Researchers have dissected some of the attacks involving the Hades ransomware and published information on both the malware itself and the tactics, techniques and procedures (TTPs) employed by its operators. Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid. Hades was named
ransomware (312)
The Houston Rockets professional basketball team is reporting that their security and law enforcement authorities are investigating a cyber-attack. Officials are claiming a new hacking group attempted to install ransomware on the basketball team’s internal systems. “The Rockets organization recently detected suspicious activity on certain systems in its internal network. We immediately launched an investigation,” the Rockets said in an emailed statement, adding cybersecurity experts are assis
One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021. The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.
Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US. It employs about 5,800 workers and
After recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back. BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details. Ziggy ransomware ceased operations in early February. In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all
The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations. The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and
“No entiendo como se comprometió España.” Responder en Inglés, “well my friends, no one is immune to cyber-attacks - no one.” Spain’s State Public Employment Service (SEPE), which coordinates unemployment benefits and ERTE throughout Spain, has been the victim of a cyberattack that has crippled its electronic and face-to-face appointment-setting services and other procedures.[1] A government Spanish spokesman said, “At the moment it is not possible to access the website”, with the Central Tra
A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have recently found. The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as
Ransomware continues to create havoc for organizations of all types and the problem only seems to be getting worse every year. Cyber threat defenders across every type of targeted organization, including government agencies and private businesses - would do well to have more effective defenses in place. Such defenses would ideally include organizations proactively looking for known ransomware attackers' tactics, techniques and procedures. That kind of threat hunting can help defenders spot atta
While in existence prior to 2016, ransomware gained notoriety that year targeting the global healthcare industry, and in several instances, successfully extorting ransoms from victims. Since then, ransomware has turned out to be more than just a nuisance crime, with ransomware operators adjusting targeting strategies, malware deployment, and diversifying how they executed their campaigns to maintain success rates. Over the past few years, ransomware operators have shifted tactics, moving from wi
No one needs reminding that ransomware has reached incredible proportions; one widely reported statistic from Purplesec suggests that $20 billion was paid out in 2020. That's almost double its $11.5 billion estimate from 2019, with a commensurately huge increase in the number of attacks, while BitDefender suggested a 715% increase in the first half of the year.
The "crews" have multiplied, adopted tactics that are reminiscent of nation-state attacks, and developed partnerships and relationships
A group of cybercriminals known for ransomware attacks has started leaking files allegedly stolen from Jones Day. Jones Day is an international law firm based in the US. As of 2018, it was the fifth largest law firm in the US and the 13th highest grossing law firm in the world. Jones Day has represented former US president Donald Trump, including his inquiries into the 2020 voting irregularities.
The cybercriminals behind the ransomware operation known as Clop (Cl0p) have been known to encry
Back in the 1960’s, our educational systems began teaching a concept called, Phonics. Phonics is a method for teaching people how to read and write an alphabetic language. It is done by demonstrating the relationship between the sounds of the spoken language, and the letters or groups of letters or syllables of the written language. Enter FonixCrypter, not the mobile app but the criminal hacking gang - which is far from the innocent way of teaching language.
It is being reported that the Foni
In 1972, Alice Cooper sang a popular song: “School’s Out.” In 2020, school has literally been 'OUT for Covid.' The global pandemic has shut down many, many global school systems. This created a system of teaching virtually using a variety of on-line platforms. That turned the heads of black hat hackers to successively focus on attacking school systems, teachers, parents and students. Recently, there has been a significant increase in ransomware cyber-attacks on virtual classrooms. The Cor
A report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don't operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits. The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.
In today’s world, the ransomwar
SANS has long been a leader in cyber and has recently published a research paper on Ransomware Prevention. 2020 saw ransomware attacks sky-rocket. Below is a brief introduction and link to the full report. "Ransomware is a fast-growing threat affecting organizations of all sizes and industries. Quick spreading and highly interruptive, ransomware damage ranges from profoundly impacting a business’s finances to threatening proper healthcare by disabling access to critical data needed for medic
Cybercriminals will often use brute-force attacks, phishing emails, and existing data dumps to break into corporate networks but there is one area that is often ignored to a company's detriment: ghost accounts. It is not always the case that when a staff member leaves their employ, whether due to a new job offer, changes of circumstance, illness, or in unfortunate cases, death, that their accounts are removed from corporate networks.
This oversight is one that cybercriminals are now taking adv
Attacks involving million-dollar ransom demands attract headlines, but the payout is no longer the sole financial incentive for attackers. The exfiltration of critical data is a key motivator that can be used to extort victims into paying even larger fees to recover assets. Data, including intellectual property such as research and patents, is often targeted by organized groups or as part of corporate espionage. Stealing this information and then coercing a business into paying to get access to
In their attempt to extort as much money as quickly as possible out of victims, ransomware gangs know some effective techniques to get the full attention of a firm’s management team. One of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom.
Although the technique of prioritizing the theft of data from managers’ PCs
Last October 2020, researchers at US security company AdvIntel discovered that one of the Internet’s most troublesome malware platforms, Trickbot, had started testing something rather threatening: probing UEFI firmware chips inside targeted PCs to see whether they were vulnerable to known firmware vulnerabilities. This was only reconnaissance, Trickbot was not infecting the SPI flash chip on which UEFI firmware resides, but the discovery is significant.
UEFI (Unified Extensible Firmware Interfa
Our Red Sky Alliance research predictions for 2021 are not necessarily in any order of importance yet presented as what we believe are the most important.
Ransomware…Ransomware… Ransomware
2020 saw a dramatic rise in ransomware activity. While it is difficult to predict specifically what ransomware authors will do next, it can be expected that they will continue to do what has worked well for them in the past if it continues as profitable. Ransomware ‘payment’ amounts saw a 217% rise in 2020 f
