X-Industry

The US Nation’s Capital police department has reportedly been hit by Russian-speaking ransomware threat actors who claim to have stolen sensitive information on informants.  If true, this is a very troubling cyber-attack.  If informants cannot keep their anonymity, they will never work with the police.  The Babuk group gave police three days to pay-up before it shares the data with local gangs, according to media sources.  The files were allegedly posted on a dark web forum. 

Babuk ransomware is

The malware seems like nothing special at first, but further exploration shows it can wreak serious damage in follow-on attacks.  The NitroRansomware malware strain is changing the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money.  Discord is a VoIP, instant messaging and digital-distribution platform designed for creating communities. Users communicate with voice calls, video calls, text messaging, media and files in private chats or as part of communit

Ransomware has been one of the hottest topics in cybersecurity during the last year. Some researchers are labeling it the "perfect storm."  A storm made more severe by the pandemic, with so many employees working remotely, exacerbating the risk of ransomware. However, there are other contributing factors to the rise in ransomware the world witnessed in 2020.

The Royal United Services Institute for Defense and Security Studies (RUSI), a British defense and security think tank, has released a repo

Researchers have dissected some of the attacks involving the Hades ransomware and published information on both the malware itself and the tactics, techniques and procedures (TTPs) employed by its operators.  Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid.  Hades was named

The Houston Rockets professional basketball team is reporting that their security and law enforcement authorities are investigating a cyber-attack.  Officials are claiming a new hacking group attempted to install ransomware on the basketball team’s internal systems.  “The Rockets organization recently detected suspicious activity on certain systems in its internal network.  We immediately launched an investigation,” the Rockets said in an emailed statement, adding cybersecurity experts are assis

One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021.  The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.

Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US.  It employs about 5,800 workers and

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back.  BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details.  Ziggy ransomware ceased operations in early February.  In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all

The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations.  The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US.  The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and

“No entiendo como se comprometió España.”  Responder en Inglés, “well my friends, no one is immune to cyber-attacks - no one.”  Spain’s State Public Employment Service (SEPE), which coordinates unemployment benefits and ERTE throughout Spain, has been the victim of a cyberattack that has crippled its electronic and face-to-face appointment-setting services and other procedures.[1]  A government Spanish spokesman said, “At the moment it is not possible to access the website”, with the Central Tra

A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have recently found.  The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as

Ransomware continues to create havoc for organizations of all types and the problem only seems to be getting worse every year. Cyber threat defenders across every type of targeted organization, including government agencies and private businesses - would do well to have more effective defenses in place.  Such defenses would ideally include organizations proactively looking for known ransomware attackers' tactics, techniques and procedures. That kind of threat hunting can help defenders spot atta

While in existence prior to 2016, ransomware gained notoriety that year targeting the global healthcare industry, and in several instances, successfully extorting ransoms from victims. Since then, ransomware has turned out to be more than just a nuisance crime, with ransomware operators adjusting targeting strategies, malware deployment, and diversifying how they executed their campaigns to maintain success rates. Over the past few years, ransomware operators have shifted tactics, moving from wi

No one needs reminding that ransomware has reached incredible proportions; one widely reported statistic from Purplesec suggests that $20 billion was paid out in 2020. That's almost double its $11.5 billion estimate from 2019, with a commensurately huge increase in the number of attacks, while BitDefender suggested a 715% increase in the first half of the year.

The "crews" have multiplied, adopted tactics that are reminiscent of nation-state attacks, and developed partnerships and relationships

A group of cybercriminals known for ransomware attacks has started leaking files allegedly stolen from Jones Day.  Jones Day is an international law firm based in the US.  As of 2018, it was the fifth largest law firm in the US and the 13th highest grossing law firm in the world.  Jones Day has represented former US president Donald Trump, including his inquiries into the 2020 voting irregularities. 

The cybercriminals behind the ransomware operation known as Clop (Cl0p) have been known to encry

Back in the 1960’s, our educational systems began teaching a concept called, Phonics.  Phonics is a method for teaching people how to read and write an alphabetic language. It is done by demonstrating the relationship between the sounds of the spoken language, and the letters or groups of letters or syllables of the written language.  Enter FonixCrypter, not the mobile app but the criminal hacking gang - which is far from the innocent way of teaching language. 

It is being reported that the Foni

In 1972, Alice Cooper sang a popular song: “School’s Out.”  In 2020, school has literally been 'OUT for Covid.'  The global pandemic has shut down many, many global school systems.  This created a system of teaching virtually using a variety of on-line platforms.   That turned the heads of black hat hackers to successively focus on attacking school systems, teachers, parents and students.  Recently, there has been a significant increase in ransomware cyber-attacks on virtual classrooms.  The Cor

A report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don't operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits. The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.

In today’s world, the ransomwar

SANS has long been a leader in cyber and has recently published a research paper on Ransomware Prevention.  2020 saw ransomware attacks sky-rocket.  Below is a brief introduction and link to the full report.  "Ransomware is a fast-growing threat affecting organizations of all sizes and industries.  Quick spreading and highly interruptive, ransomware damage ranges from profoundly impacting a business’s finances to threatening proper healthcare by disabling access to critical data needed for medic