Ransomware
    MediSecure: Ransomware gang stole data of 12.9 million people
    MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack. The company was forced to shut down its website and phone lines to contain the breach, disclosing it on May 16 as a "cyber security incident." At the time, the Australian National Cyber Security Coordinator (NCSC), who was helping MEdiSecure to mitigate the breach, described it as a...
    By AFFA 2024-07-19 17:11:46 0 48
    Ransomware
    RansomHub extortion gang linked to now-defunct Knight ransomware
    June 5, 2024   08:39 AM   0 Security researchers analyzing the relatively new RansomHub ransomware-as-a-service believe that it has evoloved from the currently defunct Knight ransomware project. RansomHub has a short history and operated mainly as a data theft and extortion group that sells stolen files to the highest bidder. The gang grabbed attention in mid-April when it leaked stolen data from United Health subsidiary Change...
    By AFFA 2024-06-05 16:49:19 0 110
    Ransomware
    New ShrinkLocker ransomware uses BitLocker to encrypt your files
    May 24, 2024   10:59 AM   0 A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. ShrinkLocker, named so because it creates the boot volume by shrinking available non-boot partitions, has been used to target a government entity and companies in the vaccine and manufacturing sectors. Creating new boot volumes Ransomware using BitLocker to encrypt computers is not new. A threat actor used...
    By AFFA 2024-05-27 19:26:13 0 224
    Ransomware
    The Week in Ransomware - May 10th 2024 - Chipping away at LockBit
    May 10, 2024   06:01 PM   0 After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. On February 19, Operation Cronos took down LockBit's infrastructure and converted its data leak site into a law enforcement press release site where they released information about...
    By AFFA 2024-05-11 19:36:53 0 202
    Ransomware
    CISA: Black Basta ransomware breached over 500 orgs worldwide
    May 11, 2024   10:09 AM   0 ​CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. In a joint report published in collaboration with the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the two federal agencies added that the gang also encrypted and stole data from at least 12 out of 16 critical...
    By AFFA 2024-05-11 19:35:34 0 216
    Ransomware
    LockBit ransomware admin identified sanctioned in US UK amd Australia
    May 7, 2024   10:04 AM   2 The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor revealed for the first time. According to a new indictment by the US Department of Justice and a press release by the NCA, the LockBit ransomware operator known as 'LockBitSupp' and 'putinkrab' has been confirmed to be a...
    By AFFA 2024-05-07 18:35:00 0 461
    Ransomware
    Synlab Italia suspends operations following ransomware attack
    April 22, 2024   11:27 AM   0 Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. Part of the Synlab group that is present in 30 countries worldwide, the Synlab Italia network operates 380 labs and medical centers across Italy. It has an annual turnover of $426 million and carries out 35 million analyses every year. Late last week, the company announced that...
    By AFFA 2024-04-22 15:45:50 0 200
    Ransomware
    Ransomware payments drop to record low of 28% in Q1 2024
    April 21, 2024   10:21 AM   0 Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show companies are increasingly refusing to pay extortion demands, leading to a record low of 28% of companies paying ransom in the first quarter of 2024. This figure was 29% in Q4 2023, and Coveware's stats show that diminishing payments have remained steady since early 2019. This decrease is due to organizations implementing more...
    By AFFA 2024-04-21 19:36:53 0 188
    Ransomware
    The Week in Ransomware - April 19th 2024 - Attacks Ramp Up
    April 19, 2024   07:36 PM   0 While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. A relatively new operation called RansomHub gained media attention this week after a BlackCat affiliate used the newer operation's data leak site to extort Change HealthCare once again. Change HealthCare allegedly already paid a ransom, which was stolen from an...
    By AFFA 2024-04-20 01:32:19 0 146
    Ransomware
    The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack
    April 5, 2024   05:59 PM   0 Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. Panera's massive IT outage last month that took down internal systems, the website, mobile apps, and phones was caused by a ransomware attack encrypting the company's virtual machines. While the company has been able to restore servers from...
    By AFFA 2024-04-06 19:15:18 0 209
    Ransomware
    Hosting firm's VMware ESXi servers hit by new SEXi ransomware
    April 3, 2024   05:58 PM   2 Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups. PowerHost is a data center, hosting, and interconnectivity company with locations in the USA, South America, and Europe. On Monday, PowerHost's Chile division, IxMetro, warned customers that it suffered a ransomware attack early...
    By AFFA 2024-04-04 16:15:41 0 262
    Ransomware
    INC Ransom threatens to leak 3TB of NHS Scotland stolen data
    March 27, 2024   01:59 PM   0 The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland. In a post yesterday, the cybercriminals shared multiple images containing medical details and said that they would leak data "soon," unless the NHS pays a ransom. Scotland's NHS is the country’s public health system, providing services ranging from primary care,...
    By AFFA 2024-03-28 15:40:42 0 169
    Ransomware
    Ransomware as a Service and the Strange Economics of the Dark Web
    March 27, 2024   10:02 AM   0 Ransomware is changing, fast. The past three months have seen dramatic developments among the ransomware ecosystem to include the takedown of LockBit’s ransomware blog, BlackCat exiting the ecosystem, and the emergence of several smaller ransomware groups. This article aims to provide context for recent news. First we will cover how ransomware groups and affiliates work together. Then we’ll dive into affiliate...
    By AFFA 2024-03-27 14:50:22 0 255
    Ransomware
    LockBit ransomware affiliate gets four years in jail, to pay $860k
    March 13, 2024   07:42 AM   0 Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. Vasiliev was arrested in November 2022 and pleaded guilty to eight charges in February 2024, including cyber extortion, mischief, and weapons offenses. The man was a key member of the notorious LockBit ransomware gang, involved in many of the operation's...
    By AFFA 2024-03-13 15:50:55 0 339
    Ransomware
    The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand
    March 8, 2024   05:25 PM   1 We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. What makes this strange is that this seems to be a common routine for the DarkSide, I mean BlackCat/ALPHV, ransomware operation which tends to hit critical infrastructure, and then realize it was a big mistake. As it was, they...
    By AFFA 2024-03-09 21:23:10 0 254
More Articles
Read More
Microsoft
Microsoft: Windows 11 22H2 reaches end of service in October
Microsoft reminded customers today that multiple editions of Windows 11, version 22H2, will...
By AFFA 2024-07-08 19:00:40 0 136
Ransomware
The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand
March 8, 2024   05:25 PM   1 We saw another ransomware operation...
By AFFA 2024-03-09 21:23:10 0 254
Hacking
Hackers target WordPress database plugin active on 1 million sites
January 25, 2024   09:15 AM   2 Malicious activity targeting a...
By AFFA 2024-01-26 17:17:25 0 456
Cybercrime
Germany takes down largest cybercrime market in the country, arrests 6
March 1, 2024   11:45 AM   0 The Düsseldorf Police in Germany...
By AFFA 2024-03-01 18:51:42 0 303
Hacking
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now
April 16, 2024   02:36 PM   0 Exploit code is now available for a...
By AFFA 2024-04-17 00:55:22 0 154
© 2024 AFFA Social Underground English
English Arabic French Spanish Portuguese Deutsch Turkish Dutch Italiano Russian Romaian Portuguese (Brazil) Greek
About Terms Privacy Contact Us Directory