BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. “We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated,”
ransomware (345)
FortiGuard Labs gathers data on ransomware variants of interest that are gaining traction within its datasets and the OSINT community. The report below provides brief insights into the evolving ransomware landscape.
Interlock Ransomware Overview - Interlock is a new ransomware variant that was first publicly discovered in an available file-scanning site in early October 2024. This could indicate that the ransomware emerged as early as September. The Interlock ransomware comes in Windows and Free
A ransomware attack on supply chain software firm Blue Yonder in turn hit a dozen big names in food and retail with business disruptions, Starbucks and Walgreens among them. The software is widely used by a range of Fortune 500 companies, and the full list of potentially impacted victims remains unclear. Companies such as grocery giant Kroger (and its recently acquired subsidiary Albertsons), Anheuser-Busch and Ford are known to use the software but have not confirmed any impact as of yet. Se
After being deported from South Korea, a Russian cybercriminal leader has made his first appearance in the US District Court for the District of Maryland to face his charges. Evgenii Ptitsyn, 42, is a Russian national who allegedly administered the sale, distribution, and operation of Phobos ransomware, which has been used against more than 1,000 victims, including public and private entities in the United States and globally. According to the indictment, its affiliates have extorted ransom paym
CyberVolk is a politically motivated hacktivist collective that launched its own RaaS in June 2024. The group uses DDoS and ransomware attacks to undermine and disrupt the operations of those opposed to Russian interests.
The group has become an increasingly prominent player within the cybercrime ecosystem, adapting and repurposing existing commodity malware to advance its causes. Highly skilled actors within the collective expand and revise such tools, effectively making them more sophisticated
New research shows that criminal cyber actors are seemingly targeting Australians with a penchant for Bengal cats, a breed of hybrid feline created from crossing an Asian leopard with domestic breeds. Using Gootloader, a popular malware strain often used as an infostealer or as malware dropped before ransomware attacks, Sophos found that the threat actors target users who search "Are Bengal cats legal in Australia?" and other similar questions.
In one example, the researchers found that one webs
Threat analysts have observed a new ransomware group called Interlock conducting targeted attacks across sectors, including US healthcare, IT and government, and European manufacturing. According to a recent report by Cisco Talos, Interlock employs “big-game hunting” and double extortion tactics, where compromised data is stolen and threatened to be released publicly unless a ransom is paid.
This group operates a data leak site called “Worldwide Secrets Blog” to publish stolen data. It offers vi
The Black Basta group is a Ransomware-as-a-Service (RaaS) provider that has been in operation since at least April of 2022. The group is believed to be comprised of former members of the ransomware groups Conti and REvil. The reason for this belief is driven by several factors, such as the similarities in their tactics and their rapid integration into the cybercriminal ecosystem.
Black Basta is credited as having victimized over 500 organizations. In the first quarter of 2024, the group had c
Every year, the statistics on cyber-attacks seem to get spookier, according to Chuck Brooks, President of Brooks Consulting International. “As we finish October’s Cybersecurity Awareness month, it is a suitable time to review some of the key statistics and trends that can haunt us and help us meet the cybersecurity challenges of the evolving digital ecosystem. There are so many frightening cyber stats that I had room for only a few categories, but they are important ones to know.”
The healthca
Despite current of law enforcement action to take down ransomware gangs, Secureworks has observed a 30% year-on-year rise in active ransomware groups. In the eighth edition of the Secureworks annual State of The Threat Report[1], the firm identified 31 new groups that had entered the ransomware ecosystem in the last 12 months. The report noted that while a few big players had previously dominated the threat landscape, it is now home to a broader set of emerging entities.[2]
The top four most
An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on the criminal and their victims. The miscreant, whom Talos calls "PaidMemes," uses a recent MedusaLocker variant called "BabyLockerKZ," and inserts the words "paid_memes" into the malware plus other tools used during the attacks.
Recent research
The US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a significant piece of legislation passed in 2022, designed to tackle cyber incidents affecting critical infrastructure. While its full impact is still unknown, CIRCIA presents new requirements for incident reporting that cyber risk professionals must understand and prepare for.
CIRCIA was created to help the US government coordinate responses to significant cyber incidents that affect essential services. Its goal was
Radio Geretsried, a local station in southern Bavarian Germany, has blamed “unknown attackers from Russia” after an apparent ransomware incident left it broadcasting music from emergency backups. The attack is the latest incident to disrupt a German organization, with the country’s Federal Office for Information Security (BSI) warning: “The extortion of companies and public institutions through ransomware is the fastest growing area of cybercrime and is now a major problem.”
According to a stat
After the city of Columbus, Ohio, experienced a ransomware attack in July 2024 and disclosed the event, it sued a researcher who claimed the breach was more significant than the city let on. Ohio's largest city first fell victim to an attack on 18 July 2024 and quickly informed the public, claiming that it had stopped the attack before malware had infected its systems.
In early August 2024, the Rhysida ransomware gang leaked 3.1TB of data on its Tor-based site, information it claimed to have st
The first sample of RomCom ransomware was observed in early July 2023 on a publicly available file scanning site, about the same time as the first victim posted on its data leak site on 13 July 2023. Like most ransomware, this ransomware encrypts files on victims' Windows machines and demands a ransom to decrypt them via dropped ransom notes.
Infection Vector - Online reports indicate that the Russia-based RomCom group, or Storm-0978, is deploying the Underground ransomware. This threat group i
Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors. The affiliates leverage a double-extortion model by encrypting systems and exfiltrat
The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its inception, continuously iterating its use of vulnerable drivers to bypass security protections and d
A recent Chainalysis report indicates that 2024 is set to be the highest-grossing year for ransomware payments. 2023 is the current record holder in that regard, surpassing the $1 billion dollar mark, which was an interesting development given the significant decline in ransomware payments that occurred in 2022. In the chart we have below, we can see a clear trendline indicating an increasing trend since 2019. In hindsight, it may be more useful to view 2022 as an anomaly. The mid-year total
A new security report released this week revealed a record-breaking $75 million ransom paid by a single victim to the Dark Angels ransomware gang earlier this year. The payment surpasses the previous highest known ransom of $40 million paid by insurance giant CNA to Evil Corp. The specific company involved has not been disclosed at the time of this writing. However, there are speculations that pharmaceutical giant Cencora ranked #10 on the Fortune 50 list, experienced a cyberattack in February
The government of Columbus, Ohio said it is aware of claims made by a ransomware gang that troves of sensitive city information are available for sale. The Rhysida ransomware group took credit on Wednesday for the 18 July, threatening to leak 6.5 terabytes of exfiltrated information from the city’s systems allegedly containing emergency services data, access to city cameras and more.
A city spokesperson said late last week they are aware of the matter but could not comment, adding that the situ
