The old trick of using a Trojan horse to deceive is still in vogue and using cyber as the lure. A massive phishing campaign is distributing what looks like ransomware but is in fact trojan malware that creates a backdoor into Windows systems to steal usernames, passwords, and other information from victims. Detailed by cybersecurity researchers at Microsoft, the latest version of the Java-based STRRAT malware is being sent out via a large email campaign, which uses compromised email accounts t
ransomware (312)
The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports. Active since at least 2009 and also referred to as TA505, the hacking group is known for the use of the Dridex banking Trojan, but also for ransomware families such as Locky, Bart, Jaff, and BitPaymer, along with the more recent WastedLocker and Hades.
Evil Corp is allegedly run by Russian nationals Maksim Yakub
In the US, the Federal Bureau of Investigation (FBI) issued an alert on 20 May regarding “Conti,” a highly disruptive ransomware variant. Cyber-attacks associated with Conti and the previously published Darkside ransomware variant are believed to be emanating from criminal networks operating from a non-cooperative foreign jurisdiction. The FBI says it identified at least 16 Conti ransomware attacks targeting US health care and first responder networks, including law enforcement agencies, emerg
Iranian hackers have reportedly hit multiple Israeli companies with ransomware, in a new campaign of attacks. A group describing itself as 'N3tw0rm' (Networm) recently added the logo of H&M Israel to their naming and shaming website, just three days after another local firm, Veritas Logistics, was hit.
It is suspected that Iran's Islamic Revolutionary Guard Corps was behind a ransomware campaign that used a contracting company called "Emen Net Pasargard," or ENP, to target over a dozen organiza
A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.
On 29 April 2021, the Institute for Security and Technology's Ransomware Task Force published the framework, which features 48 proposals. It calls for a coordinated, international diplomatic and law enforcement effort to combat t
Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations. A direct cyber shot was delivered to the US oil and gas industry by a Russian criminal group known as DarkSide. DarkSide was identified in the ransomware attack that shut down the US-Georgia-based Colonial Pipeline, which immediately created fuel shortages to cars, trucks, and the airline industry. The ransom of $5 million USD was eventually paid to get the pipeline back i
From Krebs On Security, 17 May 2021.[1] Our analysts think this is important information and wish to share with our Red Sky Alliance members. In a Twitter discussion last week on ransomware attacks, Krebs On Security noted[2] that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukr
Recently a trusted cyber professional of Red Sky Alliance, with close to 40 years in the business said, “As cyber technology grew in the last thirty plus years, our international community sacrificed security for convenience.” So true.
Now we ask: if a Russian cyber-criminal group[1] or the North Korean military hacks[2] your company, places ransomware on your network because of corporate carelessness and then demands millions to unlock your valuable data - at that point - does it really matte
Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations. A direct cyber shot was delivered to the US oil and gas industry, allegedly by a Russian criminal group known as DarkSide. DarkSide is suspected in the ransomware attack that shut down the US-Georgia based Colonial Pipeline, which immediately created fuel shortages to cars, trucks and the airline industry.
This pipeline attack now has other energy sector officials on edge
What is RedPane?
RedPane is a dark web search engine tool that has been developed by Red Sky Alliance since late January 2021. With RedPane we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 300,000 data points on over 50 sites and we are adding new sites weekly.
With RedPane we have developed custom processes to capture text data from dark web sites that we designate, parse that information into a for
Cyber threat actors are increasingly using and abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. Telegram is a cloud-based instant messaging and voice-over IP service. Telegram client apps are available for Android, iOS, Windows Phone, Windows NT, macOS, and Linux. Users can send messages and exchange photos, videos, stickers, audio, and files of any type. Even when Telegr
US Atlanta based Colonial Pipeline Company said in a statement last Friday that it was the victim of a cybersecurity attack, and so "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems." An updated statement over the weekend it said it had "determined that this incident involves ransomware."
A former U.S. official and two industry sources have told media that the group DarkSide is among the sus
The US Nation’s Capital police department has reportedly been hit by Russian-speaking ransomware threat actors who claim to have stolen sensitive information on informants. If true, this is a very troubling cyber-attack. If informants cannot keep their anonymity, they will never work with the police. The Babuk group gave police three days to pay-up before it shares the data with local gangs, according to media sources. The files were allegedly posted on a dark web forum.
Babuk ransomware is
The malware seems like nothing special at first, but further exploration shows it can wreak serious damage in follow-on attacks. The NitroRansomware malware strain is changing the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money. Discord is a VoIP, instant messaging and digital-distribution platform designed for creating communities. Users communicate with voice calls, video calls, text messaging, media and files in private chats or as part of communit
Ransomware has been one of the hottest topics in cybersecurity during the last year. Some researchers are labeling it the "perfect storm." A storm made more severe by the pandemic, with so many employees working remotely, exacerbating the risk of ransomware. However, there are other contributing factors to the rise in ransomware the world witnessed in 2020.
The Royal United Services Institute for Defense and Security Studies (RUSI), a British defense and security think tank, has released a repo
