This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.
A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.
Nation struggles in aftermath of president’s refusal to pay to end cyber attack, even as hacking group collapsed
LockBit remained the most active threat in June, and “the costliest strain of ransomware ever documented” went dark while others surged.
We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.
The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.
We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.
The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand.
La nuova funzione implementata ieri da BlackCat, esporrà le vittime colpite anche su Internet, con una diffusione più massiccia e pubblica dei dati rubati, con nome di dominio autentico intestato alla vittima stessa
Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group,…
XVigil discovered a financially motivated threat actor group, dubbed Eternity group, actively operating on the internet, selling worms, stealers, DDoS tools, and ransomware builders.
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings in this report.
The Russia-linked ransomware gang demanded $20 million in ransom — and the overthrow of Costa Rica's elected government. Where does that leave smaller, equally vulnerable nation states?
The president of Costa Rica says his country is "at war", as cyber-criminals cause major disruption to IT systems of numerous government ministries.
Rodrigo Chaves said hackers infiltrated 27 government institutions, including municipalities and state-run utilities.
The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals.
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.
The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies.
BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies.
The declaration was signed into law by Chaves on Sunday, May 8th, same day as the economist and former Minister of Finance effectively became the country's 49th and current president.
Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser.
"The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack," Assaf Morag, a data analyst at Aqua Security, said in a report.
A Ukrainian cybersecurity researcher has released a huge batch of data that came from the internal systems of the Conti ransomware gang. The researcher released the
L’Université de Neuchâtel a été touchée par une cyberattaque.
