Stolen Canvas data was “returned” after hacker agreement, Instructure says

The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage. Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering...

Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023

Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by...

The 2024 Ransomware Landscape: Looking back on another painful year

The ransomware landscape in 2024 continued to evolve at a rapid pace, outgrowing many of the trends we saw in 2023. Threat actors remained relentless and innovative, targeting organizations of all sizes and sectors. In this post, we’ll examine the latest data points, discuss notable groups, and...

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is...

Clorox counts the cost of cyberattack

Cleaning products maker Clorox has reported losses of $49 million in connection to a cyberattack it suffered in August of last year. On Monday, August 14, 2023, Clorox disclosed it had identified unauthorized activity on some of its IT systems. Despite a business continuity plan, the incident...

2023 Ransomware Stats: A Look Back To Plan Ahead

Last year was not a year for the faint of heart. Organizations of every size found themselves faced with ransomware attacks at varying levels of sophistication, yet every one of them was damaging. And as we step into 2024, the first victims of ransomware attacks are already being reported. What c...

A week in security (October 16 - October 22)

Last week on Malwarebytes Labs: Ragnar Locker ransomware group taken down IT administrators' passwords are awful too The hot topics from Europe's largest trade fair for IT security Clever malvertising attack uses Punycode to look like KeePass's official website 3 crucial security steps people...

What’s the point of press releases from threat actors?

Welcome to this weeks edition of the Threat Source newsletter. As a former reporter, Ive seen my fair share of press releases. But one from a threat actor was definitely a new one for me last week. ALPHV aka BlackCat publicly took credit for a massive cyber attack against MGM, a resort, gambling...

Play ransomware gang compromises Spanish bank, threatens to leak files

Ransomware is creating additional work for a major Spanish bank. Globalcaja, said to have more than 300 offices in Spain and close to half a million customers, has fallen victim to the Play ransomware gang. The gang claim to have swiped both private and personal information in the attack--includi...

ION starts bringing customers back online after LockBit ransomware attack

ION Group, a financial software firm, is reportedly beginning to bring clients back online after being hit by a ransomware attack late last week. The Russian-linked LockBit ransomware group claimed responsibility for attacking a division of ION Group, which affecting 42 clients in Europe and the...

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, QuantumLocker, and Zeppelin,...

A Guide to Surviving a Ransomware Attack

Surviving ransomware is possible with a combination of preparation and intentionality. Often, there is a misguided characterization of ransomware attacks that implies defenders either completely thwart an attack or that attackers establish complete control of their targets’ IT infrastructure. But...

Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak

The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is the second most prevalent malware stra...

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

The ransomware business is booming, and feeble corporate security and a flourishing ransomware-as-a-service RaaS affiliate market are to blame, researchers say. Access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers and RaaS tools can turn everyday petty...

This Week in Security News – October 1, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about Zloader, a notable recent ZBOT variant. Also, read on a recently introduced bill that would mandate ransom payment reporting...

This Week in Security News – October 1, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about Zloader, a notable recent ZBOT variant. Also, read on a recently introduced bill that would mandate ransom payment reporting...

The True Impact of Ransomware Attacks

One of the most damaging myths about ransomware attacks is, “If your company does regular system backups, you don’t have to worry. Just restore from the backup.” While system backups are crucial — power outages, natural disasters, or even mistakes by employees can destroy data just as quickly as ...

Design/Logic Flaw

DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings...

Embryology Data Breach Follows Fertility Clinic Ransomware Hit

A fertility clinic serving the Atlanta area has been hit with a ransomware attack that also exposed private health information for 38,000 of its patients. Reproductive Biology Associates RBA, along with its affiliate My Egg Bank North America, is a well-known pioneer in in-vitro fertilization IVF...

Exclusive Ransomware Poll: 80% of Victims Don’t Pay Up

Ransomware is on the rise, but what toll does it take on the real world? Threatpost set out to answer that question in an exclusive poll aimed at taking the pulse of organizations wrestling with attacks, including looking at mitigations and the defenses organizations have in place. When viewed...