Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities | TechCrunch
The hackers responsible for exploiting a flaw to target users of a popular file transfer tool has begun listing victims of the mass-attacks
TAG Aviation: Black Basta pirate une compagnie romande
La société TAG Aviation a été victime d'une attaque par ransomware. Les recherches de watson révèlent que Black Basta est à l'origine de cette attaque.
Switzerland under cyberattack
The Swiss government is under DDoS attacks, but several ransomware gangs have also turned their sights on other Swiss organizations.
Unmasking the Darkrace Ransomware Gang
Cyble analyses Darkrace Ransomware, a new ransomware group shares similarities with infamous LockBit Ransomware.
L’armée suisse et Fedpol touchés par une cyberattaque
Des cyberpirates ont mis la main sur des données de plusieurs offices de l'administration fédérale et les ont
Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals - SecurityWeek
Enzo Biochem says the clinical test information of roughly 2.47 million individuals was exposed in a recent ransomware attack.
The professionalization of cyber crime
The huge profits of ransomware have led to a rapid evolution and professionalization of the wider cyber crime industry, and the rapid growth of a supporting underground marketplace of products and service providers. PDF doc
Hundreds of Swiss students and teachers have data stolen
A total 761 people had sensitive personal data hacked during a cyberattack on the education department of the Swiss city of Basel.
ABB provides details about IT security incident
ABB recently became aware of an IT security incident that impacted certain ABB systems. ABB started an investigation, retained leading experts, notified certain law enforcement and data protection authorities, and implemented measures to contain and assess the incident. The incident has now been successfully contained.
German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack
Rheinmetall confirmed on Monday that the Black Basta ransomware group was behind a cyberattack it detected last month.
IT employee impersonates ransomware gang to extort employer
A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized computer access with criminal intent and blackmailing his employer.
BlackCat Ransomware Deploys New Signed Kernel Driver
In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase.
MalasLocker ransomware targets Zimbra servers, demands charity donation
A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking.
Multinational tech firm ABB hit by Black Basta ransomware attack
Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations.
White Phoenix: Beating Intermittent Encryption
Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted...
Akira Ransomware is “bringin’ 1988 back”
A new recently observed ransomware family dubbed Akira uses a retro aesthetic on their victim site very reminiscent of the 1980s green screen consoles and possibly takes its namesake from the popular 1988 anime film of the same name.
Meet Akira — A new ransomware operation targeting the enterprise
The new Akira ransomware operation has slowly been building a list of victims as they breach corporate networks worldwide, encrypt files, and then demand million-dollar ransoms.
From Campus Rape Cases to Child Abuse Reports, ‘Worst-Case’ Data Breach Rocks MN Schools
It took two years of middle school girls accusing their Minneapolis English teacher of eyeballing their bodies in a “weird creepy way,” for district investigators to substantiate their complaints. Their drawn-out response is revealed in confidential and highly sensitive Minneapolis Public Schools investigative records that are now readily available online — just one folder in a trove of tens of thousands of leaked files that outline campus rape cases, child abuse inquiries, student mental health crises and suspension reports.
Ransomware cyberattack continues at Bluefield University
There are new developments on the cybersecurity attack that has crippled internet services at Bluefield University. We’ve learned through “RamAlert” texts sent to students, faculty and staff that the cyber attackers are now directly communicating with everyone on the alert system. They have identified themselves as “AvosLocker” and are demanding payment in return for not leaking students’ private information. The FBI considers AvosLocker to be ransomware. In March 2022, they released an advisory on it. They said avoslocker has “Targeted victims across multiple critical infrastructure sectors in the U.S. Including…The financial services, critical manufacturing, and government facilities sectors.”
Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse
In a hacking episode that is spiraling from bad to worse, cybercriminals have leaked highly sensitive documents related to droves of Minneapolis students.
RTM Locker Ransomware as a Service (RaaS) Now on Linux - Uptycs
Uptycs threat research team discovered a new ransomware Linux binary attributed to the RTM group Locker, a known Ransomware-as-a-Service (RaaS) provider.
Black Basta claims it's selling off stolen Capita data
No worries, outsourcer only handles government tech contracts worth billions
Nokoyawa ransomware attacks with Windows zero-day
in February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These exploits were very similar to already known Common Log File System (CLFS) driver exploits that we analyzed previously, but we decided to double check and it was worth it – one of the exploits turned out to be a zero-day, supporting different versions and builds of Windows, including Windows 11. The exploit was highly obfuscated with more than 80% of the its code being “junk” elegantly compiled into the binary, but we quickly fully reverse-engineered it and reported our findings to Microsoft. Microsoft assigned CVE-2023-28252 to the Common Log File System elevation-of-privilege vulnerability, and a patch was released on April 11, 2023, as part of April Patch Tuesday.
Cyble — Demystifying Money Message Ransomware
CRIL analyses the anatomy of a new ransomware group named Money Message, which can encrypt network shares and target both Windows and Linux.
Cyble — New Cylance Ransomware with Power-Packed CommandLine Options
CRIL analyzes Cylance, a new Ransomware variant that uses command-line options to target both Windows and Linux users.
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
A ransomware affiliate is targeting publicly exposed Veritas installations to gain access to organizations.
Rorschach – A New Sophisticated and Fast Ransomware
- Check Point Research (CPR) and Check Point Incident Response Team (CPIRT) encountered a previously unnamed ransomware strain, we dubbed Rorschach, deployed against a US-based company. Rorschach ransomware appears to be unique, sharing no overlaps that could easily attribute it to any known ransomware strain. In addition, it does not bear any kind of branding which is a common practice among ransomware groups. * The ransomware is partly autonomous, carrying out tasks that are usually manually performed during enterprise-wide ransomware deployment, such as creating a domain group policy (GPO). In the past, similar functionality was linked to LockBit 2.0. * The ransomware is highly customizable and contains technically unique features, such as the use of direct syscalls, rarely observed in ransomware. Moreover, due to different implementation methods, Rorschach is one of the fastest ransomware observed, by the speed of encryption. * The ransomware was deployed using DLL side-loading of a Cortex XDR Dump Service Tool, a signed commercial security product, a loading method which is not commonly used to load ransomware. The vulnerability was properly reported to Palo Alto Networks.
Cyble — Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide
Cyble Research & Intelligence Labs analyzes Cl0p ransomware which is rapidly gaining attention for its success in extorting businesses.
New Money Message ransomware demands million dollar ransoms
A new ransomware gang named 'Money Message' has appeared, targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor.
La NZZ victime d'un ransomware
Plusieurs médias alémaniques sont touchés par un ransomware.