November 27, 2024 at 08:03AM Researchers have identified Bootkitty, the first UEFI bootkit designed for Linux systems, produced by BlackCat. As a proof-of-concept, it aims to disable kernel signature verification and preload unknown binaries. While not yet used in attacks, it signifies a shift in UEFI threats beyond Windows, highlighting future cybersecurity risks. ### Meeting … Read more
October 22, 2024 at 07:06AM The Cicada3301 ransomware, resembling BlackCat, signifies a resurgence of this threat. It is viewed as a successor to BlackCat, highlighting ongoing concerns in cybersecurity. ### Meeting Notes Takeaways: 1. **Cicada3301 Ransomware**: – There are notable similarities between Cicada3301 and BlackCat ransomware. – Cicada3301 may signify the return of this particular … Read more
September 4, 2024 at 10:37AM The Cicada3301 ransomware, linked to at least 20 victims since June, shares similarities with BlackCat ransomware. It’s coded in Rust and targets Windows’ Volume Snapshot Service, manipulating the shadow copies. The malware also embeds user credentials and customizes ransom notes per victim. Its detection capabilities and targets, primarily SMBs, are … Read more
July 22, 2024 at 08:02AM A 17-year-old was arrested in the UK for involvement in cyberattacks, including one on MGM Resorts. The teenager was released on bail. MGM suffered a ransomware attack, resulting in $110 million in costs. The AlphV/BlackCat ransomware group claimed responsibility. Caesars Entertainment also fell victim to a ransomware attack. Multiple arrests … Read more
April 16, 2024 at 07:42AM Ransomware group RansomHub is threatening to publish 4TB of allegedly stolen healthcare data from Change Healthcare if a ransom is not paid by Friday. The data includes personally identifiable and health information, financial data, and more. UnitedHealth Group, the parent company, denies confirming the $22 million ransom payment and is … Read more
April 9, 2024 at 10:09AM The US government is offering bounties for information on ransomware gangs, but challenges remain in collecting information due to rigorous conditions and low payouts. Concerns are raised about the effectiveness of a criminal law enforcement approach in addressing ransomware attacks, compounded by the potential involvement of adversarial nations like Russia. … Read more
March 28, 2024 at 07:06AM The US Department of State announced a $10 million reward for information on Alphv/BlackCat ransomware operators. The group has affected over 1,000 victims worldwide, including major organizations. Law enforcement took down BlackCat’s infrastructure in 2023, and the US is seeking information on the group and its affiliates’ malicious cyber activities. … Read more
March 27, 2024 at 10:10AM Ransomware evolution in the past months includes LockBit’s blog takedown, BlackCat’s exit, and smaller groups emergence. The ecosystem functions as a complex supply chain with RaaS dominating large groups. Affiliate competition and recent takedowns are shifting the landscape, potentially leading to ecosystem fragmentation. Corporate security recommendations include extensive monitoring, patching … Read more
March 6, 2024 at 10:39AM Sygnia’s prompt intervention prevented a potentially devastating ransomware attack on a company’s network by disconnecting it from the internet. The attackers, BlackCat, had penetrated the system through a compromised vendor. While some data was exfiltrated, encryption was thwarted, and the victim’s decisive action and Sygnia’s expertise proved pivotal in mitigating … Read more
March 4, 2024 at 12:48PM ALPHV/BlackCat ransomware gang has shut down its servers amid claims they scammed an affiliate of $22 million for an attack on Optum through the Change Healthcare platform. It is unclear if this is an exit scam or a rebranding attempt. The gang has a history of rebranding, with previous iterations … Read more