Krebs on Security

FEBRUARY 20, 2024

authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Investigators used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools.

Ransomware 269

Ransomware Cybercrime Encryption Insurance 269

Bleeping Computer

OCTOBER 28, 2021

German investigators have reportedly identified a Russian man named Nikolay K. whom they believe to be one of REvil ransomware gang's core members, one of the most notorious and successful ransomware groups in recent years. [.].

Ransomware 125

Ransomware 125

Heimadal Security

FEBRUARY 29, 2024

On the 12th of February, the Romanian Digital National Security Center (DNSC) announced that an unidentified threat actor launched a massive ransomware attack against Romanian e-health solutions provider RSC, temporarily disrupting server connection to the Hipocrate (HIS) infrastructure. The attacker demanded a 3.5 BTC ransom.

Healthcare 59

Healthcare Ransomware Malware 59

Heimadal Security

AUGUST 8, 2023

A large healthcare network operating across multiple states recently experienced widespread network disruptions due to a cyberattack, confirmed by the FBI to be a ransomware incident.

Ransomware 90

Ransomware Healthcare Cybersecurity 90

Joseph Steinberg

JUNE 9, 2022

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. The ransomware attack on Tenafly’s school system is a reminder of a sad, ironic, reality.

Ransomware 350

Ransomware Artificial Intelligence Education Cybercrime 350

Krebs on Security

DECEMBER 19, 2023

Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The message that was briefly on the homepage of the BlackCat ransomware group this morning. Image: @GossiTheDog.

Ransomware 250

Ransomware Cybercrime Advertising Encryption 250

Security Affairs

JUNE 5, 2021

Department of Justice was to assign investigation on ransomware attacks the same priority as terrorism in the wake of the Colonial Pipeline hack. Department of Justice plans to equate investigations into ransomware attacks with investigations into terrorism in the wake of the Colonial Pipeline hack.

Ransomware 98

Ransomware Cryptocurrency Hacking Cybercrime 98

Security Boulevard

MARCH 12, 2024

In recent months, a concerning trend has emerged within the healthcare sector: the resurgence of BlackCat ransomware attacks. The post Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack appeared first on Security Boulevard.

Healthcare 116

Healthcare Ransomware Cybersecurity Cyber threats 116

Trend Micro

APRIL 17, 2022

We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities.

Ransomware 75

Ransomware 75

Security Affairs

DECEMBER 15, 2021

While investigating a data breach suffered by a healthcare organization, FBI accidentally revealed that it believes that the HelloKitty ransomware gang operates out of Ukraine. In November, the US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands).

Ransomware 92

Ransomware Data breaches DDOS Healthcare 92

Trend Micro

JANUARY 22, 2024

In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.  

Ransomware 143

Ransomware 143

Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware against the Metropolitan Police Department in Washington, D.C.

Ransomware 251

Ransomware Cybercrime VPN Healthcare 251

Security Affairs

MAY 6, 2024

The City of Wichita in Kansas was forced to shut down its computer systems after a ransomware attack. The City of Wichita, Kansas, was the victim of a ransomware attack and shut down its network to contain the threat. ” The City warns that some services may be temporarily unavailable while systems are offline.

Ransomware 102

Ransomware Data breaches Hacking Cybercrime 102

Graham Cluley

FEBRUARY 27, 2023

Three men have been arrested by Dutch police in connection with ransomware attacks that blackmailed thousands of companies. Amongst them? An ethical hacker. Read more in my article on the Hot for Security blog.

Ransomware 98

Ransomware Data breaches Malware 98

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware 128

Ransomware Hacking Data breaches Digital transformation 128

Bleeping Computer

FEBRUARY 26, 2024

A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation. [.]

Ransomware 120

Ransomware Healthcare Hacking 120

Malwarebytes

APRIL 4, 2024

On April 2, 2024, Jackson County tweeted that it had identified significant disruptions within its IT systems, “potentially attributable to a ransomware attack” Jackson County is one of 114 counties in Missouri, with a population of approximately 718,000 people, mostly in Kansas City. Prevent intrusions. Detect intrusions.

Ransomware 106

Ransomware Backups Malware Software 106

Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. The Akira ransomware gang claimed the theft of 430 GB of data from the university’s systems.

