X-Industry

Cl0p ransomware began as a part of the Cryptomix family and was first seen in the wild in 2019 operating as a Ransomware-as-a-Service (RaaS) platform.  The group has targeted international organizations including companies in the pharmaceditcal, education, technology, and industrial verticals.   

The Cl0p ransomware group had a quiet end to 2021 after being shut down following Operation Cyclone, a joint law enforcement operation involving Interpol, Europol, Ukrainian Law enforcement, United Stat

Network credentials and virtual private network (VPN) access for colleges and universities based in the US are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber-attacks against individual users or affiliated organizations," the US Federal Bureau of Investigation (FBI) said in an advisory published last week.  See:  https://www.ic3.gov

Costa Rica is still reeling from the ransomware attacks deployed by the Conti group, and now the Hive ransomware group has joined in.  According to Bleeping Computer, the Hive ransomware group is behind the attack beginning 31 March 2022 targeting Costa Rica’s public health service.  

The Costa Rican government agency has publicly stated that an attack took place early Tuesday morning.  The targeted government entities included the Costa Rican Social Security Fund (CCSS).  The government also st

The Conti Ransomware group has been in and out of the news for the majority of 2022.  Beginning the year with an attack on Kenyon Produce (KP) Snacks and conducting business as usual.  When the conflict between Russia and Ukraine boiled over, the group again made headlines for taking the side of Russia.  This led to widespread dissemination of the group's internal chat messages and eventually leaks of the ransomware source code.   

The group remains in the spotlight with news of an ongoing confl

The Snatch Ransomware group was first discovered at the end of 2019. The ransomware gained publicity due to its novel encryption method in which is reboots that target machine into safe mode and disables a number of security services before encrypting files, limiting the likelihood of detection.

The Ransomware also differs from major groups as they use targeted attacks rather than large phishing campaigns to gain access to specific companies. The group has been described as a big game hunter tha

When a small business owner is faced with the responsibilities of production economics, financial reports and marketing all at the same time, cybersecurity can often appear complicated and unnecessary. However, this disregard for IT security is being exploited by cybercriminals.[1]  Researchers at Kaspersky report the dynamics of attacks on small and medium-sized businesses between January and April 2022 and the same period in 2021 to identify which threats pose an increasing danger to entrepren

Ransomware has hit an Illinois college with devastating results.  It is shutting its doors permanently.  Lincoln College says it will close this week in the wake of a ransomware attack that took months to resolve.  While the impact of COVID-19 severely impacted activities such as recruitment and fundraising, the cyberattack seems to have been the tipping point for the Illinois college. 

The college has informed the Illinois Department of Higher Education and Higher Learning Commission that it wi

Black Basta, a new ransomware group, has made their presence felt by claiming responsibility for twelve ransomware attacks in the month of April.   Black Basta, like many other ransomware operations, uses double-extortion tactics, stealing victim data before encrypting systems to leverage payment.  The group then uses their Tor site and slowly leaks victim data, applying pressure to victims to pay the ransom for the decryption key.  Notable targets from the first stretch of attacks include the A

There are many things you can do to protect yourself against cyberattacks but if you still do not remember the basics, then your organization is an easy target for cyber criminals.  Please review what Red Sky Alliance recommends at the end of this article.

A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware.  The BlackCat ransomware attack against the undisclosed organization took place in March 2022

Has the notorious REvil, aka Sodinokibi, ransomware operation come back? Researchers suspect former developers may have restarted the server and data leak site. On 20 April 2022, the original Happy Blog leak site began redirecting to the new blog, which lists both old and seemingly new victims, including Oil India Limited.  Cybersecurity researchers on Twitter attributed a recent ransomware attack at Oil India Limited to either REvil or imposters using the gang's name.

In early April 2022, at th

Sound merger and acquisition often checks on a company’s cyber safeguarding and data transfer provisions said the President of investment banking and dealership advisory firm Presidio Group.  Specifically, auto dealership purchase agreements many times include representations that the seller has complied with Gramm-Leach-Bliley and has taken reasonable steps to protect their computer systems and customers’ information, said a principal attorney and partner with Holland & Knight in Denver, CO who

They say “Birds of a Feather, Flock Together.”  This holds true with criminal hackers.  Threat analysts have recently compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods.[1]

Link to full report: TR-22-095-002_Fin7.pdf

[1] https://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/

US federal authorities first became aware of RagnarLocker in April 2020 and subsequently produced a cyber report to disseminate known indicators of compromise (IOCs) at that time.  The linked report provides  updated and additional IOCs to supplement that report.  As of January 2022, analysts have identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government,

A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on February 25^th, in the aftermath of Russia’s invasion of Ukraine.  The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists an

Welcome to the new normal, the cybersecurity threat landscape has gotten progressively more complex and dangerous.  The online world is full of data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses.  The cyber threat actors have the upper hand at the moment. Part of the reason for that is the fallout from the rapid digitization made necessary by the COVID-19 pandemic.  According to research on the subject, more than half of business

Logistics and freight forwarding giant Expeditors International announced a cyber-attack on 20 February that crippled some of their operating systems and continues to slow their operations around the globe.  The Seattle-based freight company, which brought in $10.1 billion in revenue last year, said they shut down most of their operating systems globally after discovering the cyber-attack.  "The situation is evolving, and we are working with global cybersecurity experts to manage the situation.

BlackByte ransomware has been used in recent attacks on at least three critical infrastructure sectors in the US.  Available to bad actors as a Ransomware-as-a-Service (RaaS), BlackByte has been used in attacks against US and foreign businesses, including in critical infrastructure sectors such as government, financial, and food and agriculture, the FBI and US Secret Service warn.

The gang emerged in July 2021 when it began exploiting software vulnerabilities to target corporate victims worldwid

If you or your company was unfortunate enough to be caught in the web of a ransomware attack, the consequences may have been devastating.  Hopefully you got rid of the infection, but the all-important files affected by such an attack could still be under lock and key.  Without backups, which is more common than you may think, the files may be gone forever.

A tiny slice of good fortune: Occasionally, we all catch break.  Files can sometimes be recovered in the following ways[1]:

• A ransomware aut

The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint Cybersecurity Advisory outlining the growing international threat posed by ransomware over the past year.

The advisory titled “2021 Trends Show Increased Globalized Threat of Ransomware”[1] outlines top trends seen across three nation

Red Sky Alliance has been building our dark web data collection since late January 2021. With it, we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 1.3 million data points on over 75 sites and we are adding new sites regulary. The dark web sites that we collect from evolves over time as new sites come and older sites shut down, but we maintain a historical record of those decommissioned sites. Lastl