ransomware (335)

12992518683?profile=RESIZE_400xAn extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on the criminal and their victims.  The miscreant, whom Talos calls "PaidMemes," uses a recent MedusaLocker variant called "BabyLockerKZ," and inserts the words "paid_memes" into the malware plus other tools used during the attacks.

Recent research

12984594655?profile=RESIZE_400xThe US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a significant piece of legislation passed in 2022, designed to tackle cyber incidents affecting critical infrastructure.  While its full impact is still unknown, CIRCIA presents new requirements for incident reporting that cyber risk professionals must understand and prepare for.

CIRCIA was created to help the US government coordinate responses to significant cyber incidents that affect essential services.  Its goal was

12947472885?profile=RESIZE_400xRadio Geretsried, a local station in southern Bavarian Germany, has blamed “unknown attackers from Russia” after an apparent ransomware incident left it broadcasting music from emergency backups.  The attack is the latest incident to disrupt a German organization, with the country’s Federal Office for Information Security (BSI) warning: “The extortion of companies and public institutions through ransomware is the fastest growing area of cybercrime and is now a major problem.”

According to a stat

12945016087?profile=RESIZE_400xAfter the city of Columbus, Ohio, experienced a ransomware attack in July 2024 and disclosed the event, it sued a researcher who claimed the breach was more significant than the city let on.  Ohio's largest city first fell victim to an attack on 18 July 2024 and quickly informed the public, claiming that it had stopped the attack before malware had infected its systems.

In early August 2024, the Rhysida ransomware gang leaked 3.1TB of data on its Tor-based site, information it claimed to have st

12924237658?profile=RESIZE_400xThe first sample of RomCom ransomware was observed in early July 2023 on a publicly available file scanning site, about the same time as the first victim posted on its data leak site on 13 July 2023. Like most ransomware, this ransomware encrypts files on victims' Windows machines and demands a ransom to decrypt them via dropped ransom notes.

Infection Vector - Online reports indicate that the Russia-based RomCom group, or Storm-0978, is deploying the Underground ransomware.  This threat group i

12912213289?profile=RESIZE_400xSince its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.  The affiliates leverage a double-extortion model by encrypting systems and exfiltrat

12894967070?profile=RESIZE_400xThe threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections.  "The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its inception, continuously iterating its use of vulnerable drivers to bypass security protections and d

12879159880?profile=RESIZE_400xA recent Chainalysis report indicates that 2024 is set to be the highest-grossing year for ransomware payments.  2023 is the current record holder in that regard, surpassing the $1 billion dollar mark, which was an interesting development given the significant decline in ransomware payments that occurred in 2022.  In the chart we have below, we can see a clear trendline indicating an increasing trend since 2019.  In hindsight, it may be more useful to view 2022 as an anomaly.  The mid-year total

12765190863?profile=RESIZE_400xA new security report released this week revealed a record-breaking $75 million ransom paid by a single victim to the Dark Angels ransomware gang earlier this year.  The payment surpasses the previous highest known ransom of $40 million paid by insurance giant CNA to Evil Corp.  The specific company involved has not been disclosed at the time of this writing. However, there are speculations that pharmaceutical giant Cencora ranked #10 on the Fortune 50 list, experienced a cyberattack in February

12761979853?profile=RESIZE_400xThe government of Columbus, Ohio said it is aware of claims made by a ransomware gang that troves of sensitive city information are available for sale.  The Rhysida ransomware group took credit on Wednesday for the 18 July, threatening to leak 6.5 terabytes of exfiltrated information from the city’s systems allegedly containing emergency services data, access to city cameras and more.

A city spokesperson said late last week they are aware of the matter but could not comment, adding that the situ

12753511866?profile=RESIZE_400xOn 17 July 2024, cybersecurity experts gathered at Cecil College[1] for the Cyber Security in Agriculture Forum to discuss the escalating threats to digital information and privacy across all sectors, specifically agriculture.  Panelists unanimously agreed that cyber threats are increasing in frequency and sophistication, posing significant risks to individuals, small businesses, corporations, and large public entities.

