X-Industry

In today's digital age, ransomware has emerged as a formidable threat to businesses of all sizes.  This malicious attack can paralyze operations, damage reputations, and inflict severe financial losses.  Mid-market organizations are particularly vulnerable, with over half (57%) admitting they don't regularly review and replace legacy systems, and a similar number (57%) failing to patch their systems regularly.

This creates an expanded attack surface for cybercriminals to exploit them.  The conse

The HardBit ransomware first appeared in October 2022, with a 2.0 version coming shortly thereafter in November of 2022.   As one expects of a ransomware attack, HardBit targets organizations and demands cryptocurrency payments in exchange for decrypting data. 

Earlier variants of HardBit aren’t noted as being especially unique, though one standout attribute of HardBit is that the operators have enhanced their extortion tactics by demanding to know about the victim’s potential cyber insurance co

Global cyber insurance premiums are declining despite an increase in ransomware attacks, according to a recent report by insurance broker Howden  www.howdengroup.com.  This trend reflects improved business security practices, evolving insurance industry dynamics, and changing attitudes toward cyber risk management.

The Howden report indicates that the cyber insurance market experienced double-digit price reductions in 2023/24, starkly contrasting the skyrocketing premiums seen in 2021 and 2022 d

After confirming a production-halting cyberattack last month, forklift manufacturer Crown Equipment said on 1 July that operations have resumed.  Crown said work was proceeding at all 24 of its manufacturing plants.  The company’s manufacturing operations had been suspended since 10 June due to the attack on its business systems.

A company spokesman has declined to comment on the attack and said no further information would be available.  The company has declined to answer questions about how ma

A major cyber-attack occurred just before the Fourth of July holiday in 2021, affecting at least 200 US companies.  The attack was a ransomware attack that occurred first at Kaseya, a Florida-based IT company, and then spread through the corporate networks that use its software.  The attack affected multiple managed service providers and their customers.  The REvil ransomware gang was behind the attack.  Please stay vigilant during all holiday times.

At least 200 US companies were hit by a major

The LockBit ransomware group has claimed a significant increase in attack volume in May 2024, which would once again make it the most active ransomware gang, a new report from NCC Group shows.  The LockBit ransomware operation was disrupted in February when law enforcement agencies in North America, Europe, and Asia seized 34 servers, took over the gang’s Tor-based leak site, froze its cryptocurrency wallets, and collected technical information on the group’s infrastructure.

The US government ha

A cyber-attack that sent US based Ascension hospitals and health care systems offline in May happened because a worker accidentally downloaded malware, officials said this week.   “Clinical operations” were affected at Ascension hospitals and medical centers, which operate in Michigan and 18 other states, when a cyber-attack forced the organization to transition to offline systems in early May.  It was later said that the attack was actually a ransomware attack, meaning someone (or a group) brok

In April of this year, a cyberattack on a large telecommunications company has been claimed by a ransomware gang that is gaining momentum as a cybercriminal operation.  On 1 June, the RansomHub operation posted Frontier Communications to its leak site claiming to have sensitive information of more than 2 million people.  The group claimed it spent more than two months attempting to extort the company but never got a response.  Frontier did not respond to requests for comment but reported a cyber

Law enforcement agencies in the United States and Europe announced on 30 May Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.  Titled: “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.

Link to full report: IR-24-151-001_OPendgame.p

US Cyber authorities are releasing this joint CSA to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure  sectors, including the Healthcare and Public Health (HPH) Sector.  This joint CSA provides TTPs and IOCs obtained from FBI investigations and third-party reporting.

Black Basta is considered a ransomware-as-a-service (RaaS) variant and was first identified in April 2022.  Black Basta affiliate

LockbitSupp, the pseudonymous leader of the LockBit ransomware group, was identified as a Russian national called Dmitry Khoroshev on 7 May as the United States, United Kingdom and Australia imposed financial sanctions against him.

A 26-count indictment has been unsealed in the US charging Khoroshev, with developing and operating the LockBit ransomware service.  He is accused of growing LockBit “into a massive criminal organization that has, at times, ranked as the most prolific and destructive

Security teams are facing "the perfect storm" these days, with four seemingly major contributing factors at play:

• AI and generative AI
• Geopolitical dynamics
• Changing regulatory compliance requirements
• Continuing growth in ransomware.

They all lead to a very complex threat scenario that requires significant effort from cybersecurity professionals to protect their enterprises.  At the heart of these next-gen cyber defenses lies the core concept of Identity, and unfortunately, what identity entai

KageNoHitobito ransomware samples became available in late March 2024.  As with most ransomware, this ransomware encrypts files on victims' machines and demands a ransom to decrypt them through dropped ransom notes. Although the group uses TOR to communicate with its victims, a data leak site is unavailable as it does not claim to have stolen any victims' information.

Infection Vector/Victimology - Information on the infection vector used by the KageNoHitobito ransomware threat actor is unavaila

Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia.  In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines. As of 1 January 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds.

Early versions of the Akira ransomware variant were wr

Despite the LockBit Ransomware-as-a-Service (RaaS) gang claiming to be back after a high-profile takedown in mid-February 2024, an analysis reveals significant, ongoing disruption to the group's activities, along with ripple effects throughout the cybercrime underground, with implications for business risk.  LockBit was responsible for 25% to 33% of all ransomware attacks in 2023, according to investigators, easily making it the biggest financial threat actor group of the last year. Since it eme

A leading cyber security firm, Cybereason[1], has announced the results of its third annual ransomware study, commissioned to better understand the true impact of ransomware on businesses. This global study reveals that ransomware attacks are becoming more frequent, effective, and sophisticated.

See:  https://redskyalliance.org/xindustry/100-50-1-100-ransomware-gangs-using-50-types-of-malware

The Report Ransomware: The True Cost to Business 2024 reveals that of the organizations who opted to pay

Magnet Goblin, a financially motivated threat actor, is swiftly adopting one-day security vulnerabilities into its arsenal to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts.  Threat actor group Magnet Goblin's hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, mainly targeting public-facing servers and edge devices.  In some cases, the deployment of the exploits is within 1 day after a [proof-of-concept] is publi

The unprecedented cyberattack on Change Healthcare[1], a major revenue cycle management firm, has thrown the US healthcare system into a financial mess.  With payment systems crippled, hospitals are demanding federal intervention to avert an economic crisis that could imperil care delivery.  Change Healthcare is a revenue and payment cycle management provider that connects payers, providers, and patients within the U.S. healthcare system.  The name also refers to a company founded in 2007 that b

The Stormous ransomware gang has taken credit for an attack on a major Belgian beer producer this week.  The ransomware attack on Duvel Moortgat Brewery has affected operations for days.  Can you believe it?  Who wants to stop the flow of beer?  Local news outlets and BleepingComputer reported on Wednesday that Duvel’s IT department detected the attack and shut down production lines.  Spokesperson Ellen Aerts told reporters that they are “still working to find out exactly what happened.  "We hav

The American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get r