September 27, 2024 at 07:30AM Storm-0501, a financially motivated threat actor, has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. with ransomware attacks. They use weak credentials, remote code execution vulnerabilities, and various tools for lateral movements and data exfiltration. The group is also linked to the deployment of Embargo ransomware in … Read more
September 19, 2024 at 04:39PM Inc ransomware, linked to the group Vanilla Tempest, is increasingly targeting American healthcare organizations. Microsoft’s Threat Intelligence Center (MSTIC) raised concerns over the group’s use of Inc ransomware for double extortion attacks. Healthcare, due to its valuable data and vulnerability, remains a prime target for such cyber threats. The sophisticated … Read more
September 11, 2024 at 02:47PM The Meow ransomware group has gained momentum, claiming the second most active gang spot in global ransomware attacks. The group has shifted its focus from encrypting files to selling stolen data, adopting a new tactic in the cybercrime landscape. Meanwhile, RansomHub continues to dominate the rankings with 15 percent of … Read more
September 3, 2024 at 11:00AM Cicada3301, a new ransomware-as-a-service, is impersonating the legitimate Cicada 3301 organization, conducting cyber attacks and recruiting affiliates. This operation uses double-extortion tactics and targets specific file extensions on Windows and Linux/VMware ESXi systems. Its strategic design is aimed at maximizing damage in enterprise environments and pressuring victims to pay ransoms. … Read more
September 2, 2024 at 10:18AM RansomHub, a Ransomware-as-a-service variant, has targeted at least 210 victims across various sectors, using the double extortion model to extort data and funds. Exploiting security vulnerabilities, affiliates conduct reconnaissance and network scanning before targeting victim environments. The surge in Ransomware-as-a-service variants has led to new variants and collaborations with nation-state … Read more
September 1, 2024 at 12:39PM Cicada3301 is a new ransomware-as-a-service (RaaS) operation with 19 victims listed on its portal. It conducts double-extortion tactics, utilizing data theft as leverage. The malware overlaps with ALPHV/BlackCat, employing similar encryption methods. It may have ties to the Brutus botnet and targets VMware ESXi setups, causing significant damage to enterprise … Read more
August 29, 2024 at 02:53PM RansomHub ransomware, active since February 2024, has targeted over 200 victims in critical U.S. infrastructure sectors. The group focuses on data-theft-based extortion, with recent breaches including Patelco, Rite Aid, Christie’s, and Frontier Communications. A joint advisory by federal agencies urges network defenders to implement security measures and avoid paying ransoms. … Read more
July 22, 2024 at 01:01PM Play ransomware, a new threat, has initiated targeted attacks on Linux devices, focusing on VMware ESXi virtual machines. This is a concerning development, expanding potential victims and ransom negotiation success. The gang’s tactics involve scanning and encrypting files, leading to significant disruptions in business operations and reduced data recovery options. … Read more
July 22, 2024 at 12:24AM A new Linux variant of the Play ransomware, known for double extortion tactics, has been discovered by Trend Micro researchers. This variant targets VMWare ESXi environments, expanding its potential victim pool. The ransomware has targeted industries such as manufacturing, IT, and retail, while collaborating with the services of Prolific Puma … Read more
July 16, 2024 at 09:42AM Microsoft revealed that the Scattered Spider cybercrime gang has incorporated Qilin ransomware into its attacks, notably affecting high-profile organizations. The FBI and CISA issued an advisory on the gang’s tactics, including impersonating IT employees and using phishing and MFA bombing for network access. Qilin’s advanced Linux encryptors target VMware ESXi … Read more