X-Industry

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

Note: this Recorded Future Ransomware Tracker is updated on the second Sunday of each month to stay current.  The number of victims posted on ransomware extortion sites increased in May, with ransomware gangs publicly claiming more than 400 attacks in a month for the second time this year. 

The uptick was fueled in large part by the Russia-linked LockBit ransomware group, which posted 74 victims to its extortion site in May.  The group has become far and away the most active ransomware gang, wit

Cyber threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware designed to capture sensitive data from infected hosts.  The threat actor behind this Ransomware-as-a-Service (RaaS) promotes its offering on forums where it requests a share of profits from those engaging in malicious activities using its malware.

Cyclops ransomware is notable for targeting all major desktop operating systems, including Windows, macOS, and Linux.  It is also des

Partial encryption is a growing trend in the world of ransomware, but with it comes the potential for data recovery on affected files.  We’ll give an overview here on what the term “partial encryption” means.  It is perhaps more accurate to say, “intermittent encryption,” but even so, it will be important to understand this recent trend in how many ransomware infections operate.  From there, we’ll introduce White Phoenix, the freely available tool developed by CyberArk which can be used on part

Cyber security researchers infiltrated the Qilin ransomware group, gaining an inside look at how the gang functions and how it rewards affiliates for attacks.  The ransomware-as-a-service group (RaaS), also known by the name “Agenda”, initially emerged in July 2022, attacking a slate of healthcare organizations, tech companies and more across the world.  They have victimized at least 12 organizations since July 2022 from Canada, the US, Colombia, France, Netherlands, Serbia, the United Kingdom a

The ransomware group Play, which is taking credit for the hacking of Lowell Massachusetts municipal network on 24 April.  Play has released 5 gigabytes of data from that theft and posted it to the dark web.

The cybercriminal group, which has been active since last year, posted a link to the data, which a threat analyst with cybersecurity provider Emsisoft, said is available for viewing and download by any user on that system.  "The info is out there, and while at the moment it's on the dark web,

The US government and several other countries have been grappling with a key question over the last year: Should ransomware payments be banned, with select waivers available for special situations?

Speaking at a Ransomware Task Force event on Friday, White House Deputy National Security Adviser Anne Neuberger said ransomware payment bans have been a topic of discussion among members of the Counter Ransomware Initiative, which she said has evolved rapidly since it was created in 2021.

According t

During the dark days of COVID-19, the transfer from office to remote working cybersecurity was often neglected so that businesses could just “stay in business.”  Even after a couple years, common sense tells us that companies would have caught up with cybersecurity.  There are three business scenarios: those that have been attacked, those that do not know they have been attacked, and those that are going to be attacked. 

The risks are high with research showing the average cost of an IT security

The German IT service provider BITMARCK announced on 30 April it had taken all its systems offline due to a cyberattack.  The incident impacted statutory health insurance companies that have their IT operated by BITMARCK.  The company immediately reported the incident to the responsible authorities.[1]

The company did not disclose details about the attack, it launched an investigation into the incident with the help of external cybersecurity experts.

“BITMARCK has identified a cyber-attack.  Our

UNIZA Ransomware - Researchers recently came across a new ransomware variant called UNIZA.  Like other ransomware variants, it encrypts files on victims’ machines to extort money.  

It uses the Command Prompt (cmd.exe) window to display its ransom message, and interestingly, it does not append the filename of the files it encrypts, making it more difficult to determine which files have been impacted.[1]

Infection Vector - Information on the infection vector used by the UNIZA ransomware threat ac

Ransomware, which was a novelty just a few years ago, is now endemic.  We will have to learn to live with the malicious file-encrypting code, even as we all struggle to limit it.  Why this matters: Ransomware attacks, which take an organization's data hostage and shut down its systems until the hackers receive payment, have exacted an escalating price on law enforcement, policymaking and financial resources around the world.

Ransomware remains the top cyber threat on the minds of cyber defenders

EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service.  It was developed by Kodex, which claims it is an educational tool. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info stealer.

Based on our traffic source data to the host, evilextractor[.]com, malicious activity increased si

US payments company NCR Corporation https://www.ncr.com  confirmed on 15 April 2023 that a data center outage resulted from a ransomware attack.  A well-known ransomware group has taken credit for the attack. NCR first reported investigating an “issue” related to its Aloha restaurant Point-of-Sale (PoS) product on 12 April 2023.   The company said a limited number of ancillary Aloha applications for a subset of its hospitality customers had been impacted by an outage at a single data center.  “O

A veteran cybercriminal has revealed what is really on the dark web - where hackers, hitmen and drug dealers run wild.

The source, who has spoken anonymously, explained how hackers use ransomware to steal data for large payouts or 'to just see the world burn' and explained that any system connected to the web is at risk of an attack.[1]

'I've watched hospitals get encrypted and people are left with a choice: do I pay to decrypt the data or do I risk lives?' the man said while donning a mask to c

The Iranian nation-state group known as MuddyWater has been observed directing destructive attacks on hybrid environments under the guise of a ransomware operation.  The name is not to be confused with McKinley Morganfield (April 4, 1913 – April 30, 1983), known professionally as Muddy Waters, was an American blues singer and musician.  Iran could be singing the blues if they keep this up.

According to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor ta

Kaspersky has identified a new trend in phishing techniques, with threat actors increasingly utilizing Telegram to automate their activities and provide various services.  In a recent advisory, Kaspersky, one of their web content analysts, revealed that phishers create Telegram channels to educate their audience about phishing and share links to these channels via YouTube, GitHub, and phishing kits.  Many channels offer tools to automate malicious workflows, such as generating phishing pages or

Healthcare companies are using electronic records and tapping digital services more than ever.  That is also creating more opportunities for cybercriminals, who already have exposed the private medical information of millions of patients and bolsters the case for the industry to make security priority No. 1, experts say.  Healthcare breaches have exposed 385 million patient records from 2010 to 2022, federal records show, though individual patient records could be counted multiple times.

Hacking