March 13, 2024 at 12:51PM Russian-Canadian national Mikhail Vasiliev, 34, sentenced to nearly four years in prison in Canada for his role in LockBit ransomware operation. He targeted at least three organizations in Canada, seeking ransom payments. The US is also pursuing charges against him. LockBit, operating under ransomware-as-a-service model, was a prolific operation until … Read more
March 1, 2024 at 08:57AM US government agencies issued a warning about ongoing Phobos ransomware attacks targeting critical infrastructure sectors. Operating since May 2019, Phobos employs a ransomware-as-a-service (RaaS) model, with tactics such as phishing emails, IP scanning, and use of remote access tools. Recommendations for mitigations and indicators of compromise are provided. From the … Read more
February 22, 2024 at 03:04AM Summary: LockBit, a Ransomware-as-a-Service, faced internal and external challenges resulting in a decline. The leaked LockBit builder led to confusion and loss of confidence. Technical issues and dissatisfaction among affiliates further aggravated the situation. The recent development of LockBit-NG-Dev suggests an upcoming version, indicating efforts to revive the group’s deteriorating … Read more
February 21, 2024 at 01:57PM SecurityWeek’s Cyber Insights annual series discusses major cybersecurity pain points, including the evolving CISO role and new SEC liability rules. Ransomware, a prevalent cyber extortion method, is anticipated to evolve with new tactics such as encryption-free extortion, AI-powered phishing, and politically motivated attacks. Ransomware-as-a-Service, zero-day vulnerabilities, and geopolitical tensions contribute … Read more
February 20, 2024 at 06:34AM Law enforcement arrested two operators of the LockBit ransomware gang, seized over 200 crypto-wallets, and developed a decryption tool in an international operation. French and U.S. authorities issued arrest warrants and indictments. Europol and other agencies coordinated the crackdown. The initiative, named Operation Chronos, disrupted LockBit’s primary platform and seized … Read more
January 5, 2024 at 04:53PM The source code and builder for the Zeppelin ransomware strain, previously considered defunct, were sold for $500 on a Russian cybercrime forum, prompting concerns about its potential revival. The buyer’s intent to reuse the code in a similar manner to previous cases is uncertain. The sale’s motive remains unclear, as … Read more
January 4, 2024 at 11:20AM A cybercriminal offered the Zeppelin ransomware source code and builder on a forum for $500. Despite questions about its legitimacy, screenshots indicate it is genuine. The seller, ‘RET,’ claims to have cracked the builder without a license and intends to sell it to a single buyer. Security flaws in Zeppelin’s … Read more
December 19, 2023 at 01:03AM The Play ransomware group has impacted around 300 entities and is using a double-extortion model to attack businesses and critical infrastructure globally. Ransomware attacks are increasingly exploiting vulnerabilities, leading to a rise in ransomware-as-a-service operations. The ransomware landscape continues to evolve, with emerging groups and collaboration among cybercriminals. Key takeaways … Read more
November 30, 2023 at 09:42AM Since early 2022, the Black Basta ransomware group has extorted over $100 million from victims. Linked to the defunct Conti group, Black Basta employs double extortion tactics, targeting diverse industries, primarily in the US. Analysis by Elliptic ties them to Conti and shows a significant portion of victims pay ransoms, … Read more
November 29, 2023 at 01:20PM Since April 2022, Black Basta, a Russia-linked ransomware gang, has obtained over $100 million from double extortion attacks on over 329 entities worldwide. Around 35% of its 90+ victims have paid ransoms, including multi-million dollar settlements. The group may originate from the disbanded Conti gang or have FIN7 ties. **Meeting … Read more