July 22, 2024 at 11:36AM Two members of the LockBit gang pleaded guilty in the US for their involvement in deploying ransomware against organizations globally and in the US. The gang resumed operations after a disruption, becoming the most active ransomware gang in May. The US seeks information on the alleged mastermind and has announced … Read more
July 9, 2024 at 12:43PM Eldorado, a Go-based ransomware, targets Windows and VMware ESXi systems in the US across education, real estate, and healthcare. It offers an affiliate program, customizable attack techniques, and employs Golang for cross-platform capabilities. Its “living off the land” tactics make it evasive, while its ability to impact virtual machines poses … Read more
June 5, 2024 at 08:43AM RansomHub is a new Ransomware-as-a-Service believed to have evolved from the defunct Knight ransomware project. It operates as a data theft and extortion group, recently targeting United Health subsidiary Change Healthcare and international auction house Christie’s. Symantec analysts found commonalities with Knight, indicating a likely derived lineage, though operated by … Read more
May 13, 2024 at 04:29PM Cybercriminal “salfetka” is allegedly selling the source code of INC Ransom, a ransomware-as-a-service operation. The sale is announced on hacking forums, with a price tag of $300,000 and limitations on potential buyers. Additionally, INC Ransom is undergoing changes, possibly indicating a rift within its core team or plans for a … Read more
May 13, 2024 at 06:22AM Black Basta ransomware has targeted over 500 entities in North America, Europe, and Australia since April 2022. Affiliates utilize common access techniques and a double-extortion model, without initial ransom demands. The group is linked to 28 of 373 ransomware attacks in April 2024 and increased activity in Q1 2024. The … Read more
May 7, 2024 at 11:57AM The U.K. National Crime Agency has revealed the details of the administrator of the LockBit ransomware, a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. He has been sanctioned by multiple government departments and charged with numerous counts, facing a maximum penalty of 185 years in prison. The dismantling of the … Read more
April 9, 2024 at 07:54AM After paying cybercriminals to prevent the release of stolen data from a ransomware attack, Change Healthcare is being extorted again by a different group, RansomHub. This comes after a previous incident involving the BlackCat ransomware gang. The repeated extortion highlights the risk of paying ransoms and the prevalence of cyber … Read more
April 3, 2024 at 07:27AM Summary: Operation Cronos on Feb. 19, 2024 significantly disrupted LockBit’s ransomware operations, leading to a takeover of its leak site by UK’s NCA. Authorities leveraged the site to cast doubt on LockBit’s promises and distribute information about the group. Fallout from the disruption hinted at the significant impact on the … Read more
March 27, 2024 at 10:10AM Ransomware evolution in the past months includes LockBit’s blog takedown, BlackCat’s exit, and smaller groups emergence. The ecosystem functions as a complex supply chain with RaaS dominating large groups. Affiliate competition and recent takedowns are shifting the landscape, potentially leading to ecosystem fragmentation. Corporate security recommendations include extensive monitoring, patching … Read more
March 20, 2024 at 07:30AM Multiple threat actors are exploiting security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan. The attacks entail the exploitation of CVE-2024-27198, enabling adversaries to gain administrative control over affected servers. Organizations using TeamCity are urged to update their software … Read more