Red Sky Alliance would like to share a technical report through a recent joint Cybersecurity Advisory (CSA) as part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.
Visit stopransomware.gov t
Oakland California officials declared a state of emergency on 14 February after a cyberattack that first hit city technology systems last week, which continues to make it impossible to pay parking fees, fines and taxes online or connect by phone with most city departments. “The Office of the Mayor at Oakland City Hall. Oakland officials declared a state of emergency over a recent cyberattack that hobbled critical government technology systems.” Calls to 911 and city emergency services are stil
The first Linux variant of the Clop ransomware was rife with issues that allowed researchers to create a decryptor tool for victims. SentinelOne said it observed the first Clop (also stylized as Cl0p) ransomware variant targeting Linux systems on 26 December 2022. Clop has existed since about 2019, targeting large companies, financial institutions, primary schools and critical infrastructure across the world. After the group targeted several major South Korean companies like e-commerce giant E
The first Linux variant of the Clop ransomware was rife with issues that allowed researchers to create a decryptor tool for victims. SentinelOne said it observed the first Clop (also stylized as Cl0p) ransomware variant targeting Linux systems on 26 December 2022. Clop has existed since about 2019, targeting large companies, financial institutions, primary schools and critical infrastructure across the world. After the group targeted several major South Korean companies like e-commerce giant E
A ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades. ION Group, the financial data firm's parent company, said in a statement on its website that the attack began last week. "The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Group said. Ransomware is a form of malicious software deployed by criminal gangs which works by encry
In a recent report, Microsoft warns that phishing, fake software updates and unpatched vulnerabilities are being exploited for ransomware attacks. More than one hundred different cyber-criminal gangs are actively conducting ransomware attacks, deploying over 50 different ransomware families in campaigns which see them encrypt networks and demand a ransom payment for the decryption key. The analysis from Microsoft Security Intelligence notes that some of the most prominent ransomware attacks of
Cyberattacks in the US have significantly increased over the past year, with the healthcare system and other critical sectors being attacked as the threat of malware like ransomware and foreign spyware continues to evolve. During 2022, US government officials and lawmakers renewed their focus on cyber security and sought to secure the country’s critical sectors from rising cyber threats. This issue will increase in 2023, as many of those threats are still escalating while the cyber sector is c
In the last few years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the Internet's most severe security crisis. Now, the US Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new security warning.
Ransomware is a type of malicious software, or malware that prevents you from accessing your computer files, systems, or networks and d
We are only 10 days into 2023 and already a ransomware attacks continue to escalate. San Francisco’s Bay Area Rapid Transit (BART) is investigating an alleged ransomware attack after the Vice Society ransomware gang claimed to have attacked the agency. BART which is the fifth-busiest heavy rail rapid transit system in the US, was listed on the group’s leak site on Friday. The chief communications officer for BART, reported that they are investigating the data that was stolen and posted by the
Hospitals on the front line of cyberattacks are increasingly strained under the often deadly conditions created by such hacks. Capitalizing on the chaos of the COVID-19 pandemic, cyber criminals frequently shut down hospital networks at a time when they were overwhelmed, leading to limited emergency services, canceled surgeries, and a spike in deaths. Hackers used to treat hospitals as ‘off limits.’ Not the case anymore.
Cyber-attacks have long been viewed as less lethal than missile strikes,
Cyber threat actors continue to adapt to break the latest technologies, practices, and data privacy laws. All organizations must stay ahead of cybercrime by implementing strong cybersecurity measures and programs for today and the New Year.
Expect an increase in digital supply chain attacks - With the rapid modernization and digitization of supply chains come new security risks. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply
In the past several weeks, our analysts were asked their opinions of what they believe will be the most pressing cyber security issues for the upcoming year. I told them that you really can’t be wrong, as the malware used by all levels of hackers – is constantly changing. Our job as cyber security professional is to try our best, based upon what we have seen recently, to identify immediate challenges in our profession.
Are we guessing…… or do we use facts and evidence to make our expectations
Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Azov is the name of ransomware, malware that blocks access to files by encrypting them. It encrypts all files (except files with .ini, .dll, and .exe extensions) and appends the ".azov" extension to their filenames. Also, Azov drops ransom notes (the "RESTORE_FILES.txt" files) in all folders that i
Recently, victims of a recently uncovered form of ransomware are being warned not to pay the ransom demand simply because the ransomware is not able to decrypt files it just destroys them instead. Coded in Python, Cryptonite ransomware first appeared in October 2022 as part of a free-to-download open-source toolkit available to anyone with the skills required to deploy it in attacks against Microsoft Windows systems, with phishing attacks believed to be the most common means of delivery.
An anal
Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a recent RSM survey, 62% of mid-market companies believe they are at risk of ransomware in the next 12 months.
As ransomware is still the preferred way for actors to monetize their access, there is a need to u
Cloud computing giant Rackspace, located in San Antonio TX, confirmed earlier this week that a ransomware attack caused a widespread outage that halted email services for thousands of people. Since last Friday, the company has been dealing with an outage that took down the Microsoft Outlook Web App for thousands of customers and caused other downstream issues. The company runs a lucrative business centered on hosting Microsoft Exchange infrastructure, which offers customers Microsoft email, cal
A recent cyber-attack caused the trains operated by Denmark’s largest train service DSB to come to a halt. Threat actors hit a third-party IT service provider associated with DBS, which slammed the brakes on. The cyber-attack hit the Danish company Supeo, an IT service that provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities. DSB is the largest train operating company in Denmark.[1]
“Trains throughout th
Red Sky Alliance maintains a substantial dark web collections data set and we make this data available to our customers through our CTAC, RedXray, and API products. This gives customers the opportunity to explore and perform analyses on dark web data without the need for establishing a safe infrastructure for navigating the Tor network. To date we have collected over 1.4 million data points across 80 dark web sites. The set of sites that we collect from on an ongoing basis will change with ne
Over two and a half years, a Russian-speaking ransomware group named OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation. The group's victims include companies in logistics, industry, insurance, retail, real estate, software development, banking, and arms manufacturing.
OldGremlin is using custom backdoors (TinyPosh and TinyNode) and ransomware (TinyCrypt, a.k.a decr1pt) along with third-party software for reconnaissance a
The White House has begun its second annual International Counter Ransomware Summit in which Biden administration officials will convene with representatives of three dozen nations, the EU, and private business to discuss the growing threat posed by data-destroying cyberattacks. President Biden will not be attending the meetings.
According to administration officials previewing the summit over the weekend, the two-day event will focus on priorities like improving system resilience and developing
