Found 45 bookmarks
Custom sorting
Russian vodka producer reports disruptions after ransomware attack | The Record from Recorded Future News
Russian vodka producer reports disruptions after ransomware attack | The Record from Recorded Future News
therecord.media - Novabev Group, the Russian maker of Beluga Vodka and other brands, had to stop shipments and temporarily close stores in its WineLab subsidiary after a ransomware attack. More than 2,000 WineLab liquor stores across Russia have remained shut for three days following a ransomware attack on their parent company, one of Russia’s largest alcohol producers. Signs on WineLab doors said the stores were closed due to “technical issues.” The attack crippled parts of the Novabev Group’s infrastructure, affecting WineLab’s point-of-sale systems and online services. The company confirmed that the attackers had demanded a ransom but said it refused to negotiate. “The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands,” Novabev Group said in a statement on Wednesday. There is no indication so far that customer data has been compromised, though an investigation is ongoing, the company added. The identity of the attackers remains unknown. No ransomware group has claimed responsibility for the incident, and Novabev has not publicly attributed the attack. Novabev Group is a major Russian producer and distributor of spirits, including the Beluga and Belenkaya vodka brands. The cyberattack has halted product shipments from Novabev for at least two days, according to local retailers quoted by Russian media outlet Vedomosti. Customers also reported being unable to pick up orders from retail locations or parcel lockers, with customer service offering to extend storage periods for online purchases. WineLab’s stores are currently closed in major cities, including Moscow, St. Petersburg and surrounding regions, according to location data from Yandex Maps. Novabev’s website and mobile app also remain offline. Forbes Russia estimated that each day of downtime could cost WineLab 200 million to 300 million rubles ($2.6 million to $3.8 million) in lost revenue. Cybersecurity experts interviewed by Forbes said they could not recall a comparable case in which a major Russian retail chain was forced to shut down entirely due to a cyberattack. Novabev said its internal IT team is working “around the clock” with external specialists to restore operations and strengthen defenses against future threats.
#therecord.media#EN#2025#Novabev#Group#Vodka#Russia#cyberattack
·therecord.media·
Russian vodka producer reports disruptions after ransomware attack | The Record from Recorded Future News
NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign | TechCrunch
NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign | TechCrunch
Spyware maker NSO Group will have to pay more than $167 million in damages to WhatsApp for a 2019 hacking campaign against more than 1,400 users. On Tuesday, after a five-year legal battle, a jury ruled that NSO Group must pay $167,254,000 in punitive damages and around $444,719 in compensatory damages. This is a huge legal win for WhatsApp, which had asked for more than $400,000 in compensatory damages, based on the time its employees had to dedicate to remediate the attacks, investigate them, and push fixes to patch the vulnerability abused by NSO Group, as well as unspecified punitive damages. WhatsApp’s spokesperson Zade Alsawah said in a statement that “our court case has made history as the first victory against illegal spyware that threatens the safety and privacy of everyone.” Alsawah said the ruling “is an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone. Today, the jury’s decision to force NSO, a notorious foreign spyware merchant, to pay damages is a critical deterrent to this malicious industry against their illegal acts aimed at American companies and the privacy and security of the people we serve.” NSO Group’s spokesperson Gil Lainer left the door open for an appeal. “We will carefully examine the verdict’s details and pursue appropriate legal remedies, including further proceedings and an appeal,” Lainer said in a statement.
#techcrunch#EN#2025#NSO#Group#WhatsApp#damages#punitive#spyware#legal
·techcrunch.com·
NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign | TechCrunch
Inside the Open Directory of the “You Dun” Threat Group
Inside the Open Directory of the “You Dun” Threat Group
  • Analysis of an open directory found a Chinese speaking threat actor’s toolkit and history of activity. The threat actor displayed extensive scanning and exploitation using WebLogicScan, Vulmap, and Xray, targeting organizations in South Korea, China, Thailand, Taiwan, and Iran. The Viper C2 framework was present as well as a Cobalt Strike kit which included TaoWu and Ladon extensions. * The Leaked LockBit 3 builder was used to create a LockBit payload with a custom ransom note that included reference to a Telegram group which we investigated further in the report.
#thedfirreport#EN#2024#Analysis#open-directory#LockBit#operational#You-Dun#group#China#tools#scan
·thedfirreport.com·
Inside the Open Directory of the “You Dun” Threat Group
Vanir Ransomware Group onion site seized by German law enforcement
Vanir Ransomware Group onion site seized by German law enforcement
Threat actors called Vanir Ransomware Group posted a few listings in July. Tonight, however, their onion site has a seized message: ” THIS HIDDEN SITE HAS BEEN SEIZED by the State Bureau of Investigation Baden-Württemberg as a part of a law enforcement action taken against Vanir Ransomware Group “
#databreaches#EN#2024#Vanir#Ransomware#Group#seized
·databreaches.net·
Vanir Ransomware Group onion site seized by German law enforcement
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day
#bleepingcomputer#EN#2024#Your#Lazarus#Own#BYOVD#Driver#Zero-Day#Vulnerability#Bring#CVE-2024-38193#Group#Microsoft
·bleepingcomputer.com·
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice
The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world since its inception, including networks that support U.S. critical infrastructure.
#justice.gov#EN#2023#ALPHV#Blackcat#ransomware#group#Disrupts#announce
·justice.gov·
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice
Negotiating with LockBit: Uncovering the Evolution of Operations and Newly Established Rules
Negotiating with LockBit: Uncovering the Evolution of Operations and Newly Established Rules
What defines success for ransomware actors during an attack? Breaching a victim’s network, exfiltrating valuable data, and encrypting systems are crucial components. However, the ultimate measurement of success is the actor’s ability to extort a ransom payment, which determines if they achieve their financial goals. Navigating the ransom negotiation phase, whether conducted by the victims themselves or designated recovery firms, demands a high level of expertise and a deep understanding of the attackers involved. This includes studying of the threat actor’s profile, tactics, and evolving strategies. In this complex landscape, there is no one-size-fits-all playbook for successfully managing the negotiation phase, as each ransomware group exhibits distinct behaviors and adopts new tactics shaped by many factors.
#analyst1#EN#2023#LockBit#threat-actor#TTP#ransomware#group
·analyst1.com·
Negotiating with LockBit: Uncovering the Evolution of Operations and Newly Established Rules