The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% […]
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident “began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation […]
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News. “GhostLocker and Stormous ransomware […]
Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies. Cyble, a renowned cyber threat intelligence company recognized for its research and findings, recently released its Q3 […]
The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That’s according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) […]
Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a “large-scale remote encryption attempt” made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant’s threat intelligence team is tracking the operator as Storm-1567. The attack leveraged devices that were not onboarded […]
The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. “During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal,” the FBI said […]
A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). […]
Several telescopes are still down weeks after a cybersecurity attack was discovered by US National Science Foundation (NSF) researchers. There is presently no information available on when the Gemini North telescope in Hawaii and the Gemini South telescope in Chile will resume operations. A number of smaller telescopes on the slopes of Cerro Tololo in Chile […]
A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally. “It probably finds its way into victim organizations by its operators compromising vulnerable web servers or via brute forcing RDP credentials,” ESET security researcher Jakub Souček said in a detailed […]
Ransomware groups often recycle tools, techniques, and procedures. Even some of them also provide playbooks for affiliates as well. Numerous use Cobalt Strike for remote access, employ RDP brute force, and target Domain Controller servers to control network machines. Cybersecurity researchers at Sophos X-Ops recently reported their investigation on ransomware attacks from Jan 2023 publicly, […]
High-profile ransomware attacks on corporations like Kaseya, Colonial Pipeline, and MOVEit may lead to the misconception that only large organizations are targeted. However, the fact is that underestimating the risk due to focusing on large organizations may increase your vulnerability to ransomware attacks. Cybersecurity researchers at Trellix recently asserted that organizations with 51-200 employees, which […]
The sudden surge in the activity of 8base ransomware in June 2023 shows it is a well-established organization to execute attacks that alarms security professionals and industries. The group utilizes encryption paired with “name-and-shame” techniques to compel their victims to pay their ransoms in Bitcoin. They target small business services, manufacturing, and construction sectors and […]
A new variant of Mallox ransomware, also known as “Target company” ransomware, adopts a unique method of appending the name of the targeted company as a file extension to encrypt the files and launch the ransomware attack. The Mallox threat actor distributes ransomware via a downloader attached to spam emails by targeting unsecured internet-facing Microsoft […]
Following events that have affected at least a half dozen other comparable institutions in recent months, the Kaiserslautern University of Applied Sciences (HS Kaiserslautern) has become the latest German-speaking university to be targeted by a ransomware attack. HS Kaiserslautern is one of the major applied science universities in the state of Rhineland-Palatinate, which is located […]
A new ransomware variant called “Akira” has emerged, targeting multiple organizations and employing a double-extortion technique by exfiltrating and encrypting sensitive data, with the threat of selling or leaking it on the dark web unless the ransom is paid for decryption. Ransomware, a significant cybersecurity threat, poses severe consequences such as financial and data loss […]
In a cyberattack coverage dispute that involved $1.4 billion, an appeals court in New Jersey issued a ruling that had the potential to set a precedent in favor of Merck & Co. Inc. The court held that a group of insurers cannot use the fact that there is now a war as a basis to […]
Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to […]
NCR, a major player in the US payments industry, admitted it was a target of a ransomware attack for which the BlackCat/Alphv group claimed responsibility. On April 12, NCR revealed that it was looking into an “issue” with its Aloha restaurant point-of-sale (PoS) system. The business announced an outage at a single data center had […]
Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems. The company said it “promptly” initiated incident response and recovery measures after detecting “network anomalies.” It also said it alerted law enforcement agencies of the matter. That said, MSI did not disclose any specifics […]
The hacking gang known as Alphv claims to have broken into the network of Sun Pharmaceutical Industries Ltd. and stolen more than 17 terabytes of data, including the personal information of more than 1,500 workers, some of whom were located in the United States and Europe. The hackers claim that they tried to extort a […]