Ransomware 111

Ransomware Data breaches Passwords Government 111

Security Affairs

MARCH 16, 2024

School districts continue to be under attack, schools in Scranton, Pennsylvania, are suffering a ransomware attack. This week, schools in Scranton, Pennsylvania, experienced a ransomware attack, resulting in IT outages. The attack is causing a temporary disruption to some of our computer systems and services.

Ransomware 109

Ransomware Computers and Electronics Data breaches Hacking 109

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. The chipmaker has 14,000 employees as of 2024.

Ransomware 112

Ransomware Manufacturing Hacking Insurance 112

Bleeping Computer

JUNE 17, 2022

Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. [.].

Ransomware 98

Ransomware 98

Security Affairs

MAY 7, 2024

The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’ , and issued sanctions against him. The investigation also provided insight into the group’s operations and network. ” continues the NCA.

Ransomware 87

Ransomware Cybercrime Healthcare Encryption 87

Security Affairs

MARCH 11, 2024

BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains TeamCity software in recent attacks. Researchers from GuidePoint Security noticed, while investigating a recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target by exploiting flaws in a TeamCity server.

Ransomware 108

Ransomware Malware Manufacturing Healthcare 108

Security Affairs

DECEMBER 22, 2023

The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant. “We’ve obtained 100 GB of data of Nissan Australia.

Ransomware 128

Ransomware Data breaches Financial Services Scams 128

Security Boulevard

APRIL 22, 2024

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-109A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated to Akira ransomware, identified through FBI investigations and trusted third party reporting as recently as February 2024.

Ransomware 72

Ransomware 72

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. It was this first time that the operators adopted this tactic.

Ransomware 108

Ransomware Encryption Antivirus VPN 108

Malwarebytes

SEPTEMBER 19, 2023

The German police in cooperation with the US Secret Service have executed search warrants against suspected members of the DoppelPaymer ransomware group in Germany and Ukraine. Two men in particular became the focus during blockchain investigations by the LKA NRW and the US Secret Service.

Ransomware 116

Ransomware Backups Cryptocurrency Cybercrime 116

Bleeping Computer

MARCH 13, 2024

Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February. [.]

Healthcare 110

Healthcare Ransomware 110

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. concludes the alert.

Ransomware 113

Ransomware Backups VPN Authentication 113

Security Affairs

APRIL 3, 2024

Jackson County, Missouri, confirmed that a ransomware attack has disrupted several county services. A ransomware attack disrupted several services of the Jackson County, Missouri. “Jackson County has confirmed a ransomware attack was responsible for the disruption of several county services today.”

Ransomware 101

Ransomware Hacking Technology Cybersecurity 101

Trend Micro

SEPTEMBER 12, 2023

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.

Ransomware 136

Ransomware Malware 136

Security Boulevard

NOVEMBER 28, 2023

The 32-year-old head of a threat group alleged to be responsible for ransomware attacks against corporations in 71 countries was arrested last week as part of a four-year investigation by European and U.S. The post Ringleader of Ransomware Group in Ukraine Arrested: Europol appeared first on Security Boulevard.

Ransomware 114

Ransomware Malware Cybersecurity Network Security 114

Security Affairs

FEBRUARY 9, 2024

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company.

Hacking 130

Hacking Ransomware Data breaches Manufacturing 130

Security Affairs

DECEMBER 15, 2023

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. The Snatch ransomware group claims to have hacked Kraft Heinz in August and on December 14, it added the company to the list of victims on its leak site. ” reads the alert.

Hacking 115

Hacking Ransomware Computers and Electronics Marketing 115

Bleeping Computer

DECEMBER 18, 2023

The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities. [.]

Ransomware 125

Ransomware 125

Malwarebytes

FEBRUARY 28, 2024

According to Reuters , the group behind the attack is the ALPHV/BlackCat ransomware group. In our monthly ransomware reviews you will typically find them in the top five of ransomware groups. That’s no surprise since the investigation is probably still ongoing and solving the security issue is a higher priority.

Healthcare 110

Healthcare Ransomware Backups Technology 110

Security Affairs

OCTOBER 20, 2023

A joint international law enforcement investigation led to the arrest of a malware developer who was involved in the Ragnar Locker ransomware operation. Yesterday we became aware of a joint law enforcement operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure.

Ransomware 94

Ransomware Cybercrime Malware Hacking 94