ransomware (311)

12296541079?profile=RESIZE_400xA well-known ransomware group has recently filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself. 

The ransomware group known as Alphv and BlackCat claims to have breached the systems of MeridianLink, https://www.meridianlink.com  a California-based company that provides digital lending solutions for financial institutions and consumer data verificatio

12291569282?profile=RESIZE_400xA new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection.  GootLoader is a stealthy malware classified as a first-stage downloader designed to attack Windows-based systems.  It is considered an Initial-Access-as-a-Service (IAaaS) tool used within a ransomware-as-a-service (RaaS) criminal business model.  The GootLoader group's introduction of their custom bot into the late stages of their attack chain is an at

12291236295?profile=RESIZE_400xRanswomwareWhen researchers responded to an ad to join up with a Ransomware-as-a-Service (RaaS) operation, they wound up in a cybercriminal job interview with one of the most active threat actors in the affiliate business, who turns out to be behind at least five different strains of ransomware.  Meet "farnetwork," who was unmasked after giving over too many specifics to a Group-IB threat researcher pretending to be a potential affiliate for the Nokoyawa ransomware group.  The cybercriminal is a

12287149054?profile=RESIZE_400xAccording to cyber threat professionals, every 11 seconds an organization falls victim to a ransomware attack.  In today's interconnected world, cybersecurity looms as an ever-present concern that organizations can no longer afford to sideline. A 48% increase in cyber risk last year should serve as a wake-up call to all business managers.  Whether a business pays hackers a ransom or not, there are significant costs involved which will include items such as digital forensics and data restoration,

12287599457?profile=RESIZE_400xWhen I review the cybersecurity e-newsletters, the unsolicited vendors, and PR pitches offering solutions and commentary related to breaches, it is clear that the bad actors do not care which industries they affect.  Their goals are to disrupt, and if they can get some ransom money in the process or make it difficult for organizations to function normally, especially if they are friendly to their political foes, they are more than happy to do it for fun and profit.[1]

Here are some companies fro

12282135297?profile=RESIZE_400xThis Fortiguard article in the Ransomware Roundup covers the Knight ransomware.

Knight Ransomware Overview: 
Knight is a relatively new ransomware group that arrived in August 2023. Like many attackers, the gang behind this variant employs double extortion tactics, where the Knight ransomware encrypts files on victims’ machines and exfiltrates data for extortion purposes.


The predecessor of Knight, Cyclops, had multi-OS tools for Windows, Linux, and Mac OS. So, while FortiGuard Labs had only loc

12271509879?profile=RESIZE_400xThe RagnarLocker ransomware’s infrastructure and the website the group used for shaming victims were taken down this week as part of a coordinated law enforcement effort.  Active since 2020, RagnarLocker has been involved in numerous attacks, with at least 52 entities across 10 critical infrastructure sectors falling victims to this ransomware family, according to data from the Federal Bureau of Investigation (FBI).

See:  https://redskyalliance.org/xindustry/ragnar-locker-ransomware

Unlike other

12264389452?profile=RESIZE_400xLast year, Forbes wrote a scary article about facts and patterns that applied to Halloween and Cybersecurity Awareness Month of October.[1]  After another year, the online environment and digital dangers are still unsettling, if not scarier.  So, exploring some of the stats and trends is time again.

“In 2023, the World Economic Forum, for the first time, ranked cybercrime and cybersecurity as one of the top ten global risks over a 2-year and 10-year period.  Legislation in the US and Europe is m

12269932086?profile=RESIZE_400xThe hackers behind the ransomware attack that crippled operations at MGM Resorts are “one of the most dangerous financial criminal groups” currently operating, researchers at Microsoft said last week.  In a blog, the researchers explained the tactics used by Octo Tempest, a group also known as Scattered Spider, 0ktapus or UNC3944.

The group has been in the limelight since its attack on MGM Resorts left parts of Las Vegas paralyzed for days and cost the casino giant an estimated $100 million.  Th

12263661693?profile=RESIZE_400xIn a world driven by connectivity and digitalization, the maritime industry is not immune to the growing threat of cyberattacks.  A recent report by Thetius, law firm HFW, and maritime cybersecurity company CyberOwl reveals a sobering truth: the average cost of a cyberattack in the maritime sector has soared to $550,000, a threefold increase from $182,000 in 2022.  Moreover, ransom demands have skyrocketed by more than 350%, with an average payment of $3.2 million, up from $3.1 million the previ


The link below provides is document is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.  This publication was developed through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in the Cyber Incident Reporting

12258730486?profile=RESIZE_400xThe United States and United Arab Emirates (UAE) have finalized an agreement that sets out how the two countries will cooperate on cybersecurity and digital resilience.  The memorandum of understanding signed by the Treasury Department and the UAE’s Cyber Security Council calls for increased information sharing about digital threats to the financial sector; more staff training and visits; and “competency-building activities” like joint online exercises, according to the Treasury.[1]

“As cyber-at

12258758265?profile=RESIZE_400xColonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats last Friday; yes Friday the 13th.  The company, which runs the largest pipeline system for refined oil products in the US, addressed claims made by the Ransomed.vc gang that data had been stolen from their systems.

“Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party.  After wor

12254133253?profile=RESIZE_400xUS Authorities have shared a joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.  #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.  Visit stopransomware.gov to see all #StopRansomware advisories and to learn

12238984872?profile=RESIZE_400xThe US Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023.  "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants were deployed in various combinations."

See:  https://www.ic3.gov/Media/News/2023/230928.pdf

Not much is

12233630458?profile=RESIZE_400xRetch is a new ransomware variant first discovered in mid-August 2023.  It encrypts files on compromised machines and leaves two ransom notes asking victims to pay a ransom for file decryption.

Infection Vector - Information about the infection vector used by the Retch ransomware threat actor is not currently available.  However, it is unlikely to be significantly different from other ransomware groups.[1]  Retch ransomware samples have been submitted to a public file scanning service from the f

12227241298?profile=RESIZE_400xThe media is full of stories about cyber threats, attacks, and ransomware demands, and why is this the norm?   Digital transformation creates larger data estates, opening new avenues of attack for cybercriminals.  Bad actors’ tactics are sophisticated and constantly evolving, making it difficult for companies to stay ahead of emerging threats.  Cyber threat intelligence gives businesses the information and capabilities they need to refine their defenses continually.

Targeted cyber threat intelli

12227366685?profile=RESIZE_400xCyber security refers to every aspect of protecting a company or organization as well as its employees and assets from online threats.  For all of us in animal agriculture, cybersecurity is no longer just about avoiding those sketchy phishing emails or resetting our passwords.  It’s about being aware of our online presence and how that may make us vulnerable to individuals or groups looking to gain access to sensitive information with the intent to target our farms or companies.[1]

Recently, the

12219035090?profile=RESIZE_192XDoDo ransomware was first reported last February of 2023.  It is a variant of the widely reported and observed Chaos ransomware.  Because it is a derivative, the DoDo ransomware is not considered new and recent.  However, a slightly different version of the DoDo ransomware has recently emerged, described below.[1]

Infection Vector - DoDo ransomware samples have the “Mercurial Grabber” file icon, which indicates the ransomware was likely distributed as such.  Mercurial Grabber is an open-source m

12213058659?profile=RESIZE_400xMicrosoft spokesmen disclosed on 17 August 2023 that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.  "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's threat intelligence team said in a series of posts on X (formerly Twitter).  "This Bla