ransomware (177)

10740900057?profile=RESIZE_400xEncevo Group, an energy corporation based in Luxembourg, is dealing with an ongoing cyberattack by ransomware-as-a-service gang BlackCat.  Some digital services are still disrupted 12 days after the attack began, but the company says that energy supply has not been affected.  BlackCat is believed by researchers to retain hackers of DarkSide, the now-defunct ransomware group that attacked US gas provider Colonial Pipeline in 2021. 

Encevo Group cyberattack: In a dark web blog post on 29 July, Bla

10739235682?profile=RESIZE_400xIsraeli media sources are reporting a cyber-attack on 30 June at Sapir College.  Students at Sapir College near the southern city of Sderot had received text messages stating that their personal information was being held for ransom by hackers.  “Last night at around 9:00 p.m., local time some seniors and graduates of Sapir College received a text message about their account being hacked. We would like to clarify and reassure you: that the hacking of the college’s network is being handled by the

10733059301?profile=RESIZE_400xActivity Summary - Week Ending on 29 July 2022:

  • Red Sky Alliance identified 25,992 connections from new IP’s checking in with our Sinkholes
  • Hetzner 10x
  • Analysts identified 309 new IP addresses participating in various Botnets
  • Ransomware UpDate
  • Adversary-in-the-Middle - AiTM
  • South Africa under Attack
  • Mercenary Spyware
  • T-Mobile
  • US Electric Grid
  • Kherson Ukraine

Link to full report: IR-22-210-002_weekly210.pdf

10669951688?profile=RESIZE_400xA new cross-platform ransomware named Luna can encrypt files on Windows, Linux, and ESXi, but its developers only offer it to Russian-speaking affiliates.  The ransomware is fairly simple, according to researchers who analyzed the malware, but it uses an encryption scheme that is not typically used by ransomware a combination of X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm.  The Diffie-Hellman key ex

10669517658?profile=RESIZE_400xDigital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems.  Entrust is a security firm focused on online trust and identity management, offering a wide range of services, including encrypted communications, secure digital payments, and ID issuance solutions.  Depending on what data was stolen, this attack could impact a large number of critical, and sensitive, organizations who use Entrust for ident

10638475682?profile=RESIZE_400xThe cyber insurance market has matured in recent years, but it may fall short when it comes to certain major attacks, says a US government spending watchdog.  The US Government Accountability Office (GAO) has called for a federal response to insurance for "catastrophic" cyberattacks on critical infrastructure.  A functioning insurance market is essential for businesses, consumers, and, as GAO highlights, for critical infrastructure operators.   The GAO, which audits the trillions of dollars the

10638461098?profile=RESIZE_180x180Gartner’s top eight cybersecurity predictions warn organizations that they need to employ greater resilience to reduce the impact of more severe cyberattacks.  Reducing the blast radius of larger, more potentially devastating attacks is key.   Implied in the predictions is advice to focus not just on ransomware or any other currently trending type of cyberattack, but to prioritize cybersecurity investments as core to managing risks and see them as investments in the business.  By 2025, 60% of or

10630436094?profile=RESIZE_400xA China-linked state-sponsored hacking group named Bronze Starlight was observed deploying various ransomware families to hide the true intent of its attacks.  In attacks observed as early as mid-2021, the threat group started using the HUI Loader to drop ransomware such as AtomSilo, LockFile, Night Sky, Pandora, and Rook.

See:  https://redskyalliance.org/xindustry/what-keeps-a-cfo-awake-at-night

The short lifespan of each ransomware family, victimology, and the access to tools employed by Chine

10628575893?profile=RESIZE_400xNews broke on 5 July 2022 that the operators of AstraLocker Ransomware were shutting down in favor of pursuing a new cryptojacking campaign.  The group shared decryptors with VirusTotal, and according to BleepingComputer the decryptors worked on test files that were recently encrypted by the ransomware.  AstraLocker was born out of the Babuk ransomware family.  In the Summer of 2021 Babuk ransomware group’s code was leaked and the similarities between the leaked code and AstraLocker’s code point

