blackcat (15)

12428175857?profile=RESIZE_400xAs if things were not messy enough in the Change Healthcare attack, a second cybercriminal gang RansomHub is trying to exhort the company's parent, UnitedHealth Group, and have it pay another ransom for data that an affiliate of Ransomware-as-a-Service group BlackCat claims to have stolen in February 2024.   Threat intelligence firm SOCRadar in a recent blog post said RansomHub is threatening to sell "to the highest bidder" 4 terabytes of "highly sensitive data" stolen in the Change Healthcare a

12426632300?profile=RESIZE_400xThe term "malvertising" (or "malicious advertising") suggests an overlap with ads, and not good ones. Therefore, it fuels the fallacy that its impact hardly goes beyond frustration. As a result, those who are unfamiliar might get the impression that it is no big deal, but this is a far cry from the case.

Malvertising acts as a vessel for malware propagation.  To set such a stratagem in motion, cybercriminals poison legitimate websites with ads that lead to shady URLs or download malicious code c

12399906295?profile=RESIZE_400xThe unprecedented cyberattack on Change Healthcare[1], a major revenue cycle management firm, has thrown the US healthcare system into a financial mess.  With payment systems crippled, hospitals are demanding federal intervention to avert an economic crisis that could imperil care delivery.  Change Healthcare is a revenue and payment cycle management provider that connects payers, providers, and patients within the U.S. healthcare system.  The name also refers to a company founded in 2007 that b

12366106682?profile=RESIZE_400xThe Fidelity National Financial (FNF) cyber-attack leaked the personal data of 1.3 million customers, the company has disclosed in a new filing with the Securities and Exchange Commission.  FNF is one of the largest title insurance and transaction services providers in the United States, with a market capitalization of $13.3 billion, an annual revenue of over $10 billion, and a workforce of about 23,000 people.[1]

The November 2023 cyber-attack disrupted the company’s operations for nearly a wee

12345056663?profile=RESIZE_180x180The banking malware known as Carbanak has been observed to be used in ransomware attacks with updated tactics.  The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness.  Carbanak returned in November 2023 through new distribution chains and has been distributed through compromised websites to impersonate various business-related software.


Some impersonated tools include popular

12344439687?profile=RESIZE_400xMortgage servicing firm LoanCare has started informing more than 1.3 million individuals of a data breach impacting their personal information.  A subsidiary of Fidelity National Financial (FNF), LoanCare provides loan sub-servicing for mortgage loaners, including banks, credit unions, and mortgage firms.  The data breach resulted from a cyberattack on FNF’s internal systems, LoanCare says in a notification letter sent to the impacted individuals, a copy of which was submi

12296541079?profile=RESIZE_400xA well-known ransomware group has recently filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself. 

The ransomware group known as Alphv and BlackCat claims to have breached the systems of MeridianLink,  a California-based company that provides digital lending solutions for financial institutions and consumer data verificatio

12213058659?profile=RESIZE_400xMicrosoft spokesmen disclosed on 17 August 2023 that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.  "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's threat intelligence team said in a series of posts on X (formerly Twitter).  "This Bla


A known ransomware group on 21 August 2023 started publishing data allegedly stolen from the systems of Japanese watchmaking company Seiko  Seiko revealed on 10 August 2023 that it had identified a possible data breach on 28 July 2023, with someone gaining access to at least one server.  An investigation showed that some information may have been compromised.   “The Company and all our Group companies kindly ask our customers and business partners to contact us imm


Partial encryption is a growing trend in the world of ransomware, but with it comes the potential for data recovery on affected files.  We’ll give an overview here on what the term “partial encryption” means.  It is perhaps more accurate to say, “intermittent encryption,” but even so, it will be important to understand this recent trend in how many ransomware infections operate.  From there, we’ll introduce White Phoenix, the freely available tool developed by CyberArk which can be used on part

11029684500?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA), on 07 April 2023 added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.  This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands on the underlying system.  The flaws were fixed in a patch released by Veritas in March 2021.

10740900057?profile=RESIZE_400xEncevo Group, an energy corporation based in Luxembourg, is dealing with an ongoing cyberattack by ransomware-as-a-service gang BlackCat.  Some digital services are still disrupted 12 days after the attack began, but the company says that energy supply has not been affected.  BlackCat is believed by researchers to retain hackers of DarkSide, the now-defunct ransomware group that attacked US gas provider Colonial Pipeline in 2021. 

Encevo Group cyberattack: In a dark web blog post on 29 July, Bla



There are many things you can do to protect yourself against cyberattacks but if you still do not remember the basics, then your organization is an easy target for cyber criminals.  Please review what Red Sky Alliance recommends at the end of this article.

A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware.  The BlackCat ransomware attack against the undisclosed organization took place in March 2022

10266909088?profile=RESIZE_400xRansomware is a constant thorn in the side of cyber security professionals worldwide.  Hive Ransomware stormed onto the scene in June of 2021 and in their first six months, from June to December of 2021 they managed to compromise 355 companies.  The group made headlines for targeting IT, real estate, and healthcare organizations, prompting an FBI Alert sharing the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the group in late August.

Recently the

9936355054?profile=RESIZE_400xActivity Summary - Week Ending on 22 December 2021:

  • Red Sky Alliance identified 30,069 connections from new IP’s checking in with our Sinkholes
  • Still has Issues after 4 weeks !
  • Analysts identified 5,039 new IP addresses participating in various Botnets
  • Log4j Vulnerability
  • BlackCat
  • AgentTesla Additions
  • Iran Hackers
  • Cyber and Medical Devices
  • Attacking K-12 School Apps
  • Cyber Port Protection
  • Finite Recruitment

Link to full report: IR-21-356-001_weekly356.pdf