ransomware (345)

12271509879?profile=RESIZE_400xThe RagnarLocker ransomware’s infrastructure and the website the group used for shaming victims were taken down this week as part of a coordinated law enforcement effort.  Active since 2020, RagnarLocker has been involved in numerous attacks, with at least 52 entities across 10 critical infrastructure sectors falling victims to this ransomware family, according to data from the Federal Bureau of Investigation (FBI).

See:  https://redskyalliance.org/xindustry/ragnar-locker-ransomware

Unlike other

12264389452?profile=RESIZE_400xLast year, Forbes wrote a scary article about facts and patterns that applied to Halloween and Cybersecurity Awareness Month of October.[1]  After another year, the online environment and digital dangers are still unsettling, if not scarier.  So, exploring some of the stats and trends is time again.

“In 2023, the World Economic Forum, for the first time, ranked cybercrime and cybersecurity as one of the top ten global risks over a 2-year and 10-year period.  Legislation in the US and Europe is m

12269932086?profile=RESIZE_400xThe hackers behind the ransomware attack that crippled operations at MGM Resorts are “one of the most dangerous financial criminal groups” currently operating, researchers at Microsoft said last week.  In a blog, the researchers explained the tactics used by Octo Tempest, a group also known as Scattered Spider, 0ktapus or UNC3944.

The group has been in the limelight since its attack on MGM Resorts left parts of Las Vegas paralyzed for days and cost the casino giant an estimated $100 million.  Th

12263661693?profile=RESIZE_400xIn a world driven by connectivity and digitalization, the maritime industry is not immune to the growing threat of cyberattacks.  A recent report by Thetius, law firm HFW, and maritime cybersecurity company CyberOwl reveals a sobering truth: the average cost of a cyberattack in the maritime sector has soared to $550,000, a threefold increase from $182,000 in 2022.  Moreover, ransom demands have skyrocketed by more than 350%, with an average payment of $3.2 million, up from $3.1 million the previ

12260185500?profile=RESIZE_400xCYBERSECURITY BEST PRACTICES, MALWARE, PHISHING, AND RANSOMWARE, CYBER THREATS AND ADVISORIES

The link below provides is document is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.  This publication was developed through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in the Cyber Incident Reporting

12258730486?profile=RESIZE_400xThe United States and United Arab Emirates (UAE) have finalized an agreement that sets out how the two countries will cooperate on cybersecurity and digital resilience.  The memorandum of understanding signed by the Treasury Department and the UAE’s Cyber Security Council calls for increased information sharing about digital threats to the financial sector; more staff training and visits; and “competency-building activities” like joint online exercises, according to the Treasury.[1]

“As cyber-at

12258758265?profile=RESIZE_400xColonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats last Friday; yes Friday the 13th.  The company, which runs the largest pipeline system for refined oil products in the US, addressed claims made by the Ransomed.vc gang that data had been stolen from their systems.

“Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party.  After wor

12254133253?profile=RESIZE_400xUS Authorities have shared a joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.  #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.  Visit stopransomware.gov to see all #StopRansomware advisories and to learn

12238984872?profile=RESIZE_400xThe US Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023.  "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants were deployed in various combinations."

See:  https://www.ic3.gov/Media/News/2023/230928.pdf

Not much is

12233630458?profile=RESIZE_400xRetch is a new ransomware variant first discovered in mid-August 2023.  It encrypts files on compromised machines and leaves two ransom notes asking victims to pay a ransom for file decryption.

Infection Vector - Information about the infection vector used by the Retch ransomware threat actor is not currently available.  However, it is unlikely to be significantly different from other ransomware groups.[1]  Retch ransomware samples have been submitted to a public file scanning service from the f

12227241298?profile=RESIZE_400xThe media is full of stories about cyber threats, attacks, and ransomware demands, and why is this the norm?   Digital transformation creates larger data estates, opening new avenues of attack for cybercriminals.  Bad actors’ tactics are sophisticated and constantly evolving, making it difficult for companies to stay ahead of emerging threats.  Cyber threat intelligence gives businesses the information and capabilities they need to refine their defenses continually.

Targeted cyber threat intelli

12227366685?profile=RESIZE_400xCyber security refers to every aspect of protecting a company or organization as well as its employees and assets from online threats.  For all of us in animal agriculture, cybersecurity is no longer just about avoiding those sketchy phishing emails or resetting our passwords.  It’s about being aware of our online presence and how that may make us vulnerable to individuals or groups looking to gain access to sensitive information with the intent to target our farms or companies.[1]

Recently, the

12219035090?profile=RESIZE_192XDoDo ransomware was first reported last February of 2023.  It is a variant of the widely reported and observed Chaos ransomware.  Because it is a derivative, the DoDo ransomware is not considered new and recent.  However, a slightly different version of the DoDo ransomware has recently emerged, described below.[1]

Infection Vector - DoDo ransomware samples have the “Mercurial Grabber” file icon, which indicates the ransomware was likely distributed as such.  Mercurial Grabber is an open-source m

12213058659?profile=RESIZE_400xMicrosoft spokesmen disclosed on 17 August 2023 that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.  "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's threat intelligence team said in a series of posts on X (formerly Twitter).  "This Bla

12213037664?profile=RESIZE_400x

A known ransomware group on 21 August 2023 started publishing data allegedly stolen from the systems of Japanese watchmaking company Seiko https://www.seikowatches.com.  Seiko revealed on 10 August 2023 that it had identified a possible data breach on 28 July 2023, with someone gaining access to at least one server.  An investigation showed that some information may have been compromised.   “The Company and all our Group companies kindly ask our customers and business partners to contact us imm

12132161479?profile=RESIZE_400xA security alert was issued last Friday after a cyber-attack on the Election Commission of Pakistan (ECP).  The electoral watchdog has urged all employees to take the necessary precautions in the wake of the situation.  All ECP staff were ordered not to open emails which could possibly lead to precious data being leaked.  The letter dated 6 July, titled “Cyber Security Alert” and written by the ECP Information Security Specialist who shared a screengrab of an email sent to an ECP official that a

12130899701?profile=RESIZE_400xEU Health Sector: Ransomware Accounts for 54% of Cybersecurity Threats

The European Union Agency for Cybersecurity (ENISA) released a report on 5 July with its first cyber threat landscape for the health sector.  The report found that ransomware accounts for 54% of cybersecurity threats in the health sector.

The comprehensive analysis maps and studies cyberattacks, identifying prime threats, actors, impacts, and trends for a period of over 2 years, providing valuable insights for the healthcare

12127003474?profile=RESIZE_400xThe Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth https://hwlebsworth.com.au.

One of the largest law firms in Australia, HWL Ebsworth, says in an incident notice on its website that it became aware of the incident on 28 April 2023, after the ALPHV_BlackCat ransomware gang boasted about the hack, and that it immediately informed the Australian authorities and started investigating the incident.[1]

See: 

12127000067?profile=RESIZE_400xThe US Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments. Still, the impact was not expected to be great, Homeland Security officials said on 15 June 2023.  But for others, among what could be hundreds of victims from industry to higher education, including patrons of at least two state motor vehicle agencies, the hack was beginning to show some serious impa

12055538860?profile=RESIZE_400xOn a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The below report aims to provide readers with brief insights into the evolving ransomware landscape variants.

Big Head Ransomware Overview – Researchers recently came across a new ransomware variant called Big Head, which came out in May 2023.  Although there are at least three variants of Big Head ransomware, all are designed to encry