A recent Chainalysis report indicates that 2024 is set to be the highest-grossing year for ransomware payments. 2023 is the current record holder in that regard, surpassing the $1 billion dollar mark, which was an interesting development given the significant decline in ransomware payments that occurred in 2022. In the chart we have below, we can see a clear trendline indicating an increasing trend since 2019. In hindsight, it may be more useful to view 2022 as an anomaly. The mid-year total
ransomware (368)
A new security report released this week revealed a record-breaking $75 million ransom paid by a single victim to the Dark Angels ransomware gang earlier this year. The payment surpasses the previous highest known ransom of $40 million paid by insurance giant CNA to Evil Corp. The specific company involved has not been disclosed at the time of this writing. However, there are speculations that pharmaceutical giant Cencora ranked #10 on the Fortune 50 list, experienced a cyberattack in February
The government of Columbus, Ohio said it is aware of claims made by a ransomware gang that troves of sensitive city information are available for sale. The Rhysida ransomware group took credit on Wednesday for the 18 July, threatening to leak 6.5 terabytes of exfiltrated information from the city’s systems allegedly containing emergency services data, access to city cameras and more.
A city spokesperson said late last week they are aware of the matter but could not comment, adding that the situ
On 17 July 2024, cybersecurity experts gathered at Cecil College[1] for the Cyber Security in Agriculture Forum to discuss the escalating threats to digital information and privacy across all sectors, specifically agriculture. Panelists unanimously agreed that cyber threats are increasing in frequency and sophistication, posing significant risks to individuals, small businesses, corporations, and large public entities.
The forum began with an overview of the current cybersecurity landscape, hig
In today's digital age, ransomware has emerged as a formidable threat to businesses of all sizes. This malicious attack can paralyze operations, damage reputations, and inflict severe financial losses. Mid-market organizations are particularly vulnerable, with over half (57%) admitting they don't regularly review and replace legacy systems, and a similar number (57%) failing to patch their systems regularly.
This creates an expanded attack surface for cybercriminals to exploit them. The conse
The HardBit ransomware first appeared in October 2022, with a 2.0 version coming shortly thereafter in November of 2022. As one expects of a ransomware attack, HardBit targets organizations and demands cryptocurrency payments in exchange for decrypting data.
Earlier variants of HardBit aren’t noted as being especially unique, though one standout attribute of HardBit is that the operators have enhanced their extortion tactics by demanding to know about the victim’s potential cyber insurance co
Global cyber insurance premiums are declining despite an increase in ransomware attacks, according to a recent report by insurance broker Howden www.howdengroup.com. This trend reflects improved business security practices, evolving insurance industry dynamics, and changing attitudes toward cyber risk management.
The Howden report indicates that the cyber insurance market experienced double-digit price reductions in 2023/24, starkly contrasting the skyrocketing premiums seen in 2021 and 2022 d
After confirming a production-halting cyberattack last month, forklift manufacturer Crown Equipment said on 1 July that operations have resumed. Crown said work was proceeding at all 24 of its manufacturing plants. The company’s manufacturing operations had been suspended since 10 June due to the attack on its business systems.
A company spokesman has declined to comment on the attack and said no further information would be available. The company has declined to answer questions about how ma
A major cyber-attack occurred just before the Fourth of July holiday in 2021, affecting at least 200 US companies. The attack was a ransomware attack that occurred first at Kaseya, a Florida-based IT company, and then spread through the corporate networks that use its software. The attack affected multiple managed service providers and their customers. The REvil ransomware gang was behind the attack. Please stay vigilant during all holiday times.
At least 200 US companies were hit by a major
The LockBit ransomware group has claimed a significant increase in attack volume in May 2024, which would once again make it the most active ransomware gang, a new report from NCC Group shows. The LockBit ransomware operation was disrupted in February when law enforcement agencies in North America, Europe, and Asia seized 34 servers, took over the gang’s Tor-based leak site, froze its cryptocurrency wallets, and collected technical information on the group’s infrastructure.
The US government ha
A cyber-attack that sent US based Ascension hospitals and health care systems offline in May happened because a worker accidentally downloaded malware, officials said this week. “Clinical operations” were affected at Ascension hospitals and medical centers, which operate in Michigan and 18 other states, when a cyber-attack forced the organization to transition to offline systems in early May. It was later said that the attack was actually a ransomware attack, meaning someone (or a group) brok
In April of this year, a cyberattack on a large telecommunications company has been claimed by a ransomware gang that is gaining momentum as a cybercriminal operation. On 1 June, the RansomHub operation posted Frontier Communications to its leak site claiming to have sensitive information of more than 2 million people. The group claimed it spent more than two months attempting to extort the company but never got a response. Frontier did not respond to requests for comment but reported a cyber
Law enforcement agencies in the United States and Europe announced on 30 May Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Titled: “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.
Link to full report: IR-24-151-001_OPendgame.p
US Cyber authorities are releasing this joint CSA to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector. This joint CSA provides TTPs and IOCs obtained from FBI investigations and third-party reporting.
Black Basta is considered a ransomware-as-a-service (RaaS) variant and was first identified in April 2022. Black Basta affiliate
LockbitSupp, the pseudonymous leader of the LockBit ransomware group, was identified as a Russian national called Dmitry Khoroshev on 7 May as the United States, United Kingdom and Australia imposed financial sanctions against him.
A 26-count indictment has been unsealed in the US charging Khoroshev, with developing and operating the LockBit ransomware service. He is accused of growing LockBit “into a massive criminal organization that has, at times, ranked as the most prolific and destructive
Security teams are facing "the perfect storm" these days, with four seemingly major contributing factors at play:
- AI and generative AI
- Geopolitical dynamics
- Changing regulatory compliance requirements
- Continuing growth in ransomware.
They all lead to a very complex threat scenario that requires significant effort from cybersecurity professionals to protect their enterprises. At the heart of these next-gen cyber defenses lies the core concept of Identity, and unfortunately, what identity entai
KageNoHitobito ransomware samples became available in late March 2024. As with most ransomware, this ransomware encrypts files on victims' machines and demands a ransom to decrypt them through dropped ransom notes. Although the group uses TOR to communicate with its victims, a data leak site is unavailable as it does not claim to have stolen any victims' information.
Infection Vector/Victimology - Information on the infection vector used by the KageNoHitobito ransomware threat actor is unavaila
Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines. As of 1 January 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds.
Early versions of the Akira ransomware variant were wr
Despite the LockBit Ransomware-as-a-Service (RaaS) gang claiming to be back after a high-profile takedown in mid-February 2024, an analysis reveals significant, ongoing disruption to the group's activities, along with ripple effects throughout the cybercrime underground, with implications for business risk. LockBit was responsible for 25% to 33% of all ransomware attacks in 2023, according to investigators, easily making it the biggest financial threat actor group of the last year. Since it eme
A leading cyber security firm, Cybereason[1], has announced the results of its third annual ransomware study, commissioned to better understand the true impact of ransomware on businesses. This global study reveals that ransomware attacks are becoming more frequent, effective, and sophisticated.
See: https://redskyalliance.org/xindustry/100-50-1-100-ransomware-gangs-using-50-types-of-malware
The Report Ransomware: The True Cost to Business 2024 reveals that of the organizations who opted to pay