Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the gro...

US healthcare organizations targeted by Daixin Team ransomware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Daixin Team ransomware, and data extortion group has been gaining initial access to victims through virtual private networks VPN servers since June 2022, either by exploiting an unpatched vulnerability in...

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, QuantumLocker, and Zeppelin,...

Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company

The Hive ransomware-as-a-service RaaS group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated...

CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH...

#StopRansomware: Daixin Team

CISA, the Federal Bureau of Investigation FBI, and the Department of Health and Human Services HHS have released a joint Cybersecurity Advisory CSA, StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the...

19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam

The Australian Federal Police AFP has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. The suspect is said to have carried out a text message blackmail scam, demanding that the recipient...

Ransomware-affected school district refuses to pay, gets stolen data released

Data stolen from Los Angeles Unified School District has been leaked online, after staff refused to pay the ransom related to a ransomware attack. The attackers threatened to release the data if the ransom wasn't paid, and so release it they did. The double extortion tactic Threatening to release...

Optus data breach "attacker" says sorry, it was a mistake

Since Australian telecoms company Optus disclosed a security breach on September 22, 2022, a lot has been happening. Much of it reads like a movie script. Prologue A hacker acting under the pseudonym "optusdata" claims to have stolen the data of 10 million Optus customers. The information include...

Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme

The Australian Federal Police AFP on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged...

Preventing Cryptocurrency Cyber Extortion

Highly destructive cybercrime is on the rise, and most of it is being funded with anonymous cryptocurrency. Discover cryptocurrency trends and how enterprises can enhance their cybersecurity posture to prevent cyber extortion...

Emotet Botnet Started Distributing Quantum and BlackCat Ransomware

The Emotet malware is now being leveraged by ransomware-as-a-service RaaS groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware...

Lorenz Ransomware Exploit Mitel VoIP Systems to Breach Business Networks

The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. "Initial malicious activity originated from a Mitel appliance sitting...

Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

Summary Actions to take today to protect against ransom operations: • Keep systems and software updated and prioritize remediating known exploited vulnerabilities. • Enforce MFA. • Make offline backups of your data. This joint Cybersecurity Advisory CSA is the result of an analytic effort among t...

Iranian Islamic Revolutionary Guard Corps Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

CISA, Federal Bureau of Investigation FBI, National Security Agency NSA, U.S. Cyber Command USCC - Cyber National Mission Force CNMF, Department of the Treasury, Australian Cyber Security Centre ACSC, Canadian Centre for Cyber Security CCCS, and United Kingdom’s National Cyber Security Centre NCS...

Ransomware review: August 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. As expected, LockBit remaine...

#StopRansomware: Vice Society

Note: This joint Cybersecurity Advisory CSA is part of an ongoing StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These StopRansomware advisories include recently and historically observed tactics, techniques,...

Vice Society actors target K-12 institutions in US

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Vice Society is an extortion hacking group that emerged in the summer of 2021. The Vice Society does not use a specific ransomware variant. Instead, they used variants of Hello Kitty, Five Hands, and...

The LockBit Ransomware Gang Is Surprisingly Professional

This article makes LockBit sound like a legitimate organization: The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom. LockBitSupp said that the ransomware...

Chile government’s Windows and Linux servers hit by RedAlert ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chilean Ministry of Interior asserted that RedAlert ransomware aka N13V attack had disrupted the operations and online services of a government agency in the country. In classic double-extortion...