FilesLocker Ransomware Decrypter

FilesLocker Decrypter is a ransomware decryptor created by Michael Gillespie that decrypts files encrypted by the FilesLocker Ransomware. This decrypter works with version v1 and v2 of the ransomware.

In order to use this decrypter, users must have a copy of the ransom note for the infected system as it contains the encrypted decryption key. This decryption key will be decrypted and used to decrypt a victim's files for free.

More information about the FilesLocker Ransomware can be found at this URL: https://www.bleepingcomputer.com/news/security/new-fileslocker-ransomware-offered-as-a-ransomware-as-a-service/
A detailed guide on using the decryptor can be found here: https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-fileslocker-ransomware-with-fileslockerdecrypter/
FilesLocker Decrypter Download: https://www.bleepingcomputer.com/download/fileslockerdecrypter/dl/378/ for: Windows XP/Vista/7/8/Windows 10
32-bit program. Can run on both a 32-bit and 64-bit OS.
Read this guide in german: https://t.me/cRyPtHoN_INFOSEC_DE/1559

#FilesLocker #Malware #Ransomware #Decrypter #download #guide #Windows

📺 Ransomware to provide PewDiePie 100 million followers

The more recent ransomware, called PewCrypt, which has been in widespread use since January, allows AES-256-encrypted data to be decrypted. The programmer does not, however, demand an amount of money to release the key for decryption, but PewCrypt only decrypts the data when PewDiePie has 100 million followers on YouTube. At the same time the Ransomware tries to get the attacked to follow PewDiePie on YouTube.

📺 https://mobile.twitter.com/demonslay335/status/1098975600700780545
https://www.youtube.com/watch?v=KzOM31dhrbU

#PewDiePie #Ransomware #YouTube #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay

Anti-mortar system specs, legal paperwork, payment forms, and more, dumped online from infected PCs

Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online.

The data was pilfered and dumped on the internet by the criminals behind the DoppelPaymer Windows ransomware, in retaliation for an unpaid extortion demand. The sensitive documents include details of Lockheed-Martin-designed military equipment – such as the specifications for an antenna in an anti-mortar defense system – according to a Register source who alerted us to the blueprints.

Other documents in the cache include billing and payment forms, supplier information, data analysis reports, and legal paperwork. There are also documents outlining SpaceX's manufacturing partner program.

The files were siphoned from Visser Precision by the DoppelPaymer crew, which infected the contractor's PCs and scrambled its files. When the company failed to pay the ransom by their March deadline, the gang – which tends to demand hundreds of thousands to millions of dollars to restore encrypted files – uploaded a selection of the documents to a website that remains online and publicly accessible.

👉🏼 Read more:
https://www.theregister.co.uk/2020/04/10/lockheed_martin_spacex_ransomware_leak/

#ransomware #leak #DoppelPaymer
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Fake ransomware decryptor double-encrypts desperate victims' files

A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse.

While ransomware operations such as Maze, REvil, Netwalker, and DoppelPaymer get wide media attention due to their high worth victims, another ransomware called STOP Djvu is infecting more people then all of them combined on a daily basis.

With over 600 submissions a day to the ID-Ransomware ransomware identification service, STOP ransomware is the most actively distributed ransomware over the past year.

Emsisoft and Michael Gillespie had previously released a decryptor for older STOP Djvu variants, but newer variants cannot be decrypted for free.

If the ransomware is so common, you may be wondering why it doesn't get much attention?

The lack of attention is simply because the ransomware mostly affects home users infected through adware bundles pretending to be software cracks.

While downloading and installing cracks is not excusable, many of those who are infected simply cannot afford to pay a $500 ransom for a decryptor.

Double-encrypting someone's data with a second ransomware is just kicking someone while they are already down.

👉🏼 Read more:
https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/

https://twitter.com/demonslay335/status/1268908281151586304

https://www.golem.de/news/zorab-schadsoftware-ransomware-tarnt-sich-als-entschluesselungs-tool-2006-148959.html

#zorab #Djvu #fake #ransomware #decryptor
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Ransomware operators lurk on your network after their attack

When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won't get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control.

Instead, ransomware attacks are conducted over time, ranging from a day to even a month, starting with a ransomware operator breaching a network.

This breach is through exposed remote desktop services, vulnerabilities in VPN software, or via remote access given by malware such as TrickBot, Dridex, and QakBot.

https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/

#ransomware

Russian Criminal Group Finds New Target: Americans Working at Home

A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware. American officials worry election infrastructure could be next.

