Krebs on Security

MARCH 5, 2024

healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. BlackCat is known as a “ransomware-as-service” collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. There are indications that U.S.

Healthcare 358

Healthcare Ransomware Scams Government 358

Schneier on Security

AUGUST 19, 2024

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary: Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed.

Ransomware 282

Ransomware Accountability 282

Schneier on Security

JULY 8, 2021

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision. The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.”

Ransomware 359

Ransomware Malware Firewall Encryption 359

Schneier on Security

JULY 26, 2021

Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. This is where the suggestion to ban cryptocurrencies as a way to “solve” ransomware comes from. ” There is no single silver bullet to disrupt either cryptocurrencies or ransomware.

Ransomware 363

Ransomware Cryptocurrency Banking Accountability 363

Joseph Steinberg

JUNE 9, 2022

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. The ransomware attack on Tenafly’s school system is a reminder of a sad, ironic, reality.

Ransomware 362

Ransomware Artificial Intelligence Education Cybercrime 362

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. This is not an idle concern.

Ransomware 334

Ransomware Encryption Backups Manufacturing 334

Krebs on Security

SEPTEMBER 15, 2021

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. ET: TTEC confirmed a ransomware attack. Update, 6:20 p.m.

Ransomware 355

Ransomware Banking Cryptocurrency Media 355

Krebs on Security

APRIL 18, 2022

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But according to Microsoft and an advisory from the U.S. National Security Agency (NSA).

Healthcare 317

Healthcare Ransomware Cybersecurity Malware 317

Schneier on Security

MARCH 29, 2024

You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but.

Ransomware 312

Ransomware 312

Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware against the Metropolitan Police Department in Washington, D.C.

Ransomware 297

Ransomware Cybercrime VPN Healthcare 297

Krebs on Security

DECEMBER 19, 2023

Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. BlackCat formed by recruiting operators from several competing or disbanded ransomware organizations — including REvil , BlackMatter and DarkSide.

Ransomware 296

Ransomware Cybercrime Advertising Encryption 296

Lohrman on Security

DECEMBER 19, 2021

2021 will be remembered as the most disruptive year so far when it came to cyber attacks, with ransomware impacting businesses and governments — including critical infrastructure — as never before.

Ransomware 323

Ransomware Cyber Attacks Government 323

Lohrman on Security

NOVEMBER 7, 2021

Not only is ransomware the top cybersecurity story in 2021, but new twists, turns and countermeasures keep coming. Here are the latest headlines and what news you need.

Ransomware 336

Ransomware Cybersecurity 336

Lohrman on Security

JULY 21, 2024

Several recently released cyber industry reports show steady or growing ransomware numbers in 2024 so far, and impacts on business and government have never been greater.

Ransomware 262

Ransomware Government 262

Krebs on Security

SEPTEMBER 18, 2023

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The 8Base ransomware group’s victim shaming website on the darknet.

Ransomware 281

Ransomware Accountability Encryption Internet 281

Krebs on Security

MAY 31, 2022

Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti.

Ransomware 301

Ransomware Government Hacking Media 301

Schneier on Security

NOVEMBER 21, 2022

“If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files!

Encryption 278

Encryption Ransomware Advertising Cybersecurity 278

Tech Republic Security

JULY 10, 2024

Read about the new Cisco Talos report on the top ransomware groups’ techniques and learn how to mitigate this cybersecurity risk. Cisco Talos observed the TTPs used by 14 of the most prevalent ransomware groups based on their volume of attack, impact to customers and atypical behavior.

Ransomware 202

Ransomware Risk Cybersecurity Social Engineering 202

Tech Republic Security

NOVEMBER 27, 2024

Blue Yonder, a prominent supply chain software provider, has been targeted in a ransomware attack, leading to disruption at major retail outlets.

Ransomware 181

Ransomware Retail Software Cyber Attacks 181

Tech Republic Security

OCTOBER 17, 2024

Attackers launched 600 million cybercriminal and nation-state threats on Microsoft customers daily, including ransomware attacks, in the last year, according to the tech giant.

Ransomware 200

Ransomware Artificial Intelligence Software 200

Security Affairs

DECEMBER 4, 2024

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack.

Ransomware 132

Ransomware Telecommunications Healthcare Insurance 132

Tech Republic Security

MAY 17, 2024

Read about Black Basta ransomware’s impact and how to mitigate it. Plus, learn about recent ransomware trends.

Ransomware 202

Ransomware Big data Cybersecurity 202

Tech Republic Security

MAY 30, 2024

The ShrinkLocker ransomware exploits the BitLocker feature on enterprise PCs to encrypt the entire local drive and remove recovery options.

Encryption 207

Encryption Ransomware Software Malware 207

Schneier on Security

MAY 18, 2021

A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed.

Ransomware 362

Ransomware Malware Cybercrime 362

Tech Republic Security

APRIL 12, 2024

Research has found that criminals can demand higher ransom when they compromise an organisation’s backup data in a ransomware attack. Discover advice from security experts on how to properly protect your backup.

Backups 203

Backups Ransomware Cybersecurity 203

Tech Republic Security

AUGUST 20, 2024

ThreatDown 2024 Report: Malwarebytes reveals ransomware trends, showing most attacks occur at night when security staff are off duty.

Ransomware 195

Ransomware 195

Tech Republic Security

JUNE 27, 2024

This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and LockBit, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.

Ransomware 193

Ransomware Phishing Software Cybersecurity 193

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware 131

Ransomware Hacking Accountability Cyber Attacks 131

Tech Republic Security

FEBRUARY 20, 2024

The enforcement action is a major blow against the ransomware-as-a-service provider, which has been connected to 2,000 victims globally.

Ransomware 203

Ransomware Software 203

Lohrman on Security

JULY 18, 2021

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others?

Government 363

Government Cyber Attacks Ransomware 363

Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware 137

Ransomware Backups Small Business Malware 137

Tech Republic Security

JULY 31, 2024

The CVE-2024-37085 vulnerability is present in VMware ESXi hypervisors and has been used to deploy ransomware, according to Microsoft.

Ransomware 182

Ransomware Cybersecurity 182

Tech Republic Security

OCTOBER 17, 2024

This indicates that the most prominent ransomware groups are succumbing to law enforcement takedowns, according to researchers from Cyberint.

Ransomware 175

Ransomware Cyber Attacks Cybersecurity 175

Security Affairs

DECEMBER 3, 2024

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation. No ransomware gang has claimed responsibility for the attack. million year-to-date.

Ransomware 126

Ransomware Encryption Technology Cybersecurity 126

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime 122

Cybercrime Ransomware Healthcare Education 122