X-Industry

The ransomware strain known as Play is now being offered to other threat actors "as a service."  The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the Ransomware-as-a-Service (RaaS) and are following step-by-step instructions from playbooks delivered with it.

Cybercriminals are increasingly finding it just as lucrative to hire their toolkits out to other crooks so they can launch attacks of their own.  Investigator

Black Basta ransomware has made headlines for allegedly compromising high-profile European and North American organizations across a variety of industries, such as outsourcing, technology, and manufacturing.  The history of Black Basta ransomware dates to at least April 2022, with a professional organizations company in the United States being one of its first victims. Since then, Black Basta has slowly expanded their operations, with the group allegedly compromising and stealing data from a US

Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. 

https://cybersixgill.com/resources/the-state-of-the-underground-2023   

The research stems from an analysis of Cybersixgill's collected intelligence items throughout 2022, gathered from the deep, dark and clear web.  The report examines the continuous evolution of threat actors' tactics, tools, and procedures (TTPs) in the Digital Age and how organizations can adapt to redu

"There's a sucker born every minute" is a phrase closely associated with PT Barnum, an American showman of the mid-19th century, although there is no evidence that he said it.  Early examples of its use are among gamblers and confidence tricksters of the era.  A previously undetected cryptocurrency scam has leveraged over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.

This massive campaign has likely resulted in thousands of people being scamm

If you keep feeding the local stray cat, it will never go away.  Like malware, if you don’t stomp it out, it keeps harassing you.  The threat actors behind BlackCat ransomware have developed an improved variant that prioritizes speed and stealth to bypass security guardrails and achieve their ransom objectives.  The new version, Sphynx, and announced in February 2023 and includes updated capabilities that strengthen the group's efforts to evade detection.  The "product" update was first highligh

Cyber security researchers infiltrated the Qilin ransomware group, gaining an inside look at how the gang functions and how it rewards affiliates for attacks.  The ransomware-as-a-service group (RaaS), also known by the name “Agenda”, initially emerged in July 2022, attacking a slate of healthcare organizations, tech companies and more across the world.  They have victimized at least 12 organizations since July 2022 from Canada, the US, Colombia, France, Netherlands, Serbia, the United Kingdom a

The long arm of the law has grabbed the Hive ransomware operation, and it appears to have been shut down as part of a major law enforcement operation involving agencies in 10 countries.  A message in English and Russian on the Hive ransomware operation’s Tor-based website reads: “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.”  Another message says the action was taken in coordination with Europol and authoritie

In the last few years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the Internet's most severe security crisis.  Now, the US Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new security warning.

Ransomware is a type of malicious software, or malware that prevents you from accessing your computer files, systems, or networks and d

It was once the case that only governments had the technical ability to penetrate secure data, telecoms networks and the devices connected to them.  The threat now posed by private firms with cyber capabilities that rival the world’s most skilled spy agencies, is not widely known.  The lucrative spy-for-hire industry targets people and organizations with aims to collect their intelligence information and monitor/analyze them to infiltrate their tech devices.  These operations will silently get t

Encevo Group, an energy corporation based in Luxembourg, is dealing with an ongoing cyberattack by ransomware-as-a-service gang BlackCat.  Some digital services are still disrupted 12 days after the attack began, but the company says that energy supply has not been affected.  BlackCat is believed by researchers to retain hackers of DarkSide, the now-defunct ransomware group that attacked US gas provider Colonial Pipeline in 2021. 

Encevo Group cyberattack: In a dark web blog post on 29 July, Bla

The Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the US, Canada, the UK, Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window.  "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more," Cybereason said in a repo

Cl0p ransomware began as a part of the Cryptomix family and was first seen in the wild in 2019 operating as a Ransomware-as-a-Service (RaaS) platform.  The group has targeted international organizations including companies in the pharmaceditcal, education, technology, and industrial verticals.   

The Cl0p ransomware group had a quiet end to 2021 after being shut down following Operation Cyclone, a joint law enforcement operation involving Interpol, Europol, Ukrainian Law enforcement, United Stat

There are many things you can do to protect yourself against cyberattacks but if you still do not remember the basics, then your organization is an easy target for cyber criminals.  Please review what Red Sky Alliance recommends at the end of this article.

A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware.  The BlackCat ransomware attack against the undisclosed organization took place in March 2022

BlackByte ransomware has been used in recent attacks on at least three critical infrastructure sectors in the US.  Available to bad actors as a Ransomware-as-a-Service (RaaS), BlackByte has been used in attacks against US and foreign businesses, including in critical infrastructure sectors such as government, financial, and food and agriculture, the FBI and US Secret Service warn.

The gang emerged in July 2021 when it began exploiting software vulnerabilities to target corporate victims worldwid

Conti ransomware was first discovered in December of 2019 and has become one of the most prominent ransomware platforms to date. The Conti Ransomware as a Service (RaaS) platform gained international attention in May of 2021 when it was used to shutdown Ireland’s Health Service Executive (HSE).  The group has shown no signs of slowing down with notable attacks reported in the United States, Australia, United Kingdom, Taiwan, and Indonesia in the past two and a half months.

The most recent attack

Ransomware is now a primary threat for businesses, and with the past year or so considered the "golden era" for operators, cybersecurity experts believe this criminal enterprise will reach new heights in the future.  These are only a handful of 2021's high-profile victims of threat groups including DarkSide, REvil, and BlackMatter.  According to Kela's analysis of dark web forum activity, the "perfect" prospective ransomware victim in the US will have a minimum annual revenue of $100 million and

Every few months, enterprising cyber criminals are offering new services to enable cybercrimes, thefts and paid ransoms.  These new “services” make crime easier for lower skilled criminals and increase profits for all members of the ransomware supply chain. TM: General Mills

Cyber threat actors who want to take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks.  On average, such access is so

A report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don't operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits. The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.

In today’s world, the ransomwar

In a recent study by CrowdStrike regarding cyber threat activity show more intrusion attempts in the first six months of this year than in all of 2019.  The pandemic-related shift to remote work and the growing availability of Ransomware-as-a-Service (RaaS) were two major drivers.  Red Sky Alliance has reported on many of these ransomware groups and actors in detail in 2020.  These reports can be found at no charge at https://redskyalliance.org.

The security vendor's threat-hunting team blocked

Ransomware-as-a-Service (RaaS) is increasing around the world due to the ease of use, and the increasing success that attackers are having in their cyber-attacks. Recently, researchers have observed an increase in the use of a specific piece of malware known as Thanos ransomware.  This malware is unique in that it is the first to advertise the use of the RIPlace tactic.  This tactic allows attackers to evade detection by altering files without being detected by common Anti-Virus engines such as