December 15, 2023 at 04:21PM Summary: Over the past two weeks, there have been notable developments in the ransomware landscape. The BlackCat/ALPHV drama continues, with affiliates reaching out to victims directly. The LockBit operation is exploiting this situation for recruitment. Various ransomware attacks and law enforcement actions have also been reported. Lastly, new ransomware variants … Read more
December 13, 2023 at 01:25PM LockBit ransomware operation is recruiting affiliates and developers from the recently disrupted BlackCat/ALPHV and NoEscape operations. NoEscape’s exit scam has raised concerns of lost ransom payments and decryption keys for victims, while BlackCat/ALPHV suffered a disruption possibly related to law enforcement. LockBitSupp, LockBit’s manager, seeks to recruit affiliates and a … Read more
November 22, 2023 at 12:36AM LockBit ransomware affiliates are actively exploiting a critical security flaw in Citrix NetScaler appliances to gain initial access to target environments. The flaw, known as Citrix Bleed, allows threat actors to bypass password requirements and multifactor authentication, enabling session hijacking and unauthorized access to data. The vulnerability, tracked as CVE-2023-4966, … Read more
November 20, 2023 at 12:27PM The Canadian government has reported that two of its contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, were hacked, resulting in the exposure of sensitive information belonging to government employees. The breach, reportedly attributed to the LockBit ransomware gang, has affected data dating back to … Read more
November 17, 2023 at 11:15AM SecurityWeek’s weekly roundup highlights several cybersecurity stories. The world-renowned law firm Allen & Overy experienced a data breach by the LockBit ransomware group. The largest bank in China, Industrial and Commercial Bank of China, allegedly paid a ransom to the LockBit gang. Europol aided in the takedown of a vishing … Read more
November 16, 2023 at 08:12AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and MS-ISAC have issued an advisory about the Rhysida ransomware. The threat actors behind Rhysida use a ransomware-as-a-service model and target organizations in various sectors. They exploit VPNs, the Zerologon vulnerability, and phishing campaigns to gain access to networks. Rhysida … Read more
November 16, 2023 at 07:39AM Royal Mail’s parent company, International Distribution Services (IDS), has disclosed that the ransomware attack it experienced in January will cost the company approximately £10 million ($12.4 million) in improvements to its Heathrow Worldwide Distribution Centre. Although the total costs related to the attack are expected to be higher, IDS has … Read more
November 13, 2023 at 06:03AM U.S. Treasury Secretary Janet Yellen stated that the recent ransomware attack on China’s largest bank did not significantly disrupt the U.S. Treasury market. Yellen emphasized the importance of close communication and trust between nations. The bank, Industrial and Commercial Bank of China Financial Services, confirmed the attack but stated that … Read more
November 12, 2023 at 06:56PM LockBit ransomware has leaked more than 43GB of files stolen from Boeing after the aerospace company refused to pay the ransom. The leaked data includes backups for various systems, with the most recent files dated October 22. LockBit had warned Boeing about the leak and threatened to publish a sample … Read more
November 10, 2023 at 07:00AM China’s Industrial and Commercial Bank of China Financial Services, a financial services business of China’s largest bank, experienced a ransomware attack that disrupted trading in the U.S. Treasury market. The attack affected some of its systems, but the company disconnected parts to mitigate the impact. The incident is being investigated … Read more