X-Industry

Threat analysts have observed a new ransomware group called Interlock conducting targeted attacks across sectors, including US healthcare, IT and government, and European manufacturing. According to a recent report by Cisco Talos, Interlock employs “big-game hunting” and double extortion tactics, where compromised data is stolen and threatened to be released publicly unless a ransom is paid.

This group operates a data leak site called “Worldwide Secrets Blog” to publish stolen data. It offers vi

The Black Basta group is a Ransomware-as-a-Service (RaaS) provider that has been in operation since at least April of 2022.  The group is believed to be comprised of former members of the ransomware groups Conti and REvil.  The reason for this belief is driven by several factors, such as the similarities in their tactics and their rapid integration into the cybercriminal ecosystem.

Black Basta is credited as having victimized over 500 organizations.  In the first quarter of 2024, the group had c

Every year, the statistics on cyber-attacks seem to get spookier, according to Chuck Brooks, President of Brooks Consulting International.  “As we finish October’s Cybersecurity Awareness month, it is a suitable time to review some of the key statistics and trends that can haunt us and help us meet the cybersecurity challenges of the evolving digital ecosystem.  There are so many frightening cyber stats that I had room for only a few categories, but they are important ones to know.”

The healthca

Despite current of law enforcement action to take down ransomware gangs, Secureworks has observed a 30% year-on-year rise in active ransomware groups.   In the eighth edition of the Secureworks annual State of The Threat Report[1], the firm identified 31 new groups that had entered the ransomware ecosystem in the last 12 months.  The report noted that while a few big players had previously dominated the threat landscape, it is now home to a broader set of emerging entities.[2]

The top four most

An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on the criminal and their victims.  The miscreant, whom Talos calls "PaidMemes," uses a recent MedusaLocker variant called "BabyLockerKZ," and inserts the words "paid_memes" into the malware plus other tools used during the attacks.

Recent research

The US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a significant piece of legislation passed in 2022, designed to tackle cyber incidents affecting critical infrastructure.  While its full impact is still unknown, CIRCIA presents new requirements for incident reporting that cyber risk professionals must understand and prepare for.

CIRCIA was created to help the US government coordinate responses to significant cyber incidents that affect essential services.  Its goal was

Radio Geretsried, a local station in southern Bavarian Germany, has blamed “unknown attackers from Russia” after an apparent ransomware incident left it broadcasting music from emergency backups.  The attack is the latest incident to disrupt a German organization, with the country’s Federal Office for Information Security (BSI) warning: “The extortion of companies and public institutions through ransomware is the fastest growing area of cybercrime and is now a major problem.”

According to a stat

After the city of Columbus, Ohio, experienced a ransomware attack in July 2024 and disclosed the event, it sued a researcher who claimed the breach was more significant than the city let on.  Ohio's largest city first fell victim to an attack on 18 July 2024 and quickly informed the public, claiming that it had stopped the attack before malware had infected its systems.

In early August 2024, the Rhysida ransomware gang leaked 3.1TB of data on its Tor-based site, information it claimed to have st

The first sample of RomCom ransomware was observed in early July 2023 on a publicly available file scanning site, about the same time as the first victim posted on its data leak site on 13 July 2023. Like most ransomware, this ransomware encrypts files on victims' Windows machines and demands a ransom to decrypt them via dropped ransom notes.

Infection Vector - Online reports indicate that the Russia-based RomCom group, or Storm-0978, is deploying the Underground ransomware.  This threat group i

Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.  The affiliates leverage a double-extortion model by encrypting systems and exfiltrat

The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections.  "The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its inception, continuously iterating its use of vulnerable drivers to bypass security protections and d

A recent Chainalysis report indicates that 2024 is set to be the highest-grossing year for ransomware payments.  2023 is the current record holder in that regard, surpassing the $1 billion dollar mark, which was an interesting development given the significant decline in ransomware payments that occurred in 2022.  In the chart we have below, we can see a clear trendline indicating an increasing trend since 2019.  In hindsight, it may be more useful to view 2022 as an anomaly.  The mid-year total

A new security report released this week revealed a record-breaking $75 million ransom paid by a single victim to the Dark Angels ransomware gang earlier this year.  The payment surpasses the previous highest known ransom of $40 million paid by insurance giant CNA to Evil Corp.  The specific company involved has not been disclosed at the time of this writing. However, there are speculations that pharmaceutical giant Cencora ranked #10 on the Fortune 50 list, experienced a cyberattack in February

The government of Columbus, Ohio said it is aware of claims made by a ransomware gang that troves of sensitive city information are available for sale.  The Rhysida ransomware group took credit on Wednesday for the 18 July, threatening to leak 6.5 terabytes of exfiltrated information from the city’s systems allegedly containing emergency services data, access to city cameras and more.

A city spokesperson said late last week they are aware of the matter but could not comment, adding that the situ

On 17 July 2024, cybersecurity experts gathered at Cecil College[1] for the Cyber Security in Agriculture Forum to discuss the escalating threats to digital information and privacy across all sectors, specifically agriculture.  Panelists unanimously agreed that cyber threats are increasing in frequency and sophistication, posing significant risks to individuals, small businesses, corporations, and large public entities.

The forum began with an overview of the current cybersecurity landscape, hig

In today's digital age, ransomware has emerged as a formidable threat to businesses of all sizes.  This malicious attack can paralyze operations, damage reputations, and inflict severe financial losses.  Mid-market organizations are particularly vulnerable, with over half (57%) admitting they don't regularly review and replace legacy systems, and a similar number (57%) failing to patch their systems regularly.

This creates an expanded attack surface for cybercriminals to exploit them.  The conse

The HardBit ransomware first appeared in October 2022, with a 2.0 version coming shortly thereafter in November of 2022.   As one expects of a ransomware attack, HardBit targets organizations and demands cryptocurrency payments in exchange for decrypting data. 

Earlier variants of HardBit aren’t noted as being especially unique, though one standout attribute of HardBit is that the operators have enhanced their extortion tactics by demanding to know about the victim’s potential cyber insurance co

Global cyber insurance premiums are declining despite an increase in ransomware attacks, according to a recent report by insurance broker Howden  www.howdengroup.com.  This trend reflects improved business security practices, evolving insurance industry dynamics, and changing attitudes toward cyber risk management.

The Howden report indicates that the cyber insurance market experienced double-digit price reductions in 2023/24, starkly contrasting the skyrocketing premiums seen in 2021 and 2022 d

After confirming a production-halting cyberattack last month, forklift manufacturer Crown Equipment said on 1 July that operations have resumed.  Crown said work was proceeding at all 24 of its manufacturing plants.  The company’s manufacturing operations had been suspended since 10 June due to the attack on its business systems.

A company spokesman has declined to comment on the attack and said no further information would be available.  The company has declined to answer questions about how ma

A major cyber-attack occurred just before the Fourth of July holiday in 2021, affecting at least 200 US companies.  The attack was a ransomware attack that occurred first at Kaseya, a Florida-based IT company, and then spread through the corporate networks that use its software.  The attack affected multiple managed service providers and their customers.  The REvil ransomware gang was behind the attack.  Please stay vigilant during all holiday times.

At least 200 US companies were hit by a major