Cybercrime, Luna is a new ransomware offered only to Russian affiliates
Kaspersky cybersecurity experts: The malware, written in Rust, encrypts files on Windows, Linux and ESXi. It uses as encryption scheme an X25519-AES combination.
Cybercrime, North Korea targets SMEs with H0lyGh0st ransomware
Microsoft cybersecurity experts: The group, aka DEV-0530, has connections with PLUTONIUM (aka DarkSeoul or Andariel).
Cyber Warfare, Russia uses Ransomware-as-a-Service against Ukraine and partners
Weapons are groups like LockBit, BlackCat (ALPHVM), Karakurt, Hive and Black Basta. Many were born from Conti and do not attack neutral countries.
Cybercrime, AstraLocker and Yashma victims now have a free decryptor
Emsisoft cybersecurity experts released a free decryptor that can be downloaded from the company’s servers.
Cybercrime, Maui used by North Korean hackers to target Healthcare and Public Health
CISA, FBI and Treasury cybersecurity experts: The ransomware appears to be designed for manual execution by remote actors.
Cybercrime, AstraLocker is closing its ransomware operations
BleepingComputer cybersecurity experts: The malware group submitted a ZIP archive with the decryptors to VirusTotal and now it plans to switch to cryptojacking.
Cybercrime, AstraLocker 2.0 ransomware version passes via Office files
Reversing Labs cybersecurity experts: Who opened the malicious Word attachment is required to make multiple, additional clicks to activate the embedded malware.
Cybercrime, Hello XD now deploys a backdoor
Palo Alto Unit 42 cybersecurity experts: It allows an attacker to browse the file system, upload and download files, execute commands, and remove itself from the system.
Cybercrime, the Black Basta ransomware exploits Quakbot for lateral movement
NCC Group cybersecurity experts: The malware was leveraged to remotely create a temporary service on a target host, configured to execute the DLL using regsvr32.exe.
Cybercrime, Cheerscript is a new Linux ransomware targeting VMware ESXi servers
Trend Micro cybersecurity experts: The malware employs the double extortion scheme and renames the files it will encrypt.