ransomware (184)

10865680887?profile=RESIZE_400xA recent cyber-attack caused the trains operated by Denmark’s largest train service DSB to come to a halt.  Threat actors hit a third-party IT service provider associated with DBS, which slammed the brakes on.  The cyber-attack hit the Danish company Supeo, an IT service that provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.  DSB is the largest train operating company in Denmark.[1]

“Trains throughout th

10862220462?profile=RESIZE_400xRed Sky Alliance maintains a substantial dark web collections data set and we make this data available to our customers through our CTAC, RedXray, and API products.  This gives customers the opportunity to explore and perform analyses on dark web data without the need for establishing a safe infrastructure for navigating the Tor network.  To date we have collected over 1.4 million data points across 80 dark web sites.  The set of sites that we collect from on an ongoing basis will change with ne

10860429263?profile=RESIZE_400xOver two and a half years, a Russian-speaking ransomware group named OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation.  The group's victims include companies in logistics, industry, insurance, retail, real estate, software development, banking, and arms manufacturing.

OldGremlin is using custom backdoors (TinyPosh and TinyNode) and ransomware (TinyCrypt, a.k.a decr1pt) along with third-party software for reconnaissance a

10859966875?profile=RESIZE_400xThe White House has begun its second annual International Counter Ransomware Summit in which Biden administration officials will convene with representatives of three dozen nations, the EU, and private business to discuss the growing threat posed by data-destroying cyberattacks. President Biden will not be attending the meetings.

According to administration officials previewing the summit over the weekend, the two-day event will focus on priorities like improving system resilience and developing

10824332298?profile=RESIZE_400xOur Friends at Fortinet have provided its latest technical analysis of the Ragnar Locker ransomware.

Affected platforms:          Microsoft Windows
Impacted parties:            Microsoft Windows Users
Impact:                            Encrypts files on the compromised machine and demands ransom for file decryption
Severity level:                  High

Ragnar Locker is ransomware for Windows and Linux that exfiltrates information from a compromised machine, encrypts files using the Salsa20 encry

10815591865?profile=RESIZE_400xRansomware is currently one of the most significant cybersecurity issues facing all business and government sectors, as cyber criminals hack into businesses, schools, hospitals, critical infrastructure and more so as to encrypt files and demand a ransom payment for the decryption key.  Despite warnings, many victims pay these ransoms, under the impression that it is the quickest way to restore their network, particularly if the cyber criminals are also threatening to leak stolen data.  But all t

10795909853?profile=RESIZE_400xA victim of a ransomware attack paid to restore access to their network, but the cybercriminals did not hold up their end of the deal.  The real-life incident, as detailed by cybersecurity researchers at Barracuda Networks, occurred in August 2021, when hackers from the BlackMatter ransomware group used a phishing email to compromise a single victim's account at an undisclosed company.  First seen in July 2021, BlackMatter is a ransomware-as-a-service (RaaS) tool that allows the ransomware's dev

10740900057?profile=RESIZE_400xEncevo Group, an energy corporation based in Luxembourg, is dealing with an ongoing cyberattack by ransomware-as-a-service gang BlackCat.  Some digital services are still disrupted 12 days after the attack began, but the company says that energy supply has not been affected.  BlackCat is believed by researchers to retain hackers of DarkSide, the now-defunct ransomware group that attacked US gas provider Colonial Pipeline in 2021. 

Encevo Group cyberattack: In a dark web blog post on 29 July, Bla

10739235682?profile=RESIZE_400xIsraeli media sources are reporting a cyber-attack on 30 June at Sapir College.  Students at Sapir College near the southern city of Sderot had received text messages stating that their personal information was being held for ransom by hackers.  “Last night at around 9:00 p.m., local time some seniors and graduates of Sapir College received a text message about their account being hacked. We would like to clarify and reassure you: that the hacking of the college’s network is being handled by the

10733059301?profile=RESIZE_400xActivity Summary - Week Ending on 29 July 2022:

