We have archived the voicemail SunCrypt ransomware group left on a victim companies telephone.
You can listen to the voicemail here:
https://www.youtube.com/watch?v=htsSaPNgm8s
You can listen to the voicemail here:
https://www.youtube.com/watch?v=htsSaPNgm8s
YouTube
Suncrypt Ransomware leaves victim a message
No details are available on who the victim was. Audio released by Sophos.
Archived via vx-underground.org
Archived via vx-underground.org
InterviewWithKajit.pdf
5.5 MB
Notes from UG Vol. 1 has been released
We interviewed Kajit, a former REvil and DarkSide operator & the admin of the Ransomware Marketplace forum (RAMP)
In this interview we allowed members of our Discord to ask him anything
We interviewed Kajit, a former REvil and DarkSide operator & the admin of the Ransomware Marketplace forum (RAMP)
In this interview we allowed members of our Discord to ask him anything
We've updated the vx-underground APT sample collection:
- WinDealer
- SQUIRRELWAFFLE
- WsLink
Have a nice day.
https://vx-underground.org/apts
- WinDealer
- SQUIRRELWAFFLE
- WsLink
Have a nice day.
https://vx-underground.org/apts
ExMatter.rar
2.1 MB
Today Symantec released a paper on BlackMatters new exfiltration tool dubbed 'ExMatter'.
Samples attached:)
Samples attached:)
Morphisec announced a new ransomware variant written in GoLang dubbed 'Decaf ransomware'. More samples:)
MacOS.XLoader.rar
798.3 KB
Old samples - SentinelOne wrote a paper on MacOS.XLoader. Here are the samples:)
We've made an addition to the vx-underground WINAPI Tricks GitHub repository:
- Correct implementation of URLDownloadFileW using IBindStatusCallback callbacks to ensure remote file download was completed successfully
Check it out here: https://github.com/vxunderground/WinAPI-Tricks
- Correct implementation of URLDownloadFileW using IBindStatusCallback callbacks to ensure remote file download was completed successfully
Check it out here: https://github.com/vxunderground/WinAPI-Tricks
The United States government is offering a reward up to $10,000,000 for information on DarkSide ransomware group and/or affiliates.
Conti ransomware group has released a statement and apologized to "members of Saudi Arabia, UAE, and Qatar families ... to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families"
We have archived it here: https://pastebin.com/eeLNnAG0
We have archived it here: https://pastebin.com/eeLNnAG0
Pastebin
Conti Statement 11.04.2021 - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
We've added a new video to the vx-underground YouTube archives. The video archive shows Ukrainian authorities arresting cl0p ransomware operators in South Korea.
* vx-underground does not own the rights to this video
* archival purposes only
https://www.youtube.com/watch?v=R9MG7McrEO8
* vx-underground does not own the rights to this video
* archival purposes only
https://www.youtube.com/watch?v=R9MG7McrEO8
YouTube
[Archive] Ukraine Police arrest CLOP ransomware operators
Original noscript translated into English: Cyberpolice exposes hacker group in spreading encryption virus
Original video denoscription translated into English: With the help of the malicious program "Clop", the defendants encrypted the data that was on the media…
Original video denoscription translated into English: With the help of the malicious program "Clop", the defendants encrypted the data that was on the media…
👍1
New video added to our YouTube archives:
Iranian news reports the Tehran subway disruption. Iranian authorities attributed the issue to 'overcrowding' and unidentified 'computer problem'.
This follows the cyber attack against Iranian gas stations.
https://www.youtube.com/watch?v=Vejsd_wYcO0
Iranian news reports the Tehran subway disruption. Iranian authorities attributed the issue to 'overcrowding' and unidentified 'computer problem'.
This follows the cyber attack against Iranian gas stations.
https://www.youtube.com/watch?v=Vejsd_wYcO0
YouTube
[ARCHIVE] Tehran Subway disruption
"Tehran subway traffic was disrupted today, with Iranian officials attributing the issue to the tube getting overcrowded while also partially blaming an unidentified "computer problem"
This follows a cyber attack against Iranian Gas stations
This follows a cyber attack against Iranian Gas stations