May 13, 2024 at 06:22AM Black Basta ransomware has targeted over 500 entities in North America, Europe, and Australia since April 2022. Affiliates utilize common access techniques and a double-extortion model, without initial ransom demands. The group is linked to 28 of 373 ransomware attacks in April 2024 and increased activity in Q1 2024. The … Read more
May 7, 2024 at 11:57AM The U.K. National Crime Agency has revealed the details of the administrator of the LockBit ransomware, a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. He has been sanctioned by multiple government departments and charged with numerous counts, facing a maximum penalty of 185 years in prison. The dismantling of the … Read more
April 9, 2024 at 07:54AM After paying cybercriminals to prevent the release of stolen data from a ransomware attack, Change Healthcare is being extorted again by a different group, RansomHub. This comes after a previous incident involving the BlackCat ransomware gang. The repeated extortion highlights the risk of paying ransoms and the prevalence of cyber … Read more
April 3, 2024 at 07:27AM Summary: Operation Cronos on Feb. 19, 2024 significantly disrupted LockBit’s ransomware operations, leading to a takeover of its leak site by UK’s NCA. Authorities leveraged the site to cast doubt on LockBit’s promises and distribute information about the group. Fallout from the disruption hinted at the significant impact on the … Read more
March 27, 2024 at 10:10AM Ransomware evolution in the past months includes LockBit’s blog takedown, BlackCat’s exit, and smaller groups emergence. The ecosystem functions as a complex supply chain with RaaS dominating large groups. Affiliate competition and recent takedowns are shifting the landscape, potentially leading to ecosystem fragmentation. Corporate security recommendations include extensive monitoring, patching … Read more
March 20, 2024 at 07:30AM Multiple threat actors are exploiting security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan. The attacks entail the exploitation of CVE-2024-27198, enabling adversaries to gain administrative control over affected servers. Organizations using TeamCity are urged to update their software … Read more
March 6, 2024 at 02:15AM GhostSec, a cybercrime group, has partnered with Stormous to launch double extortion ransomware attacks on businesses globally. They are part of a coalition called The Five Families, offering a new ransomware-as-a-service (RaaS) program called STMX_GhostLocker. The groups have also introduced a Go-written ransomware called GhostLocker 2.0 and developed hacking tools … Read more
March 4, 2024 at 12:48PM ALPHV/BlackCat ransomware gang has shut down its servers amid claims they scammed an affiliate of $22 million for an attack on Optum through the Change Healthcare platform. It is unclear if this is an exit scam or a rebranding attempt. The gang has a history of rebranding, with previous iterations … Read more
March 4, 2024 at 12:36AM U.S. cybersecurity agencies have issued warnings about Phobos ransomware targeting government and critical infrastructure entities. The ransomware, operated as a service model, has targeted various sectors and has earned millions in ransom. The attackers use various tactics and have been actively targeting entities since May 2019, posing a significant ongoing … Read more
February 29, 2024 at 09:32AM Ransomware-as-a-service (RaaS) affiliates are driving a surge in ransomware attacks in the Middle East and Africa. Group-IB’s report shows a 68% increase in data leaks from 205 companies, with financial services as the primary target. Organizations in the region, particularly those with less mature security controls, are vulnerable to operational … Read more