INC Ransom threatens to leak 3TB of NHS Scotland stolen data
March 27, 2024
01:59 PM
0
The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland.
In a post yesterday, the cybercriminals shared multiple images containing medical details and said that they would leak data "soon," unless the NHS pays a ransom.
Scotland's NHS is the country’s public health system, providing services ranging from primary care,...
Ransomware as a Service and the Strange Economics of the Dark Web
March 27, 2024
10:02 AM
0
Ransomware is changing, fast. The past three months have seen dramatic developments among the ransomware ecosystem to include the takedown of LockBit’s ransomware blog, BlackCat exiting the ecosystem, and the emergence of several smaller ransomware groups.
This article aims to provide context for recent news. First we will cover how ransomware groups and affiliates work together. Then we’ll dive into affiliate...
LockBit ransomware affiliate gets four years in jail, to pay $860k
March 13, 2024
07:42 AM
0
Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation.
Vasiliev was arrested in November 2022 and pleaded guilty to eight charges in February 2024, including cyber extortion, mischief, and weapons offenses.
The man was a key member of the notorious LockBit ransomware gang, involved in many of the operation's...
The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand
March 8, 2024
05:25 PM
1
We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government.
What makes this strange is that this seems to be a common routine for the DarkSide, I mean BlackCat/ALPHV, ransomware operation which tends to hit critical infrastructure, and then realize it was a big mistake.
As it was, they...
Switzerland: Play ransomware leaked 65,000 government documents
March 7, 2024
03:27 PM
1
The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.
Xplain is a Swiss technology and software solutions provider for various government departments, administrative units, and even the country's military force. The Play ransomware gang breached...
BlackCat ransomware shuts down in exit scam, blames the "feds"
March 5, 2024
10:49 AM
1
The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates’ money by pretending the FBI seized their site and infrastructure.
The gang announced they are now selling the source code for the malware for the hefty price of $5 million.
On a hacker forum, ALPHV said that they decided "to close the project" because of "the feds," without providing additional details or a clarification....
BlackCat ransomware turns off servers amid claim they stole $22 million ransom
March 4, 2024
12:44 PM
0
The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.
While BlackCat's data leak blog has been down since Friday, BleepingComputer had confirmed that negotiation sites were still active over the weekend.
Today, BleepingComputer confirmed the ransomware operations negotiation...
LockBit ransomware returns to attacks with new encryptors, servers
February 28, 2024
01:31 PM
0
The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption.
Last week, the NCA, FBI, and Europol conducted a coordinated disruption called 'Operation Cronos' against the LockBit ransomware operation.
As part of this operation, law enforcement seized infrastructure, retrieved decryptors, and, in an embarrassing...
Ransomware gang claims they stole 6TB of Change Healthcare data
February 28, 2024
02:33 PM
0
Image: Midjourney
The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform.
Change Healthcare is the largest payment exchange platform used by more than 70,000 pharmacies across the United States. UHG is the world's largest healthcare company by revenue, employing...
New ScreenConnect RCE flaw exploited in ransomware attacks
February 22, 2024
01:34 PM
0
Update February 23, 07:02 EST: Sophos published a report today saying that the ransomware payloads they spotted were built using the LockBit ransomware builder leaked online by a disgruntled malware developer in late September 2022.
The samples seen by Sophos in this week's attacks were a buhtiRansom LockBit variant dropped on 30 different customer networks and a second payload created...
LockBit ransomware gang has over $110 million in unspent bitcoin
February 23, 2024
01:13 PM
0
The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation.
Following the LockBit takedown in Operation Cronos, the National Crime Agency (NCA) in the U.K. with support from blockchain analysis company Chainalysis identified more than 500 cryptocurrency addresses being active....
Police arrest LockBit ransomware members, release decryptor in global crackdown
February 20, 2024
06:30 AM
2
Update February 20, 07:21 EST: Article updated with further details on the operation.
Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.
French and U.S. judicial authorities also issued three...
Ransomware Groups, Targeting Preferences, and the Access Economy
February 20, 2024
10:01 AM
0
How do ransomware groups pick their targets? It’s a rhetorical question: in the vast majority of cases they don’t. Ransomware-as-a-service (RaaS) platforms and ransomware affiliate ecosystems do not operate alone, but instead, they rely on a sophisticated cybercrime supply chain that enables access to corporate IT environments.
Ransomware groups and affiliates in many cases don’t “choose” targets,...
Knight ransomware source code for sale after leak site shuts down
February 20, 2024
11:28 AM
0
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation.
Knight ransomware launched at the end of July 2023 as a re-brand of the Cyclops operation, targeting Windows, macOS, and Linux/ESXi systems.
It gained some traction because it provided info-stealers and a ‘lite’ version of its...
US offers up to $15 million for tips on ALPHV ransomware gang
February 15, 2024
01:57 PM
0
The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders.
An additional $5 million bounty is also available for tips on individuals trying to take part in ALPHV ransomware attacks, likely to discourage affiliates and initial access brokers.
The FBI linked this ransomware gang to over 60 breaches...
More Articles
Read More
Android XLoader malware can now auto-execute after installation
February 8, 2024
01:34 PM
0
A new version of the XLoader...
Microsoft says Russian hackers breached its systems, accessed source code
March 8, 2024
10:31 AM
0
Microsoft says the Russian 'Midnight...
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks
January 17, 2024
10:32 AM
0
A new vulnerability dubbed...
Admin of major stolen account marketplace gets 42 months in prison
March 15, 2024
12:07 PM
0
Moldovan national Sandu Boris...
US govt sanctions North Korea’s Kimsuky hacking group
November 30, 2023
05:08 PM
3
The Treasury Department's Office...