December 19, 2023 at 01:22PM The FBI and CISA released a joint Cybersecurity Advisory (CSA) to share known IOCs and TTPs linked to the ALPHV Blackcat ransomware. The advisory warns organizations of evolving tactics used by the threat actors, including advanced social engineering and remote access software deployment. It also provides mitigations and incident response … Read more
December 19, 2023 at 12:33PM The US Department of Justice seized the ALPHV/BlackCat ransomware operation’s websites and created a decryptor to assist around 500 affected companies in recovering their data for free. By utilizing a confidential human source, the FBI accessed the ransomware gang’s affiliate panel to obtain private decryption keys. This operation is the … Read more
December 19, 2023 at 11:45AM The U.S. Justice Department disrupted the BlackCat ransomware, issuing a decryption tool for victims. With FBI’s help, a confidential source breached the gang’s web panel. BlackCat, a major ransomware variant, operated a ransomware-as-a-service model and used double extortion. The action saved victims $68 million, dismantled the gang’s computer network, and … Read more
December 19, 2023 at 10:02AM The US Justice Department is distributing a decryptor to over 500 AlphV/BlackCat ransomware victims, aiming to prevent $68 million in ransom payments. This follows a joint operation with global authorities, which also defaced the group’s old leak site. Questions remain about the impact of the disruption campaign and the future … Read more
December 19, 2023 at 09:19AM The FBI successfully breached the ALPHV ransomware operation, obtaining decryption keys and monitoring the activities. Over 500 victims received free decryption keys. The FBI has seized the data leak site and created a free decryption tool. Affiliates are now contacting victims directly, and the operation may rebrand due to law … Read more
December 19, 2023 at 06:03AM CISA, FBI, and ACSC have issued an advisory on Play ransomware, detailing its tactics, targets, and impact. The ransomware gang uses double-extortion tactics, exploits various vulnerabilities for access, and encrypts victim data. The advisory includes indicators of compromise, mitigation steps, and recommends testing security controls against the threat behaviors outlined … Read more
December 19, 2023 at 04:33AM Qakbot malware has resurged with a new phishing campaign targeting the hospitality sector. The gang uses malicious PDF attachments disguised as IRS documents to distribute the malware. Despite earlier efforts to take it down, Qakbot has reappeared, demonstrating the challenge of combating cybercrime. Similar to Emotet’s revival, Qakbot’s resurgence poses … Read more
December 18, 2023 at 10:37AM A joint CSA from the FBI, CISA, and ASD’s ACSC provides IOCs and TTPs of the Play ransomware group impacting businesses in North and South America and Europe. The group employs a double-extortion model, encrypting systems after exfiltrating data. Recommendations include multifactor authentication, offline backups, and system updates to mitigate … Read more
December 17, 2023 at 04:44PM The QakBot malware, previously disrupted by law enforcement, has resurfaced in new phishing campaigns. Microsoft warns of email phishing attacks impersonating IRS employees, distributing QakBot via a malicious PDF file. The malware, initially a banking trojan, has evolved into a delivery service for ransomware attacks and data theft, using various … Read more
December 14, 2023 at 01:06PM Attackers breached Idaho National Laboratory’s (INL) Oracle HCM HR management platform, compromising data of 45,047 individuals including employees, dependents, and spouses. The breach included sensitive personal information, such as social security numbers and banking details, but did not affect the lab’s network. A hacking group claimed responsibility and leaked the … Read more