* U.S. banks and financial institutions processed more than $1 billion in potential ransomware-related payments in 2021. * It’s a new record and almost triple the amount that was reported the previous year. * Over half the ransomware attacks are attributed to suspected Russian cyber hackers, according to a new report.

Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint

Actions to take today to mitigate cyber threats from ransomware: • Install updates for operating systems, software, and firmware as soon as they are released. • Require phishing-resistant MFA for as many services as possible. • Train users to recognize and report phishing attempts.

Two new extortion gangs named 'TommyLeaks' and 'SchoolBoys' are targeting companies worldwide. However, there is a catch — they are both the same ransomware gang.

Les pirates informatiques du groupe CUBA, spécialisés dans le rançonnage d’entreprise, viennent de diffuser les informations volées à deux mairies françaises.

A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

Caen a profité des suites d’un démonstrateur de l'EDR d'HarfangLab en attente de contractualisation pour détecter les prémices du possible déploiement d’un rançongiciel. L’intrusion est avérée, un nettoyage en cours, mais le chiffrement a été évité. Et très probablement le vol de données aussi.

BlueSky Ransomware is a modern malware using advanced techniques to evade security defences. It predominantly targets Windows hosts and utilizes the Windows multithreading model for fast encryption.

BianLian is a financially motivated threat actor that targets a wide range of industries. It uses the exotic programming language “Go” to encrypt files with unusual speed.

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.

Assurément passionné, le débat sur l’indemnisation des rançons par les assurances cyber souffre d’absents majeurs : les victimes de cyberattaque avec ransomware ayant cédé au chantage. Mais qui sont-elles ?

Cyble Research and Intelligence Labs analyzes Fake ransomware, a destructive malware capable of wiping out system drives.

A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability

In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. …

New version of Exmatter, and Eamfo malware, used by attackers deploying the Rust-based ransomware.

California's largest public school district and the second-largest in the U.S. is undergoing a ransomware attack. The attack has disrupted the district's email

School is out for more than 3,000 students of a suburban Detroit district undergoing its second day of forensics analysis following an online attack. Students have

The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor.

While working a recent ransomware incident, BlackBerry identified a group whose name and TTPs mimicked the long-standing, popular ransomware crew Conti. Furthermore, the encryptor payload used in the attack was taken from the original group and modified for use with this new group. Who was this doppelganger?

Mandiant attributes the ransomware attack against the Albanian government network in July of 2022 to an Iranian threat actor.

Partially encrypting victims' files improves ransomware speed and aids evasion. First seen in LockFile, the technique is now being widely adopted.

Whether Conti has rebranded as Monti in a bid to mock the former strain or it is just another new ransomware variant on the block.

Selon les premiers éléments de l’enquête technique conduite par l’Anssi, l’assaillant accédait déjà au système d’information du CHSF de Corbeil-Essonnes, via l’accès VPN, 10 jours avant de déclencher le ransomware.

The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.

Editor’s Note: Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand. The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.

A ransomware group has hit at least one water company in the United Kingdom, but there is some confusion over whose systems were actually breached.

Increased targeting of developing and middle-income countries by ransomware actors presents a challenge to political resilience, economic development and global cyber security.

Its IT provider says it may take three or four weeks to fully recover from the cyber-attack.

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.

SEKOIA.IO presents its Ransomware threat landscape for the first semester of 2022, with the following key points: * Ransomware victimology – recent evolutions * A busy first half of the year – several newcomers in the ransomware neighborhood * Cross-platform ransomware features trend * New extortion techniques * State-nexus groups carrying out ransomware campaigns * Ransomware threat groups’ Dark Web activities * A shift towards extortion without encryption?