A Russian ransomware group whose leaders were indicted by the Justice Department in December is retaliating against the U.S. government, many of America’s largest companies and a major news organization, identifying employees working from home during the pandemic and attempting to get inside their networks with malware intended to cripple their operations.

https://www.nytimes.com/2020/06/25/us/politics/russia-ransomware-coronavirus-work-home.html

#russia #ransomware

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

1. Introduction
WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the Evil Corp group in 2020. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017. Recently Evil Corp has changed a number of TTPs related to their operations further described in this article. We believe those changes were ultimately caused by the unsealing of indictments against Igor Olegovich Turashev and Maksim Viktorovich Yakubets, and the financial sanctions against Evil Corp in December 2019. These legal events set in motion a chain of events to disconnect the association of the current Evil Corp group and these two specific indicted individuals and the historic actions of Evil Corp.

2. Attribution and Actor Background
We have tracked the activities of the Evil Corp group for many years, and even though the group has changed its composition since 2011, we have been able to keep track of the group’s activities under this name.

2.1 Actor Tracking
Business associations are fairly fluid in organised cybercrime groups, Partnerships and affiliations are formed and dissolved much more frequently than in nation state sponsored groups, for example. Nation state backed groups often remain operational in similar form over longer periods of time. For this reason, cyber threat intelligence reporting can be misleading, given the difficulty of maintaining assessments of the capabilities of cybercriminal groups which are accurate and current.

As an example, the Anunak group (also known as FIN7 and Carbanak) has changed composition quite frequently. As a result, the public reporting on FIN7 and Carbanak and their various associations in various open and closed source threat feeds can distort the current reality. The Anunak or FIN7 group has worked closely with Evil Corp, and also with the group publicly referred to as TA505. Hence, TA505 activity is sometimes still reported as Evil Corp activity, even though these groups have not worked together since the second half of 2017.

👉🏼 Read more:
https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/

#WastedLocker #ransomware #EvilCorp
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Ransomware gang publishes tens of GBs of internal data from LG and Xerox

Maze gang publishes internal data from LG and Xerox after failed extortion attempt.

The operators of the Maze ransomware have published today tens of GB of internal data from the networks of enterprise business giants LG and Xerox following two failed extortion attempts.

The hackers leaked 50.2 GB they claim to have stolen from LG's internal network, and 25.8 GB of Xerox data.

While LG issued a generic statement to ZDNet in June, neither company wanted to talk about the incident in great depth today.

Both of today's leaks have been teased since late June when the operators of the Maze ransomware created entries for each of the two companies on their "leak portal."

The Maze gang is primarily known for its eponymous ransomware string and usually operates by breaching corporate networks, stealing sensitive files first, encrypting data second, and demanding a ransom to decrypt files.

If a victim refuses to pay the fee to decrypt their files and decides to restore from backups, the Maze gang creates an entry on a "leak website" and threatens to publish the victim's sensitive data in a second form ransom/extortion attempt.

The victim is then given a few weeks to think over its decision, and if victims don't give in during this second extortion attempt, the Maze gang will publish files on its portal.

LG and Xerox are at this last stage, after apparently refusing to meet the Maze gang's demands.

👀 👉🏼 https://www.zdnet.com/article/ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox/

👀 👉🏼 🇩🇪 https://www.golem.de/news/datenleck-ransomwaregruppe-veroeffentlicht-daten-von-lg-und-xerox-2008-150044.html

#maze #ransomware #lg #xerox #extortion
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

University of Utah pays $457,000 to ransomware gang

University officials restored from backups, but they had to pay the ransomware gang to prevent them from leaking student data.

The University of Utah revealed today that it paid a ransomware gang $457,059 in order to avoid having hackers leak student information online.

The incident is the latest in a long string of ransomware attacks where criminal groups steal sensitive files from the hacked companies before encrypting their files; and in case victims refuse to pay, threaten to release the stolen documents as a second extortion scheme.

https://www.zdnet.com/article/university-of-utah-pays-457000-to-ransomware-gang/

#US #Utah #University #ransomware

Ransomware attack halts Argentinian border crossing for four hours

Argentina's official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country.

While ransomware attacks against cities and local agencies have become all too common, this may be a first known attack against a federal agency that has interrupted a country's operations.

