Framapiaf

297 messages55 participants26 messages aujourd’hui

cR0w :cascadia:Lantronix listed by Play.:dumpster_fire_gif: :ablobcatpopcorn: :dumpster_fire_gif: <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a>

ransomwatch (unofficial)New <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> post!Title: All Book Covers Group: play Discovered: 2025-04-22 18:46:47.456243

CTI.FYI🚨New ransom group blog post!🚨Group name: play Post title: All Book Covers Info: <a href="https://cti.fyi/groups/play.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/play.html</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Efani😵💫 Ransomware with a meme twist: the latest Fog attacks come with DOGE-themed ransom notes — mocking victims and even offering free decryption if they "spread the malware".Researchers at Trend Micro have been tracking a surge in attacks from the Fog ransomware group, which has now hit over 100 confirmed victims since January. While earlier variants relied on compromised VPN credentials, the latest campaigns use phishing emails to deliver a malicious “Pay Adjustment[dot]zip ” file that drops the ransomware via PowerShell.Key observations: - Initial infection begins with a ZIP file and LNK shortcut - PowerShell downloads scripts and executables for system profiling, lateral movement, and encryption - A QR code leads to Monero payment options - Political commentary and YouTube links are embedded directly in the code - Sectors hit include tech, education, manufacturing, and transportation💰 The ransom notes reference the satirical Department of Government Efficiency (DOGE), making absurd demands like “list five tasks you accomplished last week” or “pay one trillion dollars.” In one version, victims are told they can decrypt their system for free — if they forward the malware.This marks a shift in behavior: - Originally, Fog didn’t exfiltrate data or run leak sites - Now, researchers report double-extortion tactics and faster attack cycles - In some incidents, data was encrypted within two hours of initial access🛡️ Trend Micro and Darktrace urge organizations to: - Monitor Fog IoCs - Segment networks - Keep offline, tested backups - Train teams to spot phishing attempts - Patch VPNs and remote access infrastructureAt <a href="https://infosec.exchange/@Efani" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Efani</a>, we believe even “troll” ransomware is no joke. Whether done for profit or chaos, the operational damage from Fog attacks can be severe. Stay vigilant — even the ransom notes are engineered for distraction.<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/FogRansomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FogRansomware</a> <a href="https://infosec.exchange/tags/DOGE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DOGE</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/EfaniSecure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EfaniSecure</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IncidentResponse</a>

RedPacket Security[INCRANSOM] - Ransomware Victim: franklin nursing home - <a href="https://www.redpacketsecurity.com/incransom-ransomware-victim-franklin-nursing-home/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/incransom-ransomware-victim-franklin-nursing-home/</a><a href="https://mastodon.social/tags/incransom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#incransom</a> <a href="https://mastodon.social/tags/dark_web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dark_web</a> <a href="https://mastodon.social/tags/data_breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#data_breach</a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSINT</a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tor</a>

RedPacket Security[AKIRA] - Ransomware Victim: Diedrich Coffee - <a href="https://www.redpacketsecurity.com/akira-ransomware-victim-diedrich-coffee/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/akira-ransomware-victim-diedrich-coffee/</a><a href="https://mastodon.social/tags/akira" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#akira</a> <a href="https://mastodon.social/tags/dark_web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dark_web</a> <a href="https://mastodon.social/tags/data_breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#data_breach</a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSINT</a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tor</a>

ransomwatch (unofficial)New <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> post!Title: franklin nursing home Group: incransom Discovered: 2025-04-22 16:46:25.080242

CTI.FYI🚨New ransom group blog post!🚨Group name: incransom Post title: franklin nursing home Info: <a href="https://cti.fyi/groups/incransom.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/incransom.html</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

AAKLOne can only hope the lowlife that targeted this outfit never finds himself in need of one of these kidney machines. Oh, but I forget - the perpetrators never age and live forever in infamy.Halcyon: Kidney Dialysis Provider Services Disrupted by Ransomware <a href="https://www.halcyon.ai/blog/kidney-dialysis-provider-services-disrupted-by-ransomware" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.halcyon.ai/blog/kidney-dialysis-provider-services-disrupted-by-ransomware</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a>

