July 15, 2024 at 04:42PM The SEXi ransomware group, now operating as APT Inc., uses leaked Babuk and LockBit 3 encryptors to target VMware ESXi and Windows servers. They demand ransom varying from thousands to millions and have no known weaknesses in their encryption methods. Victims have publicly shared their experiences, including ransom notes with … Read more
July 15, 2024 at 11:26AM APT INC, formerly known as SEXi ransomware operation, has targeted various organizations using Babuk and LockBit 3 encryptors to attack VMware ESXi servers and Windows. The threat actors have gained attention for attacking IxMetro Powerhost and continue to operate with ransom demands ranging from tens of thousands to millions. Unfortunately, … Read more
May 1, 2024 at 12:41PM Hôpital de Cannes – Simone Veil (CHC-SV) in France experienced a cyberattack, causing severe operational disruption. The Lockbit 3.0 ransomware gang demanded a ransom, threatening to leak stolen data. The hospital refused to pay and is working to restore normal operations. The attack highlights the ransomware group’s disregard for healthcare … Read more
November 21, 2023 at 05:39PM LockBit 3.0 ransomware affiliates are targeting the “Citrix Bleed” security vulnerability, prompting warnings from CISA and Citrix. The bug allows authentication bypass, giving threat actors access to user sessions and credentials. Citrix’s patch is not sufficient to protect against compromise. Organizations are advised to upgrade immediately and assess vulnerability. Thousands … Read more
October 24, 2023 at 10:18AM Ransomware activity in September reached unprecedented levels, with ransomware groups launching 514 attacks, surpassing the previous record set in March. Some notable threat groups include LockBit 3.0, LostTrust, and BlackCat. LostTrust, believed to be a rebrand of MetaEncryptor, quickly rose to second place. North America was the most targeted region, … Read more
October 13, 2023 at 02:22PM Security researchers have discovered the first ransomware campaign targeting organizations using a vulnerability in Progress Software’s WS_FTP Server. The campaign, carried out by the “Reichsadler Cybercrime Group,” demanded a ransom of 0.018 Bitcoin (approximately $500) to recover encrypted files. Sophos’s product prevented the download of the ransomware payload, and patches … Read more