According to a criminal complaint published by Argentina's cybercrime agency, Unidad Fiscal Especializada en Ciberdelincuencia, the government first learned of the ransomware attack after receiving numerous tech support calls from checkpoints at approximately 7 AM on August 27th.

https://www.bleepingcomputer.com/news/security/ransomware-attack-halts-argentinian-border-crossing-for-four-hours/

#South #America #Argentina #ransomware #attack

Cyber security alert issued following rising attacks on UK academia

The NCSC has issued an alert to the academic sector following a spate of online attacks against UK schools, colleges and universities.

The National Cyber Security Centre, a part of GCHQ, is supporting establishments to keep criminals out of their networks after a spike in ransomware attacks.

The rise in attacks was recorded in August as cyber criminals turn their attention to a sector focused on the return of students.

Cyber security experts have today (Thursday) stepped up support for UK schools, colleges, and universities following a spate of online attacks with the potential to de-rail their preparations for the new term.

The National Cyber Security Centre (NCSC) issued an alert to the sector containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks.

The NCSC dealt with several ransomware attacks against education establishments in August, which caused varying levels of disruption, depending on the level of security establishments had in place.

Ransomware attacks typically involve the encryption of an organisation’s data by cyber criminals, who then demand money in exchange for its recovery.

With institutions either welcoming pupils and students back for a new term, or preparing to do so, the NCSC’s alert urges them to take immediate steps such as ensuring data is backed up and also stored on copies offline.

They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks, and to develop an incident response plan which they regularly test.

👀 👉🏼 https://www.ncsc.gov.uk/news/alert-issued-following-rising-attacks-on-uk-academia

#alert #NCSC #cyber #security #uk #academia #ransomware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

When coffee makers are demanding a ransom, you know IoT is screwed

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong.

👀 👉🏼 https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/

#coffee #ransomware #iot #hacker #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Ransomware Hits Healthcare Provider UHS, Shuts Down Hospital IT Systems

Although Universal Health Services largely runs behavioral healthcare facilities, it also operates some emergency care centers, potentially putting patients' lives at risk.

A ransomware attack appears to have taken down all IT systems at Universal Health Services (UHS), which operates 400 hospitals and behavioral health facilities in the US and the UK.

UHS employees began reporting problems on Monday via Reddit; the attack has been shutting down computers at various hospitals, forcing them to turn away patients, they say.

One UHS employee based in Arizona told PCMag that the disruption has been blamed on ransomware infecting hospital systems. “Everything is down. No access to any computer at all," the employee said. The hospital has only recently managed to restore the phone system.

“I believe we are turning patients away,” the employee added. “We have been doing everything on paper charts. What gets me is we had no downtime protocols in place. It’s all been improv.”

BleepingComputer reports that a notorious ransomware strain known as Ryuk appears to be behind the attack, which has encrypted computers across the UHS network, making them impossible to access.

https://www.pcmag.com/news/ransomware-hits-healthcare-provider-uhs-shuts-down-hospital-it-systems

#US #ransomware #attack #hospital

Ransomware hack cripples United Health Services hospitals, facilities across the US

The cyberattack, which began early Sunday, is thought to have employed the Ryuk ransomware, TechCrunch reported. Computer screens changed with text that referenced the “shadow universe,” which is consistent with the Ryuk ransomware, a person familiar with the situation told TechCrunch. “Everyone was told to turn off all the computers and not to turn them on again,” the person told the tech site. “We were told it will be days before the computers are up again.”

👀 👉🏼 https://www.usatoday.com/story/tech/2020/09/28/health-care-provider-united-health-services-hit-cyberattack/3565533001/

👀 👉🏼 https://techcrunch.com/2020/09/28/universal-health-services-ransomware/

#usa #ransomware #cyberattack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Computer giant Acer hit by $50 million ransomware attack

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.

Acer is a Taiwanese electronics and computer maker well-known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and earned $7.8 billion in 2019.

Yesterday, the ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files as proof.

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack

#acer #ransomware #attack
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Ransomlook@social.circl.lu - New post from Medusa : Postel Spa
More at : https://www.ransomlook.io/group/Medusa #Ransomware #Medusa

Ransomware Hackers Steal Millions From Vegas Casinos | Mental Outlaw


In this video I discuss how MGM and Cesar's Entertainment Resort/Casinos were hacked by a ransomware group and had sensitive customer data and company data exfiltrated from their servers.  So far Cesar's Entertainment has paid half of the 30 million dollar to keep files from being released by MGM has paid nothing and the hackers are threatening to ruin MGM's reputation with a data leak

#Hacking #Casino #LasVegas
#Ransomware