ransomware (315)

12539040659?profile=RESIZE_400xUS Cyber authorities are releasing this joint CSA to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure  sectors, including the Healthcare and Public Health (HPH) Sector.  This joint CSA provides TTPs and IOCs obtained from FBI investigations and third-party reporting.

Black Basta is considered a ransomware-as-a-service (RaaS) variant and was first identified in April 2022.  Black Basta affiliate

12491131662?profile=RESIZE_400xLockbitSupp, the pseudonymous leader of the LockBit ransomware group, was identified as a Russian national called Dmitry Khoroshev on 7 May as the United States, United Kingdom and Australia imposed financial sanctions against him.

A 26-count indictment has been unsealed in the US charging Khoroshev, with developing and operating the LockBit ransomware service.  He is accused of growing LockBit “into a massive criminal organization that has, at times, ranked as the most prolific and destructive

12437214101?profile=RESIZE_400xSecurity teams are facing "the perfect storm" these days, with four seemingly major contributing factors at play:

  • AI and generative AI
  • Geopolitical dynamics
  • Changing regulatory compliance requirements
  • Continuing growth in ransomware.

They all lead to a very complex threat scenario that requires significant effort from cybersecurity professionals to protect their enterprises.  At the heart of these next-gen cyber defenses lies the core concept of Identity, and unfortunately, what identity entai

12437645853?profile=RESIZE_400xKageNoHitobito ransomware samples became available in late March 2024.  As with most ransomware, this ransomware encrypts files on victims' machines and demands a ransom to decrypt them through dropped ransom notes. Although the group uses TOR to communicate with its victims, a data leak site is unavailable as it does not claim to have stolen any victims' information.

Infection Vector/Victimology - Information on the infection vector used by the KageNoHitobito ransomware threat actor is unavaila

12434588286?profile=RESIZE_400xSince March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia.  In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines. As of 1 January 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds.

Early versions of the Akira ransomware variant were wr

12428093060?profile=RESIZE_400xDespite the LockBit Ransomware-as-a-Service (RaaS) gang claiming to be back after a high-profile takedown in mid-February 2024, an analysis reveals significant, ongoing disruption to the group's activities, along with ripple effects throughout the cybercrime underground, with implications for business risk.  LockBit was responsible for 25% to 33% of all ransomware attacks in 2023, according to investigators, easily making it the biggest financial threat actor group of the last year. Since it eme

12402807460?profile=RESIZE_400xA leading cyber security firm, Cybereason[1], has announced the results of its third annual ransomware study, commissioned to better understand the true impact of ransomware on businesses. This global study reveals that ransomware attacks are becoming more frequent, effective, and sophisticated.

See:  https://redskyalliance.org/xindustry/100-50-1-100-ransomware-gangs-using-50-types-of-malware

The Report Ransomware: The True Cost to Business 2024 reveals that of the organizations who opted to pay

12401906097?profile=RESIZE_180x180Magnet Goblin, a financially motivated threat actor, is swiftly adopting one-day security vulnerabilities into its arsenal to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts.  Threat actor group Magnet Goblin's hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, mainly targeting public-facing servers and edge devices.  In some cases, the deployment of the exploits is within 1 day after a [proof-of-concept] is publi

12399906295?profile=RESIZE_400xThe unprecedented cyberattack on Change Healthcare[1], a major revenue cycle management firm, has thrown the US healthcare system into a financial mess.  With payment systems crippled, hospitals are demanding federal intervention to avert an economic crisis that could imperil care delivery.  Change Healthcare is a revenue and payment cycle management provider that connects payers, providers, and patients within the U.S. healthcare system.  The name also refers to a company founded in 2007 that b

12399696667?profile=RESIZE_400xThe Stormous ransomware gang has taken credit for an attack on a major Belgian beer producer this week.  The ransomware attack on Duvel Moortgat Brewery has affected operations for days.  Can you believe it?  Who wants to stop the flow of beer?  Local news outlets and BleepingComputer reported on Wednesday that Duvel’s IT department detected the attack and shut down production lines.  Spokesperson Ellen Aerts told reporters that they are “still working to find out exactly what happened.  "We hav

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r

12398042262?profile=RESIZE_400xThe American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r