RansomHub extortion gang linked to now-defunct Knight ransomware

June 5, 2024 at 08:43AM RansomHub is a new Ransomware-as-a-Service believed to have evolved from the defunct Knight ransomware project. It operates as a data theft and extortion group, recently targeting United Health subsidiary Change Healthcare and international auction house Christie’s. Symantec analysts found commonalities with Knight, indicating a likely derived lineage, though operated by … Read more

INC ransomware source code selling on hacking forums for $300,000

May 13, 2024 at 04:29PM Cybercriminal “salfetka” is allegedly selling the source code of INC Ransom, a ransomware-as-a-service operation. The sale is announced on hacking forums, with a price tag of $300,000 and limitations on potential buyers. Additionally, INC Ransom is undergoing changes, possibly indicating a rift within its core team or plans for a … Read more

Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia

May 13, 2024 at 06:22AM Black Basta ransomware has targeted over 500 entities in North America, Europe, and Australia since April 2022. Affiliates utilize common access techniques and a double-extortion model, without initial ransom demands. The group is linked to 28 of 373 ransomware attacks in April 2024 and increased activity in Q1 2024. The … Read more

Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

May 7, 2024 at 11:57AM The U.K. National Crime Agency has revealed the details of the administrator of the LockBit ransomware, a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. He has been sanctioned by multiple government departments and charged with numerous counts, facing a maximum penalty of 185 years in prison. The dismantling of the … Read more

Second Ransomware Group Extorting Change Healthcare

April 9, 2024 at 07:54AM After paying cybercriminals to prevent the release of stolen data from a ransomware attack, Change Healthcare is being extorted again by a different group, RansomHub. This comes after a previous incident involving the BlackCat ransomware gang. The repeated extortion highlights the risk of paying ransoms and the prevalence of cyber … Read more

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption

April 3, 2024 at 07:27AM Summary: Operation Cronos on Feb. 19, 2024 significantly disrupted LockBit’s ransomware operations, leading to a takeover of its leak site by UK’s NCA. Authorities leveraged the site to cast doubt on LockBit’s promises and distribute information about the group. Fallout from the disruption hinted at the significant impact on the … Read more

Ransomware as a Service and the Strange Economics of the Dark Web

March 27, 2024 at 10:10AM Ransomware evolution in the past months includes LockBit’s blog takedown, BlackCat’s exit, and smaller groups emergence. The ecosystem functions as a complex supply chain with RaaS dominating large groups. Affiliate competition and recent takedowns are shifting the landscape, potentially leading to ecosystem fragmentation. Corporate security recommendations include extensive monitoring, patching … Read more

TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

March 20, 2024 at 07:30AM Multiple threat actors are exploiting security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan. The attacks entail the exploitation of CVE-2024-27198, enabling adversaries to gain administrative control over affected servers. Organizations using TeamCity are urged to update their software … Read more

Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries

March 6, 2024 at 02:15AM GhostSec, a cybercrime group, has partnered with Stormous to launch double extortion ransomware attacks on businesses globally. They are part of a coalition called The Five Families, offering a new ransomware-as-a-service (RaaS) program called STMX_GhostLocker. The groups have also introduced a Go-written ransomware called GhostLocker 2.0 and developed hacking tools … Read more

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

March 4, 2024 at 12:48PM ALPHV/BlackCat ransomware gang has shut down its servers amid claims they scammed an affiliate of $22 million for an attack on Optum through the Change Healthcare platform. It is unclear if this is an exit scam or a rebranding attempt. The gang has a history of rebranding, with previous iterations … Read more