Tag Archive for: files

Babuk Ransomware Decryptor Updated to Recover Files Infected

/in


Hackers use ransomware to encrypt victims’ files and render them inaccessible until a ransom is paid. This forces the victims to pay a ransom to regain access to compromised systems and data.

This tactic leads to financial gains for the threat actors. While ransomware attacks can be conducted at scale and threat actors can target individuals, businesses, and organizations.

The Babuk ransomware decryptor has recently received an update from Avast cybersecurity researchers, Cisco Talos, and the Dutch Police to allow for the recovery of files infected with the most recent ransomware variant.

Document

Free Webinar

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Technical Analysis

Babuk ransomware initially emerged in early 2021, and it is known for the following key things:-

  • Targeting Windows systems
  • Encrypting files
  • Demanding ransom payments in exchange for decryption keys

Besides this, Babuk ransomware has gained immense attention for its Evolving tactics and the sophistication of its attacks.

Since its founding, the Avast security company has blocked over 5600 targeted attacks, the majority of which targeted individuals and organizations in the following nations:

  • Brazil
  • Czech Republic
  • India
  • The United States
  • Germany
Babuk attacks blocked by Avast since 2021 (Source – Avast)

The recently updated Avast Babuk decryption tool can restore the files the Tortilla Babuk variant has encrypted.

Babuk ransomware source code was released in Sept 2021 in the form of a ZIP file on a Russian hacking forum, which included the following 14 victim-specific private keys:-

The cybersecurity analysts affirmed that the decryptor creation was easy as the encryption scheme remained unchanged from their analysis 2 years prior and the sample that the researchers analyzed was named “tortilla.exe.”.

The Babuk encryptor is likely made from leaked sources and uses a single key…

Source…

Patient files class action lawsuit against Norton Healthcare over ransomware attack

/in


In the lawsuit, the patient claims that Norton failed to secure and safeguard hers and around 2.5 million other people's personal information.

In the lawsuit, the patient claims that Norton failed to secure and safeguard hers and around 2.5 million other people’s personal information.

Source…

Ransomware Group Leaks Over 1.3 Million Files In Insomniac Hack

/in


A week after ransomware group Rhysida published that it had successfully hacked into Insomniac Games and taken information, the group has published over 1.3 million files online for anyone to grab.

The full leak took place on Monday night after the group said that no buyer was willing to pay the $2 million asking price. In total, the data came in at nearly 1.7 terabytes in size.

As far as information leaked in the Insomniac hack, it ranged from game release dates and spoilers for the upcoming Wolverine game to sensitive employee information. According to Cyber Daily, that sensitive information includes internal employee HR documents, tax information, internal company messages, computer information, termination forms, and even passport details.

Also included in the data leak are contracts signed between Sony and Marvel regarding the development and publishing of X-Men games, starting with the aforementioned Wolverine title. The document was signed by both Sony’s Jim Ryan and Marvel’s Isaac Perlmutter, and went into effect as of July 2021.

In a message given to Cyber Daily, the organization said it had intentionally targetted the company, and said that it “knew developers making games like this were an easy target”. They added that it didn’t take much effort to get into the studio’s network for the data.

Insider Gaming has reached out to both Sony and Insomniac Games for comment on the leaks. As of writing, neither party has responded.

Source…

In What Could Be a Trend, Ransomware Operation Files SEC Complaint Against Victim for Failing to Timely Disclose Cyberattack

/in


Ransomware operation AlphV/BlackCat has filed a U.S. Securities and Exchange complaint against one of its alleged victims, MeridianLink, for allegedly failing to comply with the four-day rule to disclose a cyberattack.

AlphV/BlackCat listed the software company on its data leak with a threat that it would leak allegedly stolen data unless a ransom is paid within 24 hours. MeridianLink provides digital solutions for financial organizations such as banks, credit unions and mortgage lenders.

Source…