X-Industry

Iranian hackers have reportedly hit multiple Israeli companies with ransomware, in a new campaign of attacks.  A group describing itself as 'N3tw0rm' (Networm) recently added the logo of H&M Israel to their naming and shaming website, just three days after another local firm, Veritas Logistics, was hit.

It is suspected that Iran's Islamic Revolutionary Guard Corps was behind a ransomware campaign that used a contracting company called "Emen Net Pasargard," or ENP, to target over a dozen organiza

A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.

On 29 April 2021, the Institute for Security and Technology's Ransomware Task Force published the framework, which features 48 proposals. It calls for a coordinated, international diplomatic and law enforcement effort to combat t

Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations.  A direct cyber shot was delivered to the US oil and gas industry by a Russian criminal group known as DarkSide.  DarkSide was identified in the ransomware attack that shut down the US-Georgia-based Colonial Pipeline, which immediately created fuel shortages to cars, trucks, and the airline industry.  The ransom of $5 million USD was eventually paid to get the pipeline back i

From Krebs On Security, 17 May 2021.[1]  Our analysts think this is important information and wish to share with our Red Sky Alliance members.  In a Twitter discussion last week on ransomware attacks, Krebs On Security noted[2] that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukr

Recently a trusted cyber professional of Red Sky Alliance, with close to 40 years in the business said, “As cyber technology grew in the last thirty plus years, our international community sacrificed security for convenience.”  So true. 

Now we ask: if a Russian cyber-criminal group[1] or the North Korean military hacks[2] your company, places ransomware on your network because of corporate carelessness and then demands millions to unlock your valuable data - at that point - does it really matte

Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations.  A direct cyber shot was delivered to the US oil and gas industry, allegedly by a Russian criminal group known as DarkSide.  DarkSide is suspected in the ransomware attack that shut down the US-Georgia based Colonial Pipeline, which immediately created fuel shortages to cars, trucks and the airline industry. 

This pipeline attack now has other energy sector officials on edge

What is RedPane?

RedPane is a dark web search engine tool that has been developed by Red Sky Alliance since late January 2021. With RedPane we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 300,000 data points on over 50 sites and we are adding new sites weekly.

With RedPane we have developed custom processes to capture text data from dark web sites that we designate, parse that information into a for

Cyber threat actors are increasingly using and abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems.  Telegram is a cloud-based instant messaging and voice-over IP service. Telegram client apps are available for Android, iOS, Windows Phone, Windows NT, macOS, and Linux.  Users can send messages and exchange photos, videos, stickers, audio, and files of any type.  Even when Telegr

US Atlanta based Colonial Pipeline Company said in a statement last Friday that it was the victim of a cybersecurity attack, and so "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems."  An updated statement over the weekend it said it had "determined that this incident involves ransomware."

A former U.S. official and two industry sources have told media that the group DarkSide is among the sus

The US Nation’s Capital police department has reportedly been hit by Russian-speaking ransomware threat actors who claim to have stolen sensitive information on informants.  If true, this is a very troubling cyber-attack.  If informants cannot keep their anonymity, they will never work with the police.  The Babuk group gave police three days to pay-up before it shares the data with local gangs, according to media sources.  The files were allegedly posted on a dark web forum. 

Babuk ransomware is

The malware seems like nothing special at first, but further exploration shows it can wreak serious damage in follow-on attacks.  The NitroRansomware malware strain is changing the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money.  Discord is a VoIP, instant messaging and digital-distribution platform designed for creating communities. Users communicate with voice calls, video calls, text messaging, media and files in private chats or as part of communit

Ransomware has been one of the hottest topics in cybersecurity during the last year. Some researchers are labeling it the "perfect storm."  A storm made more severe by the pandemic, with so many employees working remotely, exacerbating the risk of ransomware. However, there are other contributing factors to the rise in ransomware the world witnessed in 2020.

The Royal United Services Institute for Defense and Security Studies (RUSI), a British defense and security think tank, has released a repo

Researchers have dissected some of the attacks involving the Hades ransomware and published information on both the malware itself and the tactics, techniques and procedures (TTPs) employed by its operators.  Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid.  Hades was named

The Houston Rockets professional basketball team is reporting that their security and law enforcement authorities are investigating a cyber-attack.  Officials are claiming a new hacking group attempted to install ransomware on the basketball team’s internal systems.  “The Rockets organization recently detected suspicious activity on certain systems in its internal network.  We immediately launched an investigation,” the Rockets said in an emailed statement, adding cybersecurity experts are assis

One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021.  The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.

Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US.  It employs about 5,800 workers and

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back.  BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details.  Ziggy ransomware ceased operations in early February.  In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all

The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations.  The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US.  The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and