This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
Last year, the French security firm Intrinsec detailed Prospero’s connections to bulletproof services advertised on Russian cybercrime forums under the names Securehost and BEARHOST. A fake browser update page pushing mobile malware. A fake browser update page pushing mobile malware. Image: Ke-la.com. Image: Intrinsec.
Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.
Operation ENDGAME dismantled key ransomware infrastructure, taking down 300 servers, 650 domains, and seizing 21.2M From May 19 to 22, 2025, Operation ENDGAME, coordinated by Europol and Eurojust, disrupted global ransomware infrastructure. Several key suspects behind malware operations are now under international and public alerts.
indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices and was used in ransomware attacks. authorities have indicted Russian national Rustam Gallyamov, the leader of the Qakbot operation, which infected over 700,000 computers and facilitated ransomware attacks. and abroad.
In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.
Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. nl — circa October 2018. 6 in Miami, Fla.
Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. is cybercrime forum.
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network. Image: Abnormal Security. billion in 2020.
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort…
and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomwarecybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. ” Image: Chainalysis.
And thanks to an explosion of inexpensive cybercrime-as-a-service offerings on the dark web, launching an attack is easier and cheaper than ever. Cybercrime industrialized The dark web has become a marketplace where bad actors can buy tools and access with the ease of shopping for software.
This approach reflects the as-a-service logic already prevalent in other areas of the cybercrime sector, significantly reducing the level of technical knowledge needed by those wishing to access this confidential data.
A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks on Dutch companies in 2021. He is internationally wanted for multiple cybercrime, including ransomware attacks, blackmail, and money laundering, targeting Dutch companies. million euros.”
We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.
I don’t know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. “It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote.
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. Image: Varonis. Image: Varonis. The upshot? ” Meanwhile, the U.S.
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. While it may seem unlikely that companies victimized by ransomware might somehow be able to know whether their extortionists are currently being sanctioned by the U.S. Image: Shutterstock.
Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Suspecting a ransomware attack, Diebold said it immediately began disconnecting systems on that network to contain the spread of the malware.
The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” continues the alert.
Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.
Experts warn of a new wave of attacks involving the Bumblebee malware, months after Europol’s ‘ Operation Endgame ‘ that disrupted its operations in May. The Bumblebee malware loader has resurfaced in new attacks, four months after Europol disrupted it during “ Operation Endgame ” in May.
Shefel claims the true mastermind behind the Target and other retail breaches was Dmitri Golubov , an infamous Ukrainian hacker known as the co-founder of Carderplanet, among the earliest Russian-language cybercrime forums focused on payment card fraud. “I’m also godfather of his second son.”
Russian authorities sentenced four members of the REvil ransomware operation to several years in prison in Russia. Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. “On Friday, October 25, the St.
The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month.
A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed. Will installing one of these languages keep your Windows computer safe from all malware? Absolutely not.
The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. Cybersecurity researchers at S-RM team discovered a novel attack technique used by the Akira ransomware gang. Realizing EDR was active, they pivoted by scanning the network for vulnerable devices.
A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups.
Despite advanced AI detection and telemetry analysis offered in todays EDR solutions, modern infostealer malware is designed to evade even the most sophisticated defenses, using tactics like polymorphic malware, memory-only execution, and exploitation of zero-day vulnerabilities or outdated software.
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.
New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware , which attackers deployed after breaching systems via PowerShell commands. ” concludes the report.
The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. Over the past 24 hours, the crooks responsible for spreading the ransom malware “REvil” (a.k.a. A partial screenshot from the REvil ransomware group’s Dark Web blog.
The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.
The DOJ, with international partners, seized four domains providing crypting services to cybercriminals, hindering malware attacks in a global operation.
Mexico is investigating a ransomware attack targeting its legal affairs office, as confirmed by the president amidst growing cybersecurity concerns. Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Knight, also known as Cyclops 2.0,
On May 27, 2025, authorities seized crypting service sites (including AvCheck, Cryptor, and Crypt.guru) used by vxers to test malware evasion capabilities. Department of Justice has dismantled an online cybercrime syndicate that provided encryption services to help malware evade detection. net, Cryptor[.]biz, biz, and Crypt[.]guru.
A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. According to the U.S.
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape PupkinStealer : A.NET-Based Info-Stealer Interlock ransomware evolving under the radar Technical Analysis of TransferLoader Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2 Horabot Unleashed: (..)
“The threat actor did not deploy malware or tamper with any customer files within the environment,” the notice reads. The simplest explanation is that something spooked abyss0 enough for them to abandon a number of pending sales opportunities, in addition to a well-manicured cybercrime persona. ” On Nov.
that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. The average ransomware payment by ransomware strain. Image: Crowdstrike.
Texas oilfield supplier Newpark Resources suffered a ransomware attack that disrupted its information systems and business applications. Texas oilfield supplier Newpark Resources revealed that a ransomware attack on October 29 disrupted access to some of its information systems and business applications.
BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack.
Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev for his alleged role in multiple ransomware attacks. ” reported RIA Novosti.
A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. “Sorry, but this is f *d up. 428 hospitals.”
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content