December 26, 2023 at 02:33AM Cybersecurity firm NCC Group reported that the Carbanak banking malware has been updated to launch ransomware attacks using new tactics and distribution methods, including impersonating business-related software. The attacks have increased, with over 4,000 cases reported in 2023, targeting various sectors globally. Key ransomware families include LockBit, BlackCat, and Play. … Read more
December 22, 2023 at 08:00AM A recent phishing campaign employs decoy Microsoft Word documents to distribute Nim-based malware. The backdoor lures victims to enable macros, then establishes a connection with a remote server disguised as a Nepali government entity. This comes amidst increased distribution of various malware strains and social engineering campaigns leveraging new tactics. … Read more
December 20, 2023 at 03:40PM BlackCat/ALPHV ransomware leaders claim they’ve restarted operations on their primary blog despite DOJ’s control. In response to law enforcement actions, they’ve lifted ban on cyberattacks against critical infrastructure. However, experts doubt their quick comeback ability. FBI seized server and data, but BlackCat set up a new site. Cybersecurity insiders warn … Read more
December 20, 2023 at 09:03AM Ransomware groups are increasingly using remote encryption in their attacks, targeting unmanaged devices to compromise entire networks. Microsoft revealed that about 60% of ransomware attacks involve remote encryption. This tactic renders process-based remediation measures ineffective, with compromised machines unable to detect malicious activity. Cybercriminals are also engaging with the media … Read more
December 19, 2023 at 06:22PM Qakbot malware has resurfaced, distributed through phishing emails targeting hospitality organizations. Microsoft, Zscaler, and Proofpoint reported sightings of a new 64-bit version using AES encryption. Despite a takedown in August, Qakbot’s operators continue distributing other malware. Lumu observed 1,581 attempted attacks in September, indicating the group’s resilience. The group’s continued … Read more
December 19, 2023 at 01:22PM The FBI and CISA released a joint Cybersecurity Advisory (CSA) to share known IOCs and TTPs linked to the ALPHV Blackcat ransomware. The advisory warns organizations of evolving tactics used by the threat actors, including advanced social engineering and remote access software deployment. It also provides mitigations and incident response … Read more
December 19, 2023 at 12:33PM The US Department of Justice seized the ALPHV/BlackCat ransomware operation’s websites and created a decryptor to assist around 500 affected companies in recovering their data for free. By utilizing a confidential human source, the FBI accessed the ransomware gang’s affiliate panel to obtain private decryption keys. This operation is the … Read more
December 19, 2023 at 11:45AM The U.S. Justice Department disrupted the BlackCat ransomware, issuing a decryption tool for victims. With FBI’s help, a confidential source breached the gang’s web panel. BlackCat, a major ransomware variant, operated a ransomware-as-a-service model and used double extortion. The action saved victims $68 million, dismantled the gang’s computer network, and … Read more
December 19, 2023 at 10:45AM Cybersecurity researchers disclosed details about the ransomware operation run by Russian national Mikhail Pavlovich Matveev, who allegedly led attacks worldwide. Matveev and his team demonstrate a relentless pursuit of ransom payments, engaging in dishonest practices and showing a disregard for ethical values. They utilize various tactics and tools for their … Read more
December 19, 2023 at 10:02AM The US Justice Department is distributing a decryptor to over 500 AlphV/BlackCat ransomware victims, aiming to prevent $68 million in ransom payments. This follows a joint operation with global authorities, which also defaced the group’s old leak site. Questions remain about the impact of the disruption campaign and the future … Read more