Experts at Chainalysis, a company specializing in blockchain monitoring, saw a significant reduction in the number of ransomware attacks last year. Cybercriminals got less than $500 million in ransom demanded in cryptocurrencies during this period.

However, 2023 has seen a worrying reversal in this trend. In the first six months of the year, hackers have extorted $449.1 million. If this trend continues, the annual haul could reach as high as $898.6 million, approaching the 2021 record.

At the same time, Chainalysis and other observers, such as ReliaQuest, have seen an increase in ransomware activity. Some groups, such as Lockbit, which can now attack Mac users, have stepped up their efforts.

Despite a decline in earnings last year, criminals have developed "more extreme" extortion tactics, according to Chainalysis' Jackie Burns Koven. Faced with the refusal of their victims to pay, many hackers are resorting to publishing sensitive data and violating personal privacy as an intimidation tactic.

In addition, the first half of 2023 has seen the emergence of a new ransomware group called Royal, which mainly targets US companies, as well as the emergence of Rorschach, a mysterious malware that has established itself as the world's most feared ransomware.

The proliferation of attacks is also due to the rise of ransomware as a service (RaaS). These malware are available by subscription, allowing any aspiring hacker to deploy ransomware without the need for extensive technical knowledge.

This combination of aggressive extortion methods and accessibility to ransomware services has led to a dramatic increase in attacks. It is crucial that businesses and individuals are more vigilant than ever and take appropriate measures to protect themselves.

source: wired

L'entrada Creixent Increment d’Atacs de Ransomware: Per què es Multiplica la Amença? ha aparegut primer a Andorsoft, S.A..

Now they have finally decided to abandon the project and in addition to apologizing to the victims. They have also given instructions on how to recover the files using the keys they have released for this purpose.

But Shade is just one of the threats they have created during this time, albeit the most important. They were also responsible for other Trojans such as Troledesh or Encoder.858.

Beyond publishing all the decryption keys (more than 750,000), they have also included decryption software and have indicated that they expect antivirus companies to issue their own decryption tools now that they have the keys and thus make the task easier for users.

At the moment, Kaspersky antivirus has already updated its decryption tool and introduced the keys for the Shade ransomware. This is one of the most popular options for users and can surely help many of those who have been victims.

Ransomware, as we have indicated, is one of the most important problems on the Internet. It is vital that we always keep common sense in mind, since in many cases it will require user interaction to attack. For example, it can arrive through a malicious attachment, a link that we access for a download or when installing software. Sometimes it takes advantage of possible vulnerabilities, so it is essential that we keep our systems updated.

L'entrada Tanca un dels ransomware més importants “SHADE” i demanen perdó¡! ha aparegut primer a Andorsoft, S.A..

From andorsoft we are constantly concerned about your security. For this reason we inform you that the latest version of the ransomware is capable of contaminating switched off replicas in different datastores.

This is a DEADLY attack in any scenario, and for any company.

The only way to be sure not to lose all your information is to make copies to removable devices.

We recommend that you have a 4TB USB so that you can change them daily or weekly and have a safe backup.

 We remain at your disposal for any clarification,

Andorsoft

L'entrada MILLORES seguretat ha aparegut primer a Andorsoft, S.A..

L'entrada How does @Varonis #protectyourfileservers and #protectyourNAS from #ransomware and #cyberattacks? ha aparegut primer a Andorsoft, S.A..

L'entrada Com et podem ajudar a protegir-te dels #ciberatacs. Amb @ZeedSecurity i les seves eines de monitoratge diari, es la millor prevenció en front als #ciberatacs. ha aparegut primer a Andorsoft, S.A..

Below we detail the origin and process that this cyberattack has used for its rapid spread.

The origin of the attack was associated with an MS Office vulnerability, a vulnerability published on 3/14 and its corrective measures.
Other exploits linked to perimeter defensive systems (Firewall, Antivirus, Certified Email...) would also have been executed due to lack of maintenance on them and have "opened the doors" to the exposure of the devices.
Once devices are infected, ransomware can spread freely across the network due to the lack of good IT health practices by leaving SMB protocols open and unencrypted.

* Server Message Block (SMB) is a network protocol that allows sharing files, printers, etc., between nodes of a computer network that use the Microsoft Windows operating system and, using a remote command execution vulnerability, is distributed to the rest of the Windows machines on the same network.

In summary, three simple recommendations; present in all EAIS – Zeedsecurity audits, which, if implemented correctly after detection, would have acted preventively, contributing to preventing infection of the device.

EAIS/EAES 24/7 is an excellent tool for daily monitoring of security and management of corrective measures to be implemented.

L'entrada NOTÍCIA #CIBERATAC #RANSOMWARE ha aparegut primer a Andorsoft, S.A..