Patelco Credit Union Says Breach Impacts 726k After Ransomware Gang Auctions Data

August 26, 2024 at 05:45AM Patelco Credit Union, based in California, reported a data breach by a ransomware group. The attack compromised personal data from its systems, affecting 726,000 customers and employees. The stolen information includes names, Social Security numbers, and email addresses. The organization is offering two years of free identity protection services and … Read more

Understanding the ‘Morphology’ of Ransomware: A Deeper Dive

August 22, 2024 at 10:39AM The WithSecure’s Ransomware Landscape report for H1 2024 reveals the underlying morphology shaping the visible landscape of ransomware attacks. While leak sites and public reports provide growth insights and sector-specific attack trends, the report also discusses the changing lexicography of ransomware, law enforcement actions’ impact, and the rebranding and migration … Read more

RansomHub-linked EDR-killing malware spotted in the wild

August 18, 2024 at 09:57PM A new malware called EDRKillShifter has been identified by Sophos, using legitimate but vulnerable drivers to deliver ransomware to targets and disrupt endpoint detection and response software. Additionally, a critical vulnerability has been reported in SolarWinds Web Help Desk, while NetSuite SuiteCommerce and SiteBuilder sites are found to be exploitable. … Read more

Ransomware gang deploys new malware to kill security software

August 15, 2024 at 02:03PM RansomHub ransomware operators have deployed a new malware, EDRKillShifter, to disable EDR security software in BYOVD attacks. Discovered by Sophos researchers, the malware exploits vulnerable drivers to escalate privileges and disable security solutions. Sophos recommends enabling tamper protection and maintaining a separation between user and admin privileges to mitigate such … Read more

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

August 15, 2024 at 07:33AM A cybercrime group linked to RansomHub ransomware has been using a new tool, EDRKillShifter, to disable endpoint detection and response software on compromised hosts. This tool is a delivery mechanism for vulnerable drivers and can deliver different driver payloads. It’s important to keep systems updated and enable tamper protection in … Read more

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

July 17, 2024 at 02:54AM Cybercrime group Scattered Spider has integrated ransomware strains RansomHub and Qilin in its activities, per Microsoft. Scattered Spider employs social engineering to breach and persist in targets, with a history of targeting VMWare ESXi servers. RansomHub, a widely used ransomware, has been linked to various threat actors. Microsoft urges security … Read more

Microsoft: Scattered Spider Widens Web With RansomHub & Qilin

July 16, 2024 at 05:27PM Microsoft’s Threat Intelligence Team warns of Octo Tempest, also known as Scattered Spider, adding RansomHub and Qilin to its attack arsenal. The threat actor uses sophisticated social engineering, identity compromises, and targets VMware ESXi servers. Notably, it is behind major ransomware attacks on Caesars Palace and MGM Entertainment. The group … Read more

Scattered Spider’s fave new ransomware tools are RansomHub and Qilin

July 16, 2024 at 02:15PM The Scattered Spider cybercrime group, also known as Octo Tempest, is now utilizing RansomHub and Qilin ransomware variants in its attacks. This showcases a potential power shift among hacking groups. Microsoft has identified Scattered Spider as a sophisticated and threatening group, accounting for a significant portion of its investigations. Additionally, … Read more

Rite Aid Becomes RansomHub’s Latest Victim After Data Breach

July 15, 2024 at 12:40PM Rite Aid announced a data breach in which a third-party threat actor gained unauthorized access to certain systems. No sensitive personal information was compromised, but customer data related to retail purchases was accessed. RansomHub gang claims responsibility and has threatened to leak stolen data if a ransom is not paid … Read more

Rite Aid confirms data breach after June ransomware attack

July 12, 2024 at 02:49PM Rite Aid confirmed a data breach caused by a cyberattack in June. The breach, claimed by the RansomHub ransomware operation, compromised customer information. The company assured that it is investigating and sending notifications to affected customers. It stated that no health or financial information was impacted. RansomHub is known for … Read more