ransom (5)

8811220490?profile=RESIZE_710xAstro Locker Team is a relatively new ransomware group observed over the past few months. Evidence suggests this group may be a rebranding or spin-off of the Mount Locker ransomware team. Astro Locker Team follows the emerging trend of both encrypting victim’s files as well as threatening to publish them online in order to extort payment. Even companies who are not hit directly by this group risk losing sensitive data if a member of their supply chain hosts/stores sensitive data on the supply ch

8786300696?profile=RESIZE_584x

First spotted in late 2019, Conti is perhaps the most prolific ransomware gang currently operating in the wild.  Conti follows the emerging trend of both encrypting victim’s files as well as threatening to publish them online to extort payment.  Even companies who are not hit directly by this group risk losing sensitive data if a member of their supply chain hosts/stores sensitive data on the supply chain network.

Group

While there is limited information surround the Conti threat actors, source

8732674301?profile=RESIZE_400xAfter recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back.  BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details.  Ziggy ransomware ceased operations in early February.  In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all

8157844870?profile=RESIZE_400xPreviously, Red Sky Alliance reported on Fancy Bear imposters demanding Bitcoin ransom from a Florida election information website.  These actors send various ransom/scam demands using coronavirus-themed domains covidpapers[.]org and coronaxy[.]com.  In some cases, they threaten with exposure of allegedly hacked personal files, in other cases, with DDoS attack.  They often claim to be Russian government hackers, pretending to be Fancy Bear, Cozy Bear, or Venomous Bear.   Their ransom emails typi

8088194863?profile=RESIZE_400xRed Sky Alliance analysts detected Fancy Bear impersonators targeting a US county election information website. Their DDoS ransom note claims they will take the site down one day before the election if not paid in Bitcoin. This year we see an uptick of similar impersonation emails claiming to be from Fancy Bear, Lazarus Group, or Armada Collective hackers.

 

Details: Florida Vote Case

Election support infrastructure being vulnerable to ransomware attacks is widely discussed.  But sites going dow