X-Industry

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

Note: this Recorded Future Ransomware Tracker is updated on the second Sunday of each month to stay current.  The number of victims posted on ransomware extortion sites increased in May, with ransomware gangs publicly claiming more than 400 attacks in a month for the second time this year. 

The uptick was fueled in large part by the Russia-linked LockBit ransomware group, which posted 74 victims to its extortion site in May.  The group has become far and away the most active ransomware gang, wit

Cyber threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware designed to capture sensitive data from infected hosts.  The threat actor behind this Ransomware-as-a-Service (RaaS) promotes its offering on forums where it requests a share of profits from those engaging in malicious activities using its malware.

Cyclops ransomware is notable for targeting all major desktop operating systems, including Windows, macOS, and Linux.  It is also des

Partial encryption is a growing trend in the world of ransomware, but with it comes the potential for data recovery on affected files.  We’ll give an overview here on what the term “partial encryption” means.  It is perhaps more accurate to say, “intermittent encryption,” but even so, it will be important to understand this recent trend in how many ransomware infections operate.  From there, we’ll introduce White Phoenix, the freely available tool developed by CyberArk which can be used on part

Cyber security researchers infiltrated the Qilin ransomware group, gaining an inside look at how the gang functions and how it rewards affiliates for attacks.  The ransomware-as-a-service group (RaaS), also known by the name “Agenda”, initially emerged in July 2022, attacking a slate of healthcare organizations, tech companies and more across the world.  They have victimized at least 12 organizations since July 2022 from Canada, the US, Colombia, France, Netherlands, Serbia, the United Kingdom a

The ransomware group Play, which is taking credit for the hacking of Lowell Massachusetts municipal network on 24 April.  Play has released 5 gigabytes of data from that theft and posted it to the dark web.

The cybercriminal group, which has been active since last year, posted a link to the data, which a threat analyst with cybersecurity provider Emsisoft, said is available for viewing and download by any user on that system.  "The info is out there, and while at the moment it's on the dark web,

The US government and several other countries have been grappling with a key question over the last year: Should ransomware payments be banned, with select waivers available for special situations?

Speaking at a Ransomware Task Force event on Friday, White House Deputy National Security Adviser Anne Neuberger said ransomware payment bans have been a topic of discussion among members of the Counter Ransomware Initiative, which she said has evolved rapidly since it was created in 2021.

According t

During the dark days of COVID-19, the transfer from office to remote working cybersecurity was often neglected so that businesses could just “stay in business.”  Even after a couple years, common sense tells us that companies would have caught up with cybersecurity.  There are three business scenarios: those that have been attacked, those that do not know they have been attacked, and those that are going to be attacked. 

The risks are high with research showing the average cost of an IT security

The German IT service provider BITMARCK announced on 30 April it had taken all its systems offline due to a cyberattack.  The incident impacted statutory health insurance companies that have their IT operated by BITMARCK.  The company immediately reported the incident to the responsible authorities.[1]

The company did not disclose details about the attack, it launched an investigation into the incident with the help of external cybersecurity experts.

“BITMARCK has identified a cyber-attack.  Our

UNIZA Ransomware - Researchers recently came across a new ransomware variant called UNIZA.  Like other ransomware variants, it encrypts files on victims’ machines to extort money.  

It uses the Command Prompt (cmd.exe) window to display its ransom message, and interestingly, it does not append the filename of the files it encrypts, making it more difficult to determine which files have been impacted.[1]

Infection Vector - Information on the infection vector used by the UNIZA ransomware threat ac

Ransomware, which was a novelty just a few years ago, is now endemic.  We will have to learn to live with the malicious file-encrypting code, even as we all struggle to limit it.  Why this matters: Ransomware attacks, which take an organization's data hostage and shut down its systems until the hackers receive payment, have exacted an escalating price on law enforcement, policymaking and financial resources around the world.

Ransomware remains the top cyber threat on the minds of cyber defenders