Shutterfly services disrupted by Conti ransomware attack

Photography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted thousands of devices and stole corporate data.

Although many associate Shutterfly with their website, the company’s photography-related services are aimed at consumer, enterprise, and education customers through various brands such as GrooveBook, BorrowLenses, Shutterfly.com, Snapfish, and Lifetouch.

The main website can be used to upload photos to create photo books, personalized stationary, greeting cards, post cards, and more.

Shutterfly suffers a Conti ransomware attack

On Friday, a source told BleepingComputer that Shutterfly suffered a ransomware attack approximately two weeks ago by the Conti gang,

Read More

Windows 10 21H2 adds ransomware protection to security baseline

Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit.

“This Windows 10 feature update brings very few new policy settings,” Microsoft security consultant Rick Munck said.

“One setting has been added for this release for printer driver installation restrictions (which was also added to the Windows 11 release). Additionally, all Microsoft Edge Legacy settings have been removed,”

Protection from human-operated ransomware

However, the highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default (this

Read More

ALPHV BlackCat – This year’s most sophisticated ransomware

The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.

The ransomware executable is written in Rust, which is not typical for malware developers but is slowly increasing in popularity due to its high performance and memory safety.

MalwareHunterTeam found the new ransomware and told BleepingComputer that the first ID Ransomware submission for the new operation was on November 21st.

Read More

BlackMatter ransomware victims quietly helped using secret decryptor

Cybersecurity firm Emsisoft has been secretly decrypting BlackMatter ransomware victims since this summer, saving victims millions of dollars.

Emsisoft and its CTO Fabian Wosar have been helping ransomware victims recover their files since 2012, when an operation called ACCDFISA was launched as the first modern ransomware.

Since then Wosar and others have been working tirelessly to find flaws in ransomware’s encryption algorithms that allow decryptors to be made.

However, to prevent ransomware gangs from fixing these flaws, Emsisoft quietly works with trusted partners in law enforcement and incident response to share the news of these decryptors rather than making them

Read More

LockBit ransomware recruiting insiders to breach corporate networks

The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts.

Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims’ networks and encrypt devices.

Any ransom payments that victims make are then split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount.

However, in many cases, the affiliates purchase access to networks from other third-party pentesters rather than breaching

Read More

Computer hardware giant GIGABYTE hit by RansomEXX ransomware

Taiwanese motherboard maker Gigabyte has been hit by the RansomEXX ransomware gang, who threaten to publish 112GB of stolen data unless a ransom is paid.

Gigabyte is best known for its motherboards, but also manufactures other computer components and hardware, such as graphics cards, data center servers, laptops, and monitors.

The attack occurred late Tuesday night into Wednesday and forced the company to shut down systems in Taiwan. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website

Gigabyte support down due to ransomware attack
Gigabyte support down due to ransomware attack

Customers have also reported issues accessing

Read More

Kaseya obtains universal decryptor for REvil ransomware victims

Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free.

On July 2nd, the REvil ransomware operation launched a massive attack by exploiting a zero-day vulnerability in the Kaseya VSA remote management application to encrypt approximately sixty managed service providers and an estimated 1,500 businesses.

After the attack, the threat actors demanded $70 million for a universal decryptor, $5 million for MSPs, and $40,000 for each extension encrypted on a victim’s network.

Revil's $70 million ransom demand
Revil’s $70 million ransom demand

Soon after, the REvil ransomware gang mysteriously disappeared, and the threat actors

Read More

REvil ransomware hits 1,000+ companies in MSP supply-chain attack

A massive REvil ransomware attack affects multiple managed service providers and over a thousand of their customers through a reported Kaseya supply-chain attack.

Starting this afternoon, the REvil ransomware gang, aka Sodinokibi, targeted MSPs with thousands of customers, through what appears to be a Kaseya VSA supply-chain attack.

At this time, there eight known large MSPs that have been hit as part of this supply-chain attack.

Kaseya VSA is a cloud-based MSP platform that allows providers to perform patch management and client monitoring for their customers.

Huntress Labs’ John Hammond has told BleepingComputer that all of the affected MSPs are

Read More

Code in huge ransomware attack written to avoid computers that use Russian, says new report

WASHINGTON — The computer code behind the massive ransomware attack by the Russian-speaking hacking ring REvil was written so that the malware avoids systems that primarily use Russian or related languages, according to a new report by a cybersecurity firm.

It’s long been known that some malicious software includes this feature, but the report by Trustwave SpiderLabs, obtained exclusively by NBC News, appears to be the first to publicly identify it as an element of the latest attack, which is believed to be the largest ransomware campaign ever.

“They don’t want to annoy the local authorities, and they know they

Read More

Fashion retailer Guess discloses data breach after ransomware attack

American fashion brand and retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft.

“A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess’ systems between February 2, 2021 and February 23, 2021,” the company said in breach notification letters mailed to impacted customers.

“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.”

Guess directly operates 1,041 retail stores in the Americas, Europe, and Asia, and its distributors

Read More