raas (23)

12539040659?profile=RESIZE_400xUS Cyber authorities are releasing this joint CSA to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure  sectors, including the Healthcare and Public Health (HPH) Sector.  This joint CSA provides TTPs and IOCs obtained from FBI investigations and third-party reporting.

Black Basta is considered a ransomware-as-a-service (RaaS) variant and was first identified in April 2022.  Black Basta affiliate

12491131662?profile=RESIZE_400xLockbitSupp, the pseudonymous leader of the LockBit ransomware group, was identified as a Russian national called Dmitry Khoroshev on 7 May as the United States, United Kingdom and Australia imposed financial sanctions against him.

A 26-count indictment has been unsealed in the US charging Khoroshev, with developing and operating the LockBit ransomware service.  He is accused of growing LockBit “into a massive criminal organization that has, at times, ranked as the most prolific and destructive

12304219682?profile=RESIZE_400xThe ransomware strain known as Play is now being offered to other threat actors "as a service."  The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the Ransomware-as-a-Service (RaaS) and are following step-by-step instructions from playbooks delivered with it.

Cybercriminals are increasingly finding it just as lucrative to hire their toolkits out to other crooks so they can launch attacks of their own.  Investigator

12128290467?profile=RESIZE_400xBlack Basta ransomware has made headlines for allegedly compromising high-profile European and North American organizations across a variety of industries, such as outsourcing, technology, and manufacturing.  The history of Black Basta ransomware dates to at least April 2022, with a professional organizations company in the United States being one of its first victims. Since then, Black Basta has slowly expanded their operations, with the group allegedly compromising and stealing data from a US

12125871256?profile=RESIZE_400xEarlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground


The research stems from an analysis of Cybersixgill's collected intelligence items throughout 2022, gathered from the deep, dark and clear web.  The report examines the continuous evolution of threat actors' tactics, tools, and procedures (TTPs) in the Digital Age and how organizations can adapt to redu

11836179895?profile=RESIZE_400x"There's a sucker born every minute" is a phrase closely associated with PT Barnum, an American showman of the mid-19th century, although there is no evidence that he said it.  Early examples of its use are among gamblers and confidence tricksters of the era.  A previously undetected cryptocurrency scam has leveraged over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.

This massive campaign has likely resulted in thousands of people being scamm

11523236857?profile=RESIZE_400xIf you keep feeding the local stray cat, it will never go away.  Like malware, if you don’t stomp it out, it keeps harassing you.  The threat actors behind BlackCat ransomware have developed an improved variant that prioritizes speed and stealth to bypass security guardrails and achieve their ransom objectives.  The new version, Sphynx, and announced in February 2023 and includes updated capabilities that strengthen the group's efforts to evade detection.  The "product" update was first highligh

11129281492?profile=RESIZE_400xCyber security researchers infiltrated the Qilin ransomware group, gaining an inside look at how the gang functions and how it rewards affiliates for attacks.  The ransomware-as-a-service group (RaaS), also known by the name “Agenda”, initially emerged in July 2022, attacking a slate of healthcare organizations, tech companies and more across the world.  They have victimized at least 12 organizations since July 2022 from Canada, the US, Colombia, France, Netherlands, Serbia, the United Kingdom a

10952147671?profile=RESIZE_180x180The long arm of the law has grabbed the Hive ransomware operation, and it appears to have been shut down as part of a major law enforcement operation involving agencies in 10 countries.  A message in English and Russian on the Hive ransomware operation’s Tor-based website reads: “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.”  Another message says the action was taken in coordination with Europol and authoritie

10947114066?profile=RESIZE_400xIn the last few years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the Internet's most severe security crisis.  Now, the US Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new security warning.

Ransomware is a type of malicious software, or malware that prevents you from accessing your computer files, systems, or networks and d

10765959063?profile=RESIZE_400xIt was once the case that only governments had the technical ability to penetrate secure data, telecoms networks and the devices connected to them.  The threat now posed by private firms with cyber capabilities that rival the world’s most skilled spy agencies, is not widely known.  The lucrative spy-for-hire industry targets people and organizations with aims to collect their intelligence information and monitor/analyze them to infiltrate their tech devices.  These operations will silently get t

10740900057?profile=RESIZE_400xEncevo Group, an energy corporation based in Luxembourg, is dealing with an ongoing cyberattack by ransomware-as-a-service gang BlackCat.  Some digital services are still disrupted 12 days after the attack began, but the company says that energy supply has not been affected.  BlackCat is believed by researchers to retain hackers of DarkSide, the now-defunct ransomware group that attacked US gas provider Colonial Pipeline in 2021. 

Encevo Group cyberattack: In a dark web blog post on 29 July, Bla

10601683276?profile=RESIZE_400xThe Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the US, Canada, the UK, Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window.  "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more," Cybereason said in a repo

10548033459?profile=RESIZE_400xCl0p ransomware began as a part of the Cryptomix family and was first seen in the wild in 2019 operating as a Ransomware-as-a-Service (RaaS) platform.  The group has targeted international organizations including companies in the pharmaceditcal, education, technology, and industrial verticals.   

The Cl0p ransomware group had a quiet end to 2021 after being shut down following Operation Cyclone, a joint law enforcement operation involving Interpol, Europol, Ukrainian Law enforcement, United Stat



There are many things you can do to protect yourself against cyberattacks but if you still do not remember the basics, then your organization is an easy target for cyber criminals.  Please review what Red Sky Alliance recommends at the end of this article.

A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware.  The BlackCat ransomware attack against the undisclosed organization took place in March 2022

10115747286?profile=RESIZE_400xBlackByte ransomware has been used in recent attacks on at least three critical infrastructure sectors in the US.  Available to bad actors as a Ransomware-as-a-Service (RaaS), BlackByte has been used in attacks against US and foreign businesses, including in critical infrastructure sectors such as government, financial, and food and agriculture, the FBI and US Secret Service warn.

The gang emerged in July 2021 when it began exploiting software vulnerabilities to target corporate victims worldwid

10066089458?profile=RESIZE_400xConti ransomware was first discovered in December of 2019 and has become one of the most prominent ransomware platforms to date. The Conti Ransomware as a Service (RaaS) platform gained international attention in May of 2021 when it was used to shutdown Ireland’s Health Service Executive (HSE).  The group has shown no signs of slowing down with notable attacks reported in the United States, Australia, United Kingdom, Taiwan, and Indonesia in the past two and a half months.

The most recent attack

9929276269?profile=RESIZE_400xRansomware is now a primary threat for businesses, and with the past year or so considered the "golden era" for operators, cybersecurity experts believe this criminal enterprise will reach new heights in the future.  These are only a handful of 2021's high-profile victims of threat groups including DarkSide, REvil, and BlackMatter.  According to Kela's analysis of dark web forum activity, the "perfect" prospective ransomware victim in the US will have a minimum annual revenue of $100 million and

9422660492?profile=RESIZE_400xEvery few months, enterprising cyber criminals are offering new services to enable cybercrimes, thefts and paid ransoms.  These new “services” make crime easier for lower skilled criminals and increase profits for all members of the ransomware supply chain. TM: General Mills

Cyber threat actors who want to take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks.  On average, such access is so

8532841253?profile=RESIZE_400xA report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don't operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits. The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.

In today’s world, the ransomwar