Charlotte, NC – February 22, 2023– Dole plc (DOLE:NYSE) announced today that the company recently experienced a cybersecurity incident that has been identified as ransomware.

The Interim City Administrator of the City of Oakland declared a state of emergency.after a ransomware attack crippled the city’s services a week ago

The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations.

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.

The United Kingdom and United States on Thursday sanctioned seven people connected to what officials have told The Record is a single network behind the Conti and Ryuk ransomware gangs as well as the Trickbot banking trojan. The sanctions are described as the first major move of a “new campaign of concerted action” between Britain and the United States, and insiders say that further actions should be expected later this year.

Ransomware gang says it will share the stolen information in a matter of days

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware.

In this week's Ransomware Roundup, FortiGuardLabs covers Trigona ransomware along with protection recommendations. Read the blog to find out more.

In the last year, HIVE ransomware has been identified as a major threat as it has been used to compromise and encrypt the data and computer systems of large IT and oil multinationals in the EU and the USA. Since June 2021, over 1 500 companies from over 80 countries worldwide have fallen victim to HIVE associates and lost almost...

The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang is behind attacks targeting private-sector corporations and other high-profile industries worldwide. News and media outlets have documented many LockBit attacks, while security vendors offer technical assessments explaining how each occurred. Although these provide insight into the attacks, I wanted to know more about the human side of the operation to learn about the insights, motivations, and behaviors of the individuals on the other side of the keyboard. To prepare for this project, I spent months developing several online personas and established their credibility over time to gain access to the gang’s operation.

The arrest comes as the U.S. ramps up efforts to crack down on attempts by cybercriminals to use cryptocurrency to evade sanctions.

The Vice Society ransomware gang has claimed responsibility for the November 2022 cyberattack that forced the University of Duisburg-Essen (UDE) to reconstruct its IT infrastructure, a process that's still ongoing.

Postal service has been unable to send letters and parcels overseas since Wednesday due to hacking Royal Mail has been hit by a ransomware attack by a criminal group, which has threatened to publish the stolen information online. The postal service has received a ransom note purporting to be from LockBit, a hacker group widely thought to have close links to Russia.

Confidential details including child passport scans and SEN data is published online, the BBC finds.

The news organization won't go into detail about what attackers hit, and why.

We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora Ransomware. The assumed connection to the Pandora Ransomware was due to some similarities between the CatB and Pandora ransom notes. However, the similarities pretty much end there. The CatB ransomware implements several anti-VM techniques to verify execution on a “real machine”, followed by a malicious DLL drop and DLL hijacking to evade detection.

More than 200 local governments, schools and hospitals in the U.S. were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft. The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.

In a New Year's Eve apology, the LockBit ransomware gang has expressed regret for attacking Toronto's Hospital for Sick Children and sent a free decryptor so files can be unscrambled. According to Brett Callow, a B.C.-based threat analyst for Emsisoft, the gang posted a message on its site claiming the attack was the work of an affiliate and violated their rules.

New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.

Cyble Research and Intelligence Labs analyzes multiple ransomware strains created based on leaked source code of Conti Ransomware.

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

Incident has hit parts of media company’s technology infrastructure, with staff told to work from home

“TargetCompany” is a type of ransomware that was first identified in June 2021. The researchers named it TargetCompany ransomware because it adds the targeted company name as a file extension to the encrypted files. In September 2022, researchers identified a TargetCompany ransomware variant targeting Microsoft SQL servers and adding the “Fargo” extension to the encrypted files. TargetCompany ransomware is also known to add a “Mallox” extension after encrypting the files.

* Check Point Research (CPR) provides under-the-hood details of its analysis of the infamous Azov Ransomware * Investigation shows that Azov is capable of modifying certain 64-bit executables to execute its own code * Azov is designed to inflict impeccable damage to the infected machine it runs on * CPR sees over 17K of Azov-related samples submitted to VirusTotal

Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.

Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.

The latest FortiGuard Labs Threat Signal Ransomware Roundup covers the Cryptonite ransomware, along with protection recommendations. Read more.

The WatchGuard Security Team spends a lot of time chasing ransomware extortion groups throughout the dark web. So, it only fits that one of the newer ransomware extortion groups is named Endurance Ransomware. It appears this “group” is one individual known as IntelBroker, who has allegedly breached several entities of the US government and two […]

Vanuatu - an island courted by the US and China - has been stranded offline for over a week.

Cyble analyzes a new wave of ransomware attacks being led by AXLocker, Octocrypt, and Alice ransomware and how they target Discord tokens.