The forum began with an overview of the current cybersecurity landscape, hig

12744500080?profile=RESIZE_400xIn today's digital age, ransomware has emerged as a formidable threat to businesses of all sizes.  This malicious attack can paralyze operations, damage reputations, and inflict severe financial losses.  Mid-market organizations are particularly vulnerable, with over half (57%) admitting they don't regularly review and replace legacy systems, and a similar number (57%) failing to patch their systems regularly.

This creates an expanded attack surface for cybercriminals to exploit them.  The conse

12744610093?profile=RESIZE_400xThe HardBit ransomware first appeared in October 2022, with a 2.0 version coming shortly thereafter in November of 2022.   As one expects of a ransomware attack, HardBit targets organizations and demands cryptocurrency payments in exchange for decrypting data. 

Earlier variants of HardBit aren’t noted as being especially unique, though one standout attribute of HardBit is that the operators have enhanced their extortion tactics by demanding to know about the victim’s potential cyber insurance co

12744452468?profile=RESIZE_400xGlobal cyber insurance premiums are declining despite an increase in ransomware attacks, according to a recent report by insurance broker Howden  www.howdengroup.com.  This trend reflects improved business security practices, evolving insurance industry dynamics, and changing attitudes toward cyber risk management.

The Howden report indicates that the cyber insurance market experienced double-digit price reductions in 2023/24, starkly contrasting the skyrocketing premiums seen in 2021 and 2022 d

12684845272?profile=RESIZE_400xAfter confirming a production-halting cyberattack last month, forklift manufacturer Crown Equipment said on 1 July that operations have resumed.  Crown said work was proceeding at all 24 of its manufacturing plants.  The company’s manufacturing operations had been suspended since 10 June due to the attack on its business systems.

A company spokesman has declined to comment on the attack and said no further information would be available.  The company has declined to answer questions about how ma

12673831262?profile=RESIZE_400xA major cyber-attack occurred just before the Fourth of July holiday in 2021, affecting at least 200 US companies.  The attack was a ransomware attack that occurred first at Kaseya, a Florida-based IT company, and then spread through the corporate networks that use its software.  The attack affected multiple managed service providers and their customers.  The REvil ransomware gang was behind the attack.  Please stay vigilant during all holiday times.

At least 200 US companies were hit by a major

12670026881?profile=RESIZE_400xThe LockBit ransomware group has claimed a significant increase in attack volume in May 2024, which would once again make it the most active ransomware gang, a new report from NCC Group shows.  The LockBit ransomware operation was disrupted in February when law enforcement agencies in North America, Europe, and Asia seized 34 servers, took over the gang’s Tor-based leak site, froze its cryptocurrency wallets, and collected technical information on the group’s infrastructure.

The US government ha

12663682670?profile=RESIZE_400xA cyber-attack that sent US based Ascension hospitals and health care systems offline in May happened because a worker accidentally downloaded malware, officials said this week.   “Clinical operations” were affected at Ascension hospitals and medical centers, which operate in Michigan and 18 other states, when a cyber-attack forced the organization to transition to offline systems in early May.  It was later said that the attack was actually a ransomware attack, meaning someone (or a group) brok

12637929080?profile=RESIZE_400xIn April of this year, a cyberattack on a large telecommunications company has been claimed by a ransomware gang that is gaining momentum as a cybercriminal operation.  On 1 June, the RansomHub operation posted Frontier Communications to its leak site claiming to have sensitive information of more than 2 million people.  The group claimed it spent more than two months attempting to extort the company but never got a response.  Frontier did not respond to requests for comment but reported a cyber

12634541464?profile=RESIZE_400xLaw enforcement agencies in the United States and Europe announced on 30 May Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.  Titled: “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedIDSmokeloader and Trickbot.

Link to full report: IR-24-151-001_OPendgame.p