sobre un "ataque terrorista", apunta a revelar un acto de #ransomware o secuestro de datos. El texto dice que fue "un hackeo masivo que pretendía desaparecer y alterar la data bancaria".
El término es la combinación de "Ransom" (rescate) y "software" (aplicación informática): se trata del uso de programas para tomar control de datos esenciales para la operación de un negocio. La devolución pasa por el pago de un "rescate", una perfecta analogía con un secuestro.
Las siguientes líneas del comunicado ratifican la hipótesis del #ransomware ya que ofrece una garantía pública de la integridad de la información en las cuentas de los clientes, tanto con respecto al registro de todas las operaciones como al resguardo de la data bancaria.
Read 4 tweets
. @awscloud #reinforce // here we go…

🎙🧵

☁️ #cloud #security #devops
Adam Selipsky (CEO, AWS) up first with an opening message for @awscloud #reinforce
“Security is job ZERO at @awscloud”, Adam Selipsky. he’s referring to the fact that it is required as a baseline before building or doing anything

he goes on to say that #security is critical to AWS’ success and customer success

#cloud #devops
Read 121 tweets
🧵The latest Threat Landscape Update from @RelativityHQ’s Calder7 security team details a particularly concerning new trend in #ransomware, which combines Ransomware-as-a-Service (RAAS) with employee-led Insider Threats. #cybersecurity #infosec #hackers #SundayReads (1/7)
RAAS has been around since early 2020 and has quickly become the leading vector for deploying #ransomware. The newest iteration of it is enticing employees to intentionally deploy #ransomware w/i their own org. A particularly nasty case of insider threat (2/7)
Reported by @briankrebs, threat actors trying this technique are using the #Demonware strain and are targeting networks of interest in the U.S., Canada, Australia, U.K., and for RDP, VPN, - corporate email access specifically (3/7)
Read 7 tweets
— A THREAD —

[1/n] We’re monitoring developments on a new piece of proof-of-concept #ransomware called #Chaos. It’s purportedly a .NET version of #Ryuk, but our analysis shows that its routines are different from Ryuk’s. Image
[2/n] Earlier versions of #Chaos were actually destructive #trojans that overwrote rather than encrypted files, which meant that victims had no way of restoring their files to their original state. Image
[3/n] The third version of #Chaos was traditional #ransomware, having the ability to encrypt files via RSA/AES and also providing a decrypter. With this version, the creator asked for donations to support the ongoing development of Chaos. Image
Read 8 tweets
"Some of the leading threats to the American way of life are #cyber enabled - from espionage to influence to attack" Deputy National Security Advisor for Cyber Anne Neuberger tells #AspenSecurity
Sanctions vs #Russia but not #China for malign #cyber behavior?

"#SolarWinds was not the 1st case of aggressive Russian cyber activity in int'l space" per @WHNSC's Neuberger
"In the case of #China, there's still that building of consensus around malicious cyber activity, around the need to call it out together" w/allies, per @WHNSC's Neuberger, adding that it "doesn't preclude follow-on activity"

#cyber
Read 13 tweets
THREAD: Based on our blockchain analysis, we can confirm reports speculating that DarkSide #ransomware group has rebranded to BlackMatter. This is part of a trend in which ransomware groups shut down & reemerge with new names, often after law enforcement actions or media scrutiny
Chainalysis was able to confirm the financial connection between DarkSide and BlackMatter in late July '21 a few days before security researchers speculated there was a connection based on similarities w/ their encryption algorithms, decryptors, and more: bleepingcomputer.com/news/security/…
Sometimes following the money can provide an early indicator about a ransomware group’s revitalized operations. In this case, financial connections were made on the blockchain before any attacks were made public on BlackMatter’s blog
therecord.media/an-interview-w…
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!