  • Red Sky Alliance identified 25,992 connections from new IP’s checking in with our Sinkholes
  • Hetzner 10x
  • Analysts identified 309 new IP addresses participating in various Botnets
  • Ransomware UpDate
  • Adversary-in-the-Middle - AiTM
  • South Africa under Attack
  • Mercenary Spyware
  • T-Mobile
  • US Electric Grid
  • Kherson Ukraine

Link to full report: IR-22-210-002_weekly210.pdf

10669951688?profile=RESIZE_400xA new cross-platform ransomware named Luna can encrypt files on Windows, Linux, and ESXi, but its developers only offer it to Russian-speaking affiliates.  The ransomware is fairly simple, according to researchers who analyzed the malware, but it uses an encryption scheme that is not typically used by ransomware a combination of X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm.  The Diffie-Hellman key ex

10669517658?profile=RESIZE_400xDigital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems.  Entrust is a security firm focused on online trust and identity management, offering a wide range of services, including encrypted communications, secure digital payments, and ID issuance solutions.  Depending on what data was stolen, this attack could impact a large number of critical, and sensitive, organizations who use Entrust for ident

10638475682?profile=RESIZE_400xThe cyber insurance market has matured in recent years, but it may fall short when it comes to certain major attacks, says a US government spending watchdog.  The US Government Accountability Office (GAO) has called for a federal response to insurance for "catastrophic" cyberattacks on critical infrastructure.  A functioning insurance market is essential for businesses, consumers, and, as GAO highlights, for critical infrastructure operators.   The GAO, which audits the trillions of dollars the

10638461098?profile=RESIZE_180x180Gartner’s top eight cybersecurity predictions warn organizations that they need to employ greater resilience to reduce the impact of more severe cyberattacks.  Reducing the blast radius of larger, more potentially devastating attacks is key.   Implied in the predictions is advice to focus not just on ransomware or any other currently trending type of cyberattack, but to prioritize cybersecurity investments as core to managing risks and see them as investments in the business.  By 2025, 60% of or

10630436094?profile=RESIZE_400xA China-linked state-sponsored hacking group named Bronze Starlight was observed deploying various ransomware families to hide the true intent of its attacks.  In attacks observed as early as mid-2021, the threat group started using the HUI Loader to drop ransomware such as AtomSilo, LockFile, Night Sky, Pandora, and Rook.

See:  https://redskyalliance.org/xindustry/what-keeps-a-cfo-awake-at-night

The short lifespan of each ransomware family, victimology, and the access to tools employed by Chine

10628575893?profile=RESIZE_400xNews broke on 5 July 2022 that the operators of AstraLocker Ransomware were shutting down in favor of pursuing a new cryptojacking campaign.  The group shared decryptors with VirusTotal, and according to BleepingComputer the decryptors worked on test files that were recently encrypted by the ransomware.  AstraLocker was born out of the Babuk ransomware family.  In the Summer of 2021 Babuk ransomware group’s code was leaked and the similarities between the leaked code and AstraLocker’s code point

10622735858?profile=RESIZE_400xThe cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites.  The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces. This exposure of sensitive credential and network access information, especia

10607427077?profile=RESIZE_400xSummary Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.  These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.  Visit stopransomware.gov to see all #StopRansomware advisories and to learn more

10560426074?profile=RESIZE_400xThe US State Department said the Conti strain of ransomware was the most-costly in terms of payments made by victims as of January 2022.  Conti, a Ransomware-as-a-Service RaaS program, is one of the most notorious ransomware groups and has been responsible for infecting hundreds of servers with malware to gain corporate data or digital damage systems, essentially spreading misery to individuals and hospitals, businesses, government agencies and more all over the world.

See:  https://redskyallian

10548033459?profile=RESIZE_400xCl0p ransomware began as a part of the Cryptomix family and was first seen in the wild in 2019 operating as a Ransomware-as-a-Service (RaaS) platform.  The group has targeted international organizations including companies in the pharmaceditcal, education, technology, and industrial verticals.   

The Cl0p ransomware group had a quiet end to 2021 after being shut down following Operation Cyclone, a joint law enforcement operation involving Interpol, Europol, Ukrainian Law enforcement, United Stat