North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that Microsoft Threat Intelligence Center MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and h...

BlackCat Ransomware group implements quadruple extortion

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The BlackCat ransomware group performs quadruple extortion techniques to pressurize victims in order to pay ransom. Recently, the ransomware group has raised its stakes up to $2.5M in demands...

Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets

LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. "The affiliates that use LockBit's services conduct their attacks according to their preference and use different tools...

Report: Brazil must do more to encrypt, back up data

Federal government organisations in Brazil may need to reassess their approach to cyberthreats, according to a new report by the countrys Federal Audit Court. It outlines multiple key areas of concern across 29 key areas of risk. One of the biggest problems in the cybercrime section of the report...

Bronze Starlight uses loader malware to deploy ransomware

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Bronze Starlight, a Chinese APT, is deploying ransomware LockFile, AtomSilo, Rook, Night Sky, and Pandora via the HUI loader malware to carry out double extortion...

RansomHouse claims to have stolen at least 450GB of AMD’s data

AMD is investigating the claim that the RansomHouse extortion group has its hands on more than 450GB of the companys data. AMDs breach revelation came to light after RansomHouse teased on Telegram about selling data belonging to a popular three-letter company that starts with the letter A. The...

Ex-Canadian Government Employee Pleads Guilty Over NetWalker Ransomware Attacks

A former Canadian government employee this week agreed to plead guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate. Sebastien Vachon-Desjardins, who was extradited to the U.S. on March 10, 2022, is accused of conspiracy to commit computer fraud and wi...

For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma

Welcome to the second installment in our series looking at the latest ransomware research from Rapid7. Two weeks ago, we launched "Pain Points: Ransomware Data Disclosure Trends", our first-of-its-kind look into the practice of double extortion, what kinds of data get disclosed, and how the...

LGBTQ+ community targeted by extortionists who threaten to publish nudes

The FTC Federal Trade Commission has warned the LGBTQ+ community about extortionists posing as potential romantic partners on Grindr and Feeld. The scammers send their targets explicit photos and then ask for them to reciprocate. If they do, targets are then blackmailed into paying a ransom,...

Cybersecurity Experts Warn of Emerging Threat of "Black Basta" Ransomware

The Black Basta ransomware-as-a-service RaaS syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window. "Black Basta has been observed targeting a range of...

BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers

Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks. Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, followed by carrying out...

New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers

Ransomware is one of the most pressing and diabolical threats faced by cybersecurity teams today. Gaining access to a network and holding that data for ransom has caused billions in losses across nearly every industry and around the world. It has stopped critical infrastructure like healthcare...

Ransomware Group Debuts Searchable Victim Data

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally...

Karakurt extortion group: Threat profile

The FBI Federal Bureau of Investigation, together with CISA Cybersecurity and Infrastructure Security Agency and other federal agencies, recently released a joint cybersecurity advisory CSA about the Karakurt data extortion group also known as Karakurt Team and Karakurt Lair. Like RansomHouse,...

The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...

The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...

Defending Against Tomorrow's Threats: Insights From RSAC 2022

The rapidly changing pace of the cyberthreat landscape is on every security pro's mind. Not only do organizations need to secure complex cloud environments, they're also more aware than ever that their software supply chains and open-source elements of their application codebase might not be as...

HelloXD Ransomware Installing Backdoor on Targeted Windows and Linux Systems

Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site;...

Black Basta Ransomware Teams Up with Malware Stalwart Qbot

A newcomer on the ransomware scene has coopted a 14-year-old malware variant to help it maintain persistence on a targeted network in a recent attack, researchers have found. Black Basta, a ransomware group that emerged in April, leveraged Qbot, a.k.a. Quakbot, to move laterally on a compromised...

Connected Healthcare: A Cybersecurity Battlefield We Must Win

Connected Healthcare: A Cybersecurity Battlefield We Must Win By Charles McFarland · June 6, 2022 We are commonly taught to prioritize the most critical, severe, or impactful tasks when trying to conquer a list of intimidating problems. Yet, how is this possible when presented with two tasks of...