Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme

In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other ransomware families that previously targeted NAS devices...

Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks

As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns. Called Ransomware for IoT or R4IoT by Forescout, it's a "novel, proof-of-concept ransomware that exploits an IoT...

Karakurt Data Extortion Group

CISA, the Federal Bureau of Investigation FBI, the Department of Treasury, and the Financial Crimes Enforcement Network FinCEN have released a joint Cybersecurity Advisory CSA to provide information on the Karakurt data extortion group. Karakurt actors steal data and threaten to auction it off or...

Threat profile: RansomHouse makes extortion work without ransomware

Cybersecurity is an industry known for many hats: white hats, black hats, and grey hats. White hats refer to "the good people" in the industry for those who are not in the know. They are malware analysts, security researchers, and penetration testers. Black hats are the opposite of white hats, an...

The Myths of Ransomware Attacks and How To Mitigate Risk

Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks — a threat that 57% of security leaders expect to be compromised by...

DEA Investigating Breach of Law Enforcement Data Portal

The U.S. Drug Enforcement Administration DEA says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment...

Everything We Learned From the LAPSUS$ Attacks

In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including: T-Mobile April 23, 2022 Globant Okta Ubisoft Samsung Nvidia Microsoft Vodafone In addition to these attacks, LAPSUS$ was also able to...

New ransomware trends in 2022

Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop...

New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity

The notorious ransomware operation known as REvil aka Sodin or Sodinokibi has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the...

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities. That depth of...

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities. That depth of...

U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers

The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convi...

Ransomware: April 2022 review

The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022 was most notable for the emergence of three new ransomware-as-a-service RaaS groups—Onyx, Mindwar...

Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims

An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques. In one exchange, the Conti Team is said to have significantly...

Hackers fool major tech companies into handing over data of women and minors to abuse

Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had...

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the...

Researchers Share In-Depth Analysis of PYSA Ransomware Group

An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like ...

Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web

Researchers have found financial and technological links between the Karakurt cybercriminal group and two high-profile ransomware actors that signal a shift in business operations and an expansion of opportunities for the threat actors to target victims, they said. Karakurt—a financially motivate...

Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity

Cybersecurity researchers have uncovered further links between BlackCat aka ALPHV and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group,...

Lack of Limit on amount Allows Borrowers To Be Extorted For Interest Payments

Lines of code Vulnerability details Impact There is on limit on the upper bounds on the amount a lender may send to a borrower. Borrowers will then be forced to pay interest and facilitators fee on the full amount loaned. The impact for a borrower is that they may be forced to repay significantly...