November 11, 2024 at 10:36AM Halliburton suffered $35 million in losses due to an August ransomware attack by the RansomHub gang, which disrupted IT systems and client services. Despite limited operational impact, data was stolen. The company reported minimal financial effects, with expectations for cash flow remaining intact but potential future legal costs looming. ### … Read more
September 30, 2024 at 12:06PM Patelco Credit Union reported a ransomware attack in June, leading to a data breach of over 1 million individuals. The attackers obtained personal information, including names, birth dates, Social Security numbers, and more. Patelco is offering affected individuals two years of free credit monitoring and identity protection services, and is … Read more
September 25, 2024 at 01:36PM A ransomware attack by RansomHub’s affiliate has targeted Delaware Libraries, causing IT issues, shut computer labs, disrupted phone services, and leaked a small number of financial documents. The attack affected over 35 library sites and resulted in an extended system outage. The organization is working on recovery efforts and has … Read more
September 20, 2024 at 11:25AM The article discusses the Ransomhub ransomware’s utilization of EDRKillShifter to disable EDR and antivirus protections. Ransomhub also exploits the Zerologon vulnerability to take control of networks without authentication. The group has attacked various industries, employed spear-phishing, and used the affiliate model. Trend Micro’s Vision One telemetry data aided in uncovering … Read more
September 17, 2024 at 12:55PM Ransomware group Rhysida claims to have stolen over 3 TB of data from Port of Seattle, including personal information, and is auctioning it for 100 Bitcoin. The Port confirmed the ransomware attack and its refusal to pay the ransom. While services are being restored, the timeline for full recovery remains … Read more
September 12, 2024 at 02:04AM The cybercriminal group “CosmicBeetle” targets small businesses in Turkey, Spain, India, and South Africa with ransomware, often experiencing glitches due to its low sophistication. The group exploits older vulnerabilities, particularly in software used by small businesses, and has links to the LockBit group. Small and midsize businesses are its main … Read more
September 11, 2024 at 02:47PM The Meow ransomware group has gained momentum, claiming the second most active gang spot in global ransomware attacks. The group has shifted its focus from encrypting files to selling stolen data, adopting a new tactic in the cybercrime landscape. Meanwhile, RansomHub continues to dominate the rankings with 15 percent of … Read more
September 10, 2024 at 02:31PM The RansomHub ransomware gang has utilized TDSSKiller, a legitimate tool from Kaspersky, to neutralize endpoint detection and response (EDR) services on target systems. Based on the meeting notes, it appears that the RansomHub ransomware gang has been utilizing TDSSKiller, a legitimate tool from Kaspersky, to bypass endpoint detection and response … Read more
September 10, 2024 at 12:34PM CosmicBeetle debuts new ransomware, ScRansom, targeting SMBs globally, possibly as an affiliate for RansomHub. The attack spans various sectors and uses brute-force attacks and known security flaws for infiltration. Cicada3301 ransomware is observed with modifications, while a kernel-mode signed Windows driver, POORTRY, used by multiple ransomware gangs as an EDR … Read more
September 5, 2024 at 02:48PM Ransomware gang RansomHub claims to have stolen 93 GB of data from nonprofit Planned Parenthood, threatening to publish it unless a ransom is paid. The cybercriminal group has targeted over 200 victims, including organizations in various sectors. Planned Parenthood confirmed a cyberattack and is working to address the incident while … Read more