March 6, 2024 at 11:27AM BlackCat ransomware operators have shut down their darknet website in an apparent exit scam, following a fake law enforcement seizure banner. The group allegedly received a $22 million ransom payment, refused to share proceeds, and may rebrand in the future. Cybersecurity experts speculate the motives, citing possible internal concerns and … Read more
March 6, 2024 at 09:21AM The US Department of Health and Human Services (HHS) is actively supporting healthcare providers following a ransomware attack on Change Healthcare, ensuring patient care is maintained. HHS is working with various agencies to expedite claims and payments, encourage payers to waive requirements, and provide information on accelerated payment opportunities. The … Read more
March 6, 2024 at 06:54AM The Alphv/BlackCat gang has announced the shutdown of its ransomware operation and the sale of its source code. This follows a dispute over a $22 million ransom payment from Change Healthcare, with an affiliate claiming the gang refused to share the fee, prompting suspicions of an exit scam. The incident … Read more
March 6, 2024 at 02:15AM GhostSec, a cybercrime group, has partnered with Stormous to launch double extortion ransomware attacks on businesses globally. They are part of a coalition called The Five Families, offering a new ransomware-as-a-service (RaaS) program called STMX_GhostLocker. The groups have also introduced a Go-written ransomware called GhostLocker 2.0 and developed hacking tools … Read more
March 5, 2024 at 08:15AM Cybercriminals are conducting widespread attacks across the Middle East, Africa, and Asia using the new GhostLocker 2.0 ransomware. Affected organizations include technology companies, universities, manufacturing, transportation, and government organizations. The attackers demand payment for decryption keys and threaten to release stolen data if their demands are not met. Cisco Talos … Read more
March 4, 2024 at 04:08PM ALPHV/BlackCat, responsible for the Change Healthcare cyberattack, received over $22 million in Bitcoin, potentially a ransomware payment. UnitedHealth Group declined to confirm if ransom was paid. Change Healthcare’s systems were affected, disrupting services for 70,000+ American pharmacies and hospitals. The gang may have stolen the $22 million from their affiliates. … Read more
March 4, 2024 at 12:48PM ALPHV/BlackCat ransomware gang has shut down its servers amid claims they scammed an affiliate of $22 million for an attack on Optum through the Change Healthcare platform. It is unclear if this is an exit scam or a rebranding attempt. The gang has a history of rebranding, with previous iterations … Read more
March 4, 2024 at 04:37AM Operation Cronos, a multinational effort to dismantle ransomware gang LockBit, surprises with a humorous twist as law enforcement tampered with the gang’s website. Despite the takedown, LockBit reappeared, raising concerns about the resilience of criminal organizations and the challenges of combating them, especially in the context of cryptocurrency. This event … Read more
March 4, 2024 at 03:58AM The Trend Micro threat hunting team recently discovered an RA World ransomware attack using multistage components to ensure maximum impact. The group has successfully breached organizations globally, with a focus on healthcare and financial sectors. The attack involves complex stages, including initial access, privilege escalation, lateral movement, persistence, defense evasion, … Read more
March 3, 2024 at 10:20PM LockBit ransomware gang continues operations despite law enforcement takedown, claiming to possess sensitive data. Analyst suggests gang’s posturing to reassure affiliates, while CISA warns Ivanti vulnerabilities could persist even after factory resets. Security researchers raise concerns about potential cloud-based SAML token forgery vulnerability, advising organizations to safeguard certificates against potential … Read more