The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.

Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.

Duvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilities

The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), which are from incident response investigations tied to Phobos ransomware activity from as recently as February, 2024.

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware.

"Structured as a ransomware-as-a-service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and critical infrastructure to successfully ransom several million in U.S. dollars," the government said.

website used by hackers responsible for a breach at UnitedHealth Group (UNH.N), opens new tab has been replaced by a notice saying it has been seized by international law enforcement.
But at least one of the agencies allegedly responsible said it had nothing to do with the seizure, raising the possibility that the hackers - who also go by the moniker ALPHV - faked their own takedown.
A message posted to the website of the Blackcat hacking gang on Tuesday said it had been impounded "as part of a coordinated law enforcement action" by U.S. authorities and other law enforcement agencies. Among the logos of non-American agencies involved were those of Europol and Britain's National Crime Agency.

The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure.

The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

Lending firm LoanDepot said the personal information of 16.9 million individuals was stolen in a ransomware attack in early January 2024.

Patients having trouble getting lifesaving meds have the AlphV crime group to thank.

This blog post provides a detailed look at the TTPs of a ransomware affiliate operator. In this case, the endpoint had been moved to another infrastructure (as illustrated by various command lines, and confirmed by the partner), so while Huntress SOC analysts reported the activity to the partner, no Huntress customer was impacted by the ransomware deployment.

En décembre 2023, leteam sa a été victime d'une cyber-attaque. Un groupe de ransomware connu a pu accéder au réseau et crypter plusieurs disques. Grâce à une réaction rapide de l'équipe informatique et d'experts en sécurité externes, l'attaque a pu être rapidement contrée et les systèmes restaurés. L'analyse de l'incident a révélé une fuite de certaines données, mais celle-ci a été jugée à l'époque comme étant partiellement critique. Un monitoring a été mis en place pour surveiller une éventuelle publication de données.

The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector.

Russian-speaking ransomware operation LockBit reestablished a dark web leak site Saturday afternoon, posting a lengthy screed apparently authored by its leader, who

Un groupe de hackers russe a volé près de 200 Go de données à une entreprise de placement suisse et les a divulgués sur le darknet.

Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.

LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage.This international sweep follows a complex investigation led by the UK National Crime Agency in the framework of an international taskforce known as ‘Operation Cronos’, coordinated at European level by Europol and Eurojust.The months-long operation has resulted in the compromise of LockBit’s...

The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.