ransomware (85)

8925651266?profile=RESIZE_400xThe REvil ransomware community is one of a new generation of 'Ransomware-as-a-Service' (Raas) businesses. Their core team of developers creates the ransomware, while their "affiliates" spread it to the devices. The developers receive a 20-30% share of any good ransomware attack's earnings, while associates receive a 70-80% payout.Groupe Reorev claims to have had 400GB of confidential data stolen by the new ransomware community known as "LV." Few sample documents have been leaked by the actors, b

8925521275?profile=RESIZE_400xCritical infrastructure in any country relies on energy sources and transmission for proper and safe national operations.  A direct cyber shot was delivered to the US oil and gas industry, allegedly by a Russian criminal group known as DarkSide.  DarkSide is suspected in the ransomware attack that shut down the US-Georgia based Colonial Pipeline, which immediately created fuel shortages to cars, trucks and the airline industry. 

This pipeline attack now has other energy sector officials on edge


What is RedPane?

RedPane is a dark web search engine tool that has been developed by Red Sky Alliance since late January 2021. With RedPane we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 300,000 data points on over 50 sites and we are adding new sites weekly.

With RedPane we have developed custom processes to capture text data from dark web sites that we designate, parse that information into a for

8913741485?profile=RESIZE_400xCyber threat actors are increasingly using and abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems.  Telegram is a cloud-based instant messaging and voice-over IP service. Telegram client apps are available for Android, iOS, Windows Phone, Windows NT, macOS, and Linux.  Users can send messages and exchange photos, videos, stickers, audio, and files of any type.  Even when Telegr

8910336854?profile=RESIZE_400xUS Atlanta based Colonial Pipeline Company said in a statement last Friday that it was the victim of a cybersecurity attack, and so "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems."  An updated statement over the weekend it said it had "determined that this incident involves ransomware."

A former U.S. official and two industry sources have told media that the group DarkSide is among the sus

8910287276?profile=RESIZE_400xThe US Nation’s Capital police department has reportedly been hit by Russian-speaking ransomware threat actors who claim to have stolen sensitive information on informants.  If true, this is a very troubling cyber-attack.  If informants cannot keep their anonymity, they will never work with the police.  The Babuk group gave police three days to pay-up before it shares the data with local gangs, according to media sources.  The files were allegedly posted on a dark web forum. 

Babuk ransomware is

8907304696?profile=RESIZE_400xBitPaymer is a new ransomware variant that has been discovered in 2019. Beginning in June 2019, this new version was responsible for a string of ransomware attacks, including attacks on the Georgia Election Committee, City of Edcouch, Texas, and the Chilean Ministry of Agriculture. It has since been dubbedDopplePaymer because it shares a lot of code with INDRIK SPIDER's BitPaymer ransomware.

However, there are some discrepancies between DopplePaymerand BitPaymer, which may indicate that one or m

8892667262?profile=RESIZE_400xThe malware seems like nothing special at first, but further exploration shows it can wreak serious damage in follow-on attacks.  The NitroRansomware malware strain is changing the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money.  Discord is a VoIP, instant messaging and digital-distribution platform designed for creating communities. Users communicate with voice calls, video calls, text messaging, media and files in private chats or as part of communit

8837809854?profile=RESIZE_400xFirst spotted in 2018, the Cl0p ransomware gang is one of the most active groups to date. Over the past three years, Cl0p has shifted from solely ransomware, to the emerging trend of both encrypting victim’s files as well as threatening to publish them online in order to extort payment. Even companies who are not hit directly by this group risk losing sensitive data if a member of their supply chain hosts/stores sensitive data on the supply chain...

Read the full report here: IR-21-116-001-Cl0p

8820300678?profile=RESIZE_400xRansomware has been one of the hottest topics in cybersecurity during the last year. Some researchers are labeling it the "perfect storm."  A storm made more severe by the pandemic, with so many employees working remotely, exacerbating the risk of ransomware. However, there are other contributing factors to the rise in ransomware the world witnessed in 2020.

The Royal United Services Institute for Defense and Security Studies (RUSI), a British defense and security think tank, has released a repo

8811220490?profile=RESIZE_710xAstro Locker Team is a relatively new ransomware group observed over the past few months. Evidence suggests this group may be a rebranding or spin-off of the Mount Locker ransomware team. Astro Locker Team follows the emerging trend of both encrypting victim’s files as well as threatening to publish them online in order to extort payment. Even companies who are not hit directly by this group risk losing sensitive data if a member of their supply chain hosts/stores sensitive data on the supply ch

8811191856?profile=RESIZE_400xResearchers have dissected some of the attacks involving the Hades ransomware and published information on both the malware itself and the tactics, techniques and procedures (TTPs) employed by its operators.  Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid.  Hades was named

8798486472?profile=RESIZE_400xThe Houston Rockets professional basketball team is reporting that their security and law enforcement authorities are investigating a cyber-attack.  Officials are claiming a new hacking group attempted to install ransomware on the basketball team’s internal systems.  “The Rockets organization recently detected suspicious activity on certain systems in its internal network.  We immediately launched an investigation,” the Rockets said in an emailed statement, adding cybersecurity experts are assis


First spotted in late 2019, Conti is perhaps the most prolific ransomware gang currently operating in the wild.  Conti follows the emerging trend of both encrypting victim’s files as well as threatening to publish them online to extort payment.  Even companies who are not hit directly by this group risk losing sensitive data if a member of their supply chain hosts/stores sensitive data on the supply chain network.


While there is limited information surround the Conti threat actors, source

8769537274?profile=RESIZE_400xOne of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021.  The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.

Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US.  It employs about 5,800 workers and


Active since 2019, the actors behind Sodinokibi, also known as REvil, are one of the most prolific ransomware groups currently operating. Believed to have Russian origins, the REvil gang avoids targeting Eastern European companies. The group extorts payment from victims by publishing confidential documents on the dark web for anyone to view. Even companies who are not hit directly by this group risk losing sensitive data if a member of their supply chain hosts/stores sensitive data on the suppl

8732674301?profile=RESIZE_400xAfter recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back.  BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details.  Ziggy ransomware ceased operations in early February.  In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all

8725760658?profile=RESIZE_400xThe threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations.  The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US.  The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and

8653452493?profile=RESIZE_400x“No entiendo como se comprometió España.”  Responder en Inglés, “well my friends, no one is immune to cyber-attacks - no one.”  Spain’s State Public Employment Service (SEPE), which coordinates unemployment benefits and ERTE throughout Spain, has been the victim of a cyberattack that has crippled its electronic and face-to-face appointment-setting services and other procedures.[1]  A government Spanish spokesman said, “At the moment it is not possible to access the website”, with the Central Tra

8643112062?profile=RESIZE_400xA new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have recently found.  The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as