Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

Leaked Babuk ransomware builder code lives on as RA Group

The bones of long gone ransomware group Babuk continue to rattle in the breeze, in the form of reused code. Researchers from Cisco Talos have named this new team the "RA Group", a ransomware collective which may have only been up and running since last month. Babuk famously threatened to leak law...

China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan

China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan By Daksh Kapur, Leandro Velasco · May 17, 2023 Figure 1 image from freepik.com “In the past few years, we noticed that geopolitical conflicts are one of the main drivers for cyber-attacks on a variety of industries and institutions...

Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts

Ransomware affiliates associated with the Qilin ransomware-as-a-service RaaS scheme earn anywhere between 80% to 85% of each ransom payment, according to new findings from Group-IB. The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details about the...

Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts

Ransomware affiliates associated with the Qilin ransomware-as-a-service RaaS scheme earn anywhere between 80% to 85% of each ransom payment, according to new findings from Group-IB. The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details about the...

#StopRansomware: BianLian Ransomware Group

Actions to take today to mitigate cyber threats from BianLian ransomware and data extortion: 1. Strictly limit the use of RDP and other remote desktop services. 2. Disable command-line and scripting activities and permissions. 3. Restrict usage of PowerShell and update Windows PowerShell or...

CISA and Partners Release BianLian Ransomware Cybersecurity Advisory

CISA, the Federal Bureau of Investigation FBI, and the Australian Cyber Security Centre ACSC have released a joint Cybersecurity Advisory CSA with known BianLian ransomware and data extortion group technical details. Microsoft and Sophos contributed to the advisory. To reduce the likelihood and...

Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code

Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023. The actor is swiftly expanding its operations. To date, the group has compromised three organizations in the U.S. and one in South Korea across several business verticals,...

New Ransomware Gang RA Group Hits U.S. and South Korean Organizations

A new ransomware group known as RA Group has become the latest threat actor to leverage the leaked Babuk ransomware source code to spawn its own locker variant. The cybercriminal gang, which is said to have been operating since at least April 22, 2023, is rapidly expanding its operations, accordi...

New Ransomware Gang RA Group Hits U.S. and South Korean Organizations

A new ransomware group known as RA Group has become the latest threat actor to leverage the leaked Babuk ransomware source code to spawn its own locker variant. The cybercriminal gang, which is said to have been operating since at least April 22, 2023, is rapidly expanding its operations, accordi...

Former Ubiquiti Employee Gets 6 Years in Jail for $2 Million Crypto Extortion Case

A former employee of Ubiquiti has been sentenced to six years in jail after he pleaded guilty to posing as an anonymous hacker and a whistleblower in an attempt to extort almost $2 million worth of cryptocurrency while working at the company. Nickolas Sharp, 37, was arrested in December 2021 for...

Former Ubiquiti Employee Gets 6 Years in Jail for $2 Million Crypto Extortion Case

A former employee of Ubiquiti has been sentenced to six years in jail after he pleaded guilty to posing as an anonymous hacker and a whistleblower in an attempt to extort almost $2 million worth of cryptocurrency while working at the company. Nickolas Sharp, 37, was arrested in December 2021 for...

CACTUS ransomware evades antivirus and exploits VPN flaws to hack networks

By Deeba Ahmed CACTUS ransomware operators target large-scale commercial organizations with double extortion to steal sensitive data before encryption. This is a post from HackRead.com Read the original post: CACTUS ransomware evades antivirus and exploits VPN flaws to hack networks...

A New Akira Ransomware Targets Multiple Industries and Demands Millions in Extortion

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Akira ransomware is a new threat targeting corporate networks and has already attacked several companies in various industries, stealing their data and demanding ransom from $200,000 to millions of...

New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks

Cybersecurity researchers have shed light on a new ransomware strain called CACTUS that has been found to leverage known flaws in VPN appliances to obtain initial access to targeted networks. "Once inside the network, CACTUS actors attempt to enumerate local and network user accounts in addition ...

Western Digital Confirms Customer Data Stolen by Hackers in March Breach

Digital storage giant Western Digital confirmed that an "unauthorized third party" gained access to its systems and stole personal information belonging to the company's online store customers. "This information included customer names, billing and shipping addresses, email addresses and telephon...

To fight cyber extortion and ransomware, shift left

How can organizations defend themselves more effectively against ransomware and other forms of cyber extortion? By “shifting left” and adopting proactive cybersecurity strategies to detect attacks sooner, mitigating breaches before they cause harm...

A New CrossLock Ransomware Threat with Cross-Platform Capabilities and Double Extortion Techniques

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CrossLock ransomware, implemented in Go programming language, uses double extortion technique to encrypt and exfiltrate data, posing a significant threat to businesses and organizations. To receive...

Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors TAs using built-in data exfiltration methods like living off the...

Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors TAs using built-in data exfiltration methods like living off the...