RedPacket Security[QILIN] - Ransomware Victim: parrishleasing[.]com - <a href="https://www.redpacketsecurity.com/qilin-ransomware-victim-parrishleasing-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/qilin-ransomware-victim-parrishleasing-com/</a><a href="https://mastodon.social/tags/qilin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#qilin</a> <a href="https://mastodon.social/tags/dark_web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dark_web</a> <a href="https://mastodon.social/tags/data_breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#data_breach</a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSINT</a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tor</a>

RedPacket Security[LYNX] - Ransomware Victim: amethystgroup[.]co[.]uk - <a href="https://www.redpacketsecurity.com/lynx-ransomware-victim-amethystgroup-co-uk/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/lynx-ransomware-victim-amethystgroup-co-uk/</a><a href="https://mastodon.social/tags/lynx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lynx</a> <a href="https://mastodon.social/tags/dark_web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dark_web</a> <a href="https://mastodon.social/tags/data_breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#data_breach</a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSINT</a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tor</a>

RedPacket Security[LYNX] - Ransomware Victim: R&N Manufacturing - <a href="https://www.redpacketsecurity.com/lynx-ransomware-victim-r-n-manufacturing/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/lynx-ransomware-victim-r-n-manufacturing/</a><a href="https://mastodon.social/tags/lynx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lynx</a> <a href="https://mastodon.social/tags/dark_web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dark_web</a> <a href="https://mastodon.social/tags/data_breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#data_breach</a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSINT</a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tor</a>

ransomwatch (unofficial)New <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> post!Title: Bacton Transport Services Group: ransomhouse Discovered: 2025-04-22 14:40:14.327920

CTI.FYI🚨New ransom group blog post!🚨Group name: ransomhouse Post title: Bacton Transport Services Info: <a href="https://cti.fyi/groups/ransomhouse.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/ransomhouse.html</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

ANY.RUN☣️ <a href="https://infosec.exchange/tags/PE32" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PE32</a> is a new <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> strain quickly gaining attention onlineIt engages in double extortion, uses a Telegram-based C2, and is steadily evolvingRead detailed technical breakdown from Mauro Eldritch👇 <a href="https://any.run/cybersecurity-blog/pe32-ransomware-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=pe32_analysis&utm_content=linktoblog&utm_term=220425" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://any.run/cybersecurity-blog/pe32-ransomware-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=pe32_analysis&utm_content=linktoblog&utm_term=220425</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Kevin Thomas ✅Trend Micro has identified a new ransomware group, CrazyHunter, actively targeting critical Taiwanese sectors such as healthcare, education, and manufacturing using advanced tactics including BYOVD (bring your own vulnerable driver) to bypass EDR defenses. The group leverages 80% open source tooling—including ZammoCide for privileged process termination via vulnerable drivers, Prince Ransomware Builder to generate ransomware payloads, and SharpGPOAbuse for lateral movement and privilege escalation via Group Policy Objects. With at least 10 confirmed victims, CrazyHunter exemplifies the growing trend of threat actors using low-cost, modifiable GitHub-hosted tools to scale sophisticated campaigns. <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://defcon.social/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://www.darkreading.com/threat-intelligence/ransomware-gang-crazyhunter-critical-taiwanese-orgs" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.darkreading.com/threat-intelligence/ransomware-gang-crazyhunter-critical-taiwanese-orgs</a>

ransomwatch (unofficial)New <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> post!Title: R&N Manufacturing Group: lynx Discovered: 2025-04-22 12:39:49.617218

CTI.FYI🚨New ransom group blog post!🚨Group name: lynx Post title: R&N Manufacturing Info: <a href="https://cti.fyi/groups/lynx.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/lynx.html</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

CybernewsFog ransomware operators are now using DOGE-themed ransom notes to troll their victims, a new cybersecurity investigation has found.<a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/DOGE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DOGE</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/troll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#troll</a> <a href="https://cnews.link/ransomware-gang-using-doge-themed-notes-2/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cnews.link/ransomware-gang-using-doge-themed-notes-2/</a>

Pyrzout :vm:Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 <a href="https://www.securityweek.com/two-healthcare-orgs-hit-by-ransomware-confirm-data-breaches-impacting-over-100000/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.securityweek.com/two-healthcare-orgs-hit-by-ransomware-confirm-data-breaches-impacting-over-100000/</a> <a href="https://social.skynetcloud.site/tags/DataBreaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreaches</a> <a href="https://social.skynetcloud.site/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://social.skynetcloud.site/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://social.skynetcloud.site/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcare</a> <a href="https://social.skynetcloud.site/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#ransomware