November 18, 2024 at 03:04PM Akira ransomware group has listed over 30 victims on its data-leak site, marking a record high. Predominantly targeting the U.S., the group focuses on various sectors, particularly business services. The uptick in activity suggests an escalation trend among ransomware groups. Akira’s operations are expected to grow further in 2023. ### … Read more
November 18, 2024 at 02:51PM Evgenii Ptitsyn, a Russian suspected of leading the Phobos ransomware operation, has been extradited from South Korea to the U.S. He faces multiple cybercrime charges for his involvement in extorting over $16 million from more than 1,000 entities by coordinating ransomware attacks since November 2020. ### Meeting Takeaways: 1. **Extradition … Read more
October 4, 2024 at 08:30AM Ransomware attacks have surged, with an 81% increase from 2023 to 2024. Cybercriminals are now targeting African nations as a testing ground due to weaker cybersecurity defenses. African businesses must guard against broader targeting and adopt advanced security measures. Collaboration between nations is crucial in combating this growing global threat. … Read more
September 27, 2024 at 07:30AM Storm-0501, a financially motivated threat actor, has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. with ransomware attacks. They use weak credentials, remote code execution vulnerabilities, and various tools for lateral movements and data exfiltration. The group is also linked to the deployment of Embargo ransomware in … Read more
September 19, 2024 at 08:36AM Microsoft warns of the INC ransomware used by threat actor Vanilla Tempest to target US healthcare organizations. The attacker leverages Gootloader malware to expand network access, utilizing tools like AnyDesk, MEGA, RDP, and WMI Provider Host to execute the ransomware payload. They have been active for at least two years … Read more
September 11, 2024 at 02:47PM The Meow ransomware group has gained momentum, claiming the second most active gang spot in global ransomware attacks. The group has shifted its focus from encrypting files to selling stolen data, adopting a new tactic in the cybercrime landscape. Meanwhile, RansomHub continues to dominate the rankings with 15 percent of … Read more
August 28, 2024 at 07:39AM The BlackByte ransomware group has been found exploiting a recently patched security flaw in VMware ESXi hypervisors, and using vulnerable drivers to bypass security protections, according to a report from Cisco Talos. The group is also targeting various sectors and has been observed evolving its tactics to evade detection and … Read more
August 7, 2024 at 01:37AM Hunters International, a ransomware-as-a-service gang suspected of rebranding from the Hive crew, has been targeting network admins with malware disguised as Angry IP Scanner. The group’s use of double extortion attacks and rise to the top ten most detected ransomware mobs has positioned them as a significant threat, having been … Read more
June 14, 2024 at 12:42PM CISA added a high-severity Windows vulnerability (CVE-2024-26169) to its list of actively exploited bugs. It allows attackers to gain SYSTEM permissions without user interaction. Microsoft patched it on March 12, 2024, but the Black Basta ransomware gang likely exploited it as a zero-day. FCEB agencies have three weeks to secure … Read more
March 14, 2024 at 02:35PM LockBit ransomware kingpin, Mikhail Vasiliev, has been sentenced to nearly four years in prison and ordered to pay over CA$860,000 in restitution to his victims by a Canadian court. He awaits extradition to the US, facing additional charges. The LockBit gang, known for extorting over $120 million, was targeted by … Read more