X-Industry

A known ransomware group claims to have breached the systems of Kraft Heinz, but the food company says it cannot verify the cybercriminals’ allegations.  The ransomware group named Snatch publicly named Kraft Heinz on its website on 14 December 2023, but the post appears to have been created on 16 August 2023, which indicates that the attack occurred months ago.

See:  https://redskyalliance.org/xindustry/snatch-ransomware

Snatch ransomware first appeared in 2018 and was formerly called Team Trun

Microsoft’s spokesman announced on 13 December 2023 the disruption of Storm-1152, a Cybercrime-as-a-Service (CaaS) ecosystem that created 750 million fraudulent Microsoft accounts supporting phishing, identity theft, and other schemes.  The CaaS is believed to have made millions of dollars in illicit revenue by creating fraudulent accounts for other cybercrime groups to use in phishing, spam, ransomware, Distributed Denial-of-service (DDoS), and other types of attacks.

See:  https://redskyallian

Ransomware isn’t new, yet organizations still struggle to guard against this threat.  According to the Fortinet 2023 Global Ransomware Report, in 12 months, two-thirds of organizations were targeted by ransomware, with half of those falling victim to an attack.  As attackers advance their tactics, security and IT leaders must prepare for the inevitability of a ransomware attack.  It is no longer a matter of “if” a business will be breached but “when.”  Along with business leaders, those in the C

Just three months after the National Credit Union Administration (NCUA) put into place a final rule requiring federally chartered and federally insured credit unions to notify NCUA of a "reportable cyber incident," about 60 credit unions in the United States experienced outages because of a ransomware attack on an IT provider the institutions use, according to a US federal agency.  The final NCUA rule went into effect on 01 September 2023, requiring that affected credit unions should notify the

The ransomware strain known as Play is now being offered to other threat actors "as a service."  The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the Ransomware-as-a-Service (RaaS) and are following step-by-step instructions from playbooks delivered with it.

Cybercriminals are increasingly finding it just as lucrative to hire their toolkits out to other crooks so they can launch attacks of their own.  Investigator

“We’re open for everyone,” announces a brightly colored sign welcoming visitors to the British Library.  But inside the airy building beside London’s St Pancras Station, not everyone can get what they want.  Not since the library was struck by cyber criminals at the end of last month.  The ransomware attack, carried out by a group known for such activity, has knocked out the website of the UK’s national library.  It has also taken down the WiFi, upon which the crowds who come here to work rely. 

A well-known ransomware group has recently filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself. 

The ransomware group known as Alphv and BlackCat claims to have breached the systems of MeridianLink, https://www.meridianlink.com  a California-based company that provides digital lending solutions for financial institutions and consumer data verificatio

A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection.  GootLoader is a stealthy malware classified as a first-stage downloader designed to attack Windows-based systems.  It is considered an Initial-Access-as-a-Service (IAaaS) tool used within a ransomware-as-a-service (RaaS) criminal business model.  The GootLoader group's introduction of their custom bot into the late stages of their attack chain is an at

RanswomwareWhen researchers responded to an ad to join up with a Ransomware-as-a-Service (RaaS) operation, they wound up in a cybercriminal job interview with one of the most active threat actors in the affiliate business, who turns out to be behind at least five different strains of ransomware.  Meet "farnetwork," who was unmasked after giving over too many specifics to a Group-IB threat researcher pretending to be a potential affiliate for the Nokoyawa ransomware group.  The cybercriminal is a

According to cyber threat professionals, every 11 seconds an organization falls victim to a ransomware attack.  In today's interconnected world, cybersecurity looms as an ever-present concern that organizations can no longer afford to sideline. A 48% increase in cyber risk last year should serve as a wake-up call to all business managers.  Whether a business pays hackers a ransom or not, there are significant costs involved which will include items such as digital forensics and data restoration,

When I review the cybersecurity e-newsletters, the unsolicited vendors, and PR pitches offering solutions and commentary related to breaches, it is clear that the bad actors do not care which industries they affect.  Their goals are to disrupt, and if they can get some ransom money in the process or make it difficult for organizations to function normally, especially if they are friendly to their political foes, they are more than happy to do it for fun and profit.[1]

Here are some companies fro

This Fortiguard article in the Ransomware Roundup covers the Knight ransomware.

Knight Ransomware Overview: 
Knight is a relatively new ransomware group that arrived in August 2023. Like many attackers, the gang behind this variant employs double extortion tactics, where the Knight ransomware encrypts files on victims’ machines and exfiltrates data for extortion purposes.

The predecessor of Knight, Cyclops, had multi-OS tools for Windows, Linux, and Mac OS. So, while FortiGuard Labs had only loc

The RagnarLocker ransomware’s infrastructure and the website the group used for shaming victims were taken down this week as part of a coordinated law enforcement effort.  Active since 2020, RagnarLocker has been involved in numerous attacks, with at least 52 entities across 10 critical infrastructure sectors falling victims to this ransomware family, according to data from the Federal Bureau of Investigation (FBI).

See:  https://redskyalliance.org/xindustry/ragnar-locker-ransomware

Unlike other

Last year, Forbes wrote a scary article about facts and patterns that applied to Halloween and Cybersecurity Awareness Month of October.[1]  After another year, the online environment and digital dangers are still unsettling, if not scarier.  So, exploring some of the stats and trends is time again.

“In 2023, the World Economic Forum, for the first time, ranked cybercrime and cybersecurity as one of the top ten global risks over a 2-year and 10-year period.  Legislation in the US and Europe is m

The hackers behind the ransomware attack that crippled operations at MGM Resorts are “one of the most dangerous financial criminal groups” currently operating, researchers at Microsoft said last week.  In a blog, the researchers explained the tactics used by Octo Tempest, a group also known as Scattered Spider, 0ktapus or UNC3944.

The group has been in the limelight since its attack on MGM Resorts left parts of Las Vegas paralyzed for days and cost the casino giant an estimated $100 million.  Th

In a world driven by connectivity and digitalization, the maritime industry is not immune to the growing threat of cyberattacks.  A recent report by Thetius, law firm HFW, and maritime cybersecurity company CyberOwl reveals a sobering truth: the average cost of a cyberattack in the maritime sector has soared to $550,000, a threefold increase from $182,000 in 2022.  Moreover, ransom demands have skyrocketed by more than 350%, with an average payment of $3.2 million, up from $3.1 million the previ

CYBERSECURITY BEST PRACTICES, MALWARE, PHISHING, AND RANSOMWARE, CYBER THREATS AND ADVISORIES

The link below provides is document is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.  This publication was developed through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in the Cyber Incident Reporting

The United States and United Arab Emirates (UAE) have finalized an agreement that sets out how the two countries will cooperate on cybersecurity and digital resilience.  The memorandum of understanding signed by the Treasury Department and the UAE’s Cyber Security Council calls for increased information sharing about digital threats to the financial sector; more staff training and visits; and “competency-building activities” like joint online exercises, according to the Treasury.[1]

“As cyber-at

Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats last Friday; yes Friday the 13^th.  The company, which runs the largest pipeline system for refined oil products in the US, addressed claims made by the Ransomed.vc gang that data had been stolen from their systems.

“Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party.  After wor

US Authorities have shared a joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.  #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.  Visit stopransomware.gov to see all #StopRansomware advisories and to learn