10622735858?profile=RESIZE_400xThe cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites.  The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces. This exposure of sensitive credential and network access information, especia

10607427077?profile=RESIZE_400xSummary Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.  These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.  Visit stopransomware.gov to see all #StopRansomware advisories and to learn more

10560426074?profile=RESIZE_400xThe US State Department said the Conti strain of ransomware was the most-costly in terms of payments made by victims as of January 2022.  Conti, a Ransomware-as-a-Service RaaS program, is one of the most notorious ransomware groups and has been responsible for infecting hundreds of servers with malware to gain corporate data or digital damage systems, essentially spreading misery to individuals and hospitals, businesses, government agencies and more all over the world.

See:  https://redskyallian

10548033459?profile=RESIZE_400xCl0p ransomware began as a part of the Cryptomix family and was first seen in the wild in 2019 operating as a Ransomware-as-a-Service (RaaS) platform.  The group has targeted international organizations including companies in the pharmaceditcal, education, technology, and industrial verticals.   

The Cl0p ransomware group had a quiet end to 2021 after being shut down following Operation Cyclone, a joint law enforcement operation involving Interpol, Europol, Ukrainian Law enforcement, United Stat

10543494455?profile=RESIZE_400xNetwork credentials and virtual private network (VPN) access for colleges and universities based in the US are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber-attacks against individual users or affiliated organizations," the US Federal Bureau of Investigation (FBI) said in an advisory published last week.  See:  https://www.ic3.gov

10533083083?profile=RESIZE_400xCosta Rica is still reeling from the ransomware attacks deployed by the Conti group, and now the Hive ransomware group has joined in.  According to Bleeping Computer, the Hive ransomware group is behind the attack beginning 31 March 2022 targeting Costa Rica’s public health service.  

The Costa Rican government agency has publicly stated that an attack took place early Tuesday morning.  The targeted government entities included the Costa Rican Social Security Fund (CCSS).  The government also st

10527909680?profile=RESIZE_400xThe Conti Ransomware group has been in and out of the news for the majority of 2022.  Beginning the year with an attack on Kenyon Produce (KP) Snacks and conducting business as usual.  When the conflict between Russia and Ukraine boiled over, the group again made headlines for taking the side of Russia.  This led to widespread dissemination of the group's internal chat messages and eventually leaks of the ransomware source code.   

The group remains in the spotlight with news of an ongoing confl

10513089491?profile=RESIZE_400xThe Snatch Ransomware group was first discovered at the end of 2019. The ransomware gained publicity due to its novel encryption method in which is reboots that target machine into safe mode and disables a number of security services before encrypting files, limiting the likelihood of detection.

The Ransomware also differs from major groups as they use targeted attacks rather than large phishing campaigns to gain access to specific companies. The group has been described as a big game hunter tha

10510175675?profile=RESIZE_400xWhen a small business owner is faced with the responsibilities of production economics, financial reports and marketing all at the same time, cybersecurity can often appear complicated and unnecessary. However, this disregard for IT security is being exploited by cybercriminals.[1]  Researchers at Kaspersky report the dynamics of attacks on small and medium-sized businesses between January and April 2022 and the same period in 2021 to identify which threats pose an increasing danger to entrepren

10477300466?profile=RESIZE_400xRansomware has hit an Illinois college with devastating results.  It is shutting its doors permanently.  Lincoln College says it will close this week in the wake of a ransomware attack that took months to resolve.  While the impact of COVID-19 severely impacted activities such as recruitment and fundraising, the cyberattack seems to have been the tipping point for the Illinois college. 

The college has informed the Illinois Department of Higher Education and Higher Learning Commission that it wi

10464408487?profile=RESIZE_400xBlack Basta, a new ransomware group, has made their presence felt by claiming responsibility for twelve ransomware attacks in the month of April.   Black Basta, like many other ransomware operations, uses double-extortion tactics, stealing victim data before encrypting systems to leverage payment.  The group then uses their Tor site and slowly leaks victim data, applying pressure to victims to pay the ransom for the decryption key.  Notable targets from the first stretch of attacks include the A