Krebs on Security

APRIL 18, 2022

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. National Security Agency (NSA). But according to Microsoft and an advisory from the U.S.

Ransomware 317

Ransomware Cybersecurity Healthcare Security 317

Krebs on Security

OCTOBER 1, 2020

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. While it may seem unlikely that companies victimized by ransomware might somehow be able to know whether their extortionists are currently being sanctioned by the U.S. Image: Shutterstock.

Ransomware 363

Ransomware Insurance Risk Government 363

Data Breach Today

AUGUST 18, 2020

the world's largest cruise ship company, is investigating a ransomware attack that likely compromised guest and employee data, according its filing with the SEC. It's the company's second security incident this year. SEC Filing Warns That Guest and Employee Data Likely Compromised Carnival Corp.,

Ransomware 361

Ransomware Security IT 361

Data Breach Today

OCTOBER 25, 2024

Operation Cronos Prioritized Disrupting Criminal Trust in the Group, Official Says What does it take to disrupt a major ransomware operation? The effort against LockBit initially prioritized disrupting criminals' trust in the ransomware group, and has since shifted to unmasking affiliates, a Europol's official told attendees at the Hardwear.io

Ransomware 309

Ransomware Security IT 309

Data Breach Today

MARCH 17, 2021

To help strengthen the healthcare sector's defenses, the Center for Internet Security is offering all U.S. hospitals and healthcare delivery systems a free protection service designed to help block ransomware and other malware, says Ed Mattison, the center's executive vice president.

Ransomware 346

Ransomware Security 346

Krebs on Security

SEPTEMBER 15, 2021

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. ET: TTEC confirmed a ransomware attack.

Ransomware 355

Ransomware Sales Encryption Information Security 355

Data Breach Today

JULY 26, 2021

Malwarebytes: Gang Seeking 'Pentesters' and 'Access Brokers' A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes.

Ransomware 342

Ransomware Access Security 342

Krebs on Security

SEPTEMBER 23, 2020

The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents. “We have since engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment.

Ransomware 359

Ransomware Marketing Government Access 359

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.

Ransomware 338

Ransomware Encryption Cybersecurity Access 338

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware.

Ransomware 305

Ransomware Cybersecurity Phishing Security 305

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code.

Ransomware 334

Ransomware Encryption Manufacturing Phishing 334

Data Breach Today

SEPTEMBER 17, 2021

Many Files Crypto-Locked Before July 13 Unlockable via Free Bitdefender Decryptor Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

Ransomware 363

Ransomware Security 363

Data Breach Today

JUNE 3, 2021

Ransomware-as-a-Service Operation REvil - aka Sodinokibi - Has Been Making a Killing The FBI has attributed the ransomware attack against meat processing giant JBS to the REvil - aka Sodinokibi - ransomware-as-a-service operation.

Ransomware 331

Ransomware Security 331

Data Breach Today

MAY 19, 2022

The latest edition of the ISMG Security Report analyzes the changes in the ransomware landscape one year after the attack on Colonial Pipeline. It also revisits the Ryuk ransomware attack on a school district in Illinois and examines common culprits hindering effective Zero Trust adoption.

Ransomware 328

Ransomware Security IT 328

Data Breach Today

OCTOBER 11, 2021

Mandiant Report Says Threat Actors Deploy Ryuk, Leverage Initial Access Brokers A Russian-speaking threat actor group that deploys the Ryuk variant ransomware, leverages initial access brokers, and generally skips double-extortion attempts in favor of fast and higher payout ransoms has been predominately targeting the healthcare sector, warns security (..)

Ransomware 343

Ransomware Access Security 343

Data Breach Today

JULY 2, 2021

This edition of the ISMG Security Report features a discussion about why the head of Britain's National Cyber Security Center says the No. 1 cyber risk is not nation-state attackers but ransomware-wielding criminals. Also featured: Western Digital IoT flaws; an FBI agent tracks cybersecurity trends.

Ransomware 334

Ransomware IoT Cybersecurity Risk 334

Data Breach Today

APRIL 28, 2022

Lockbit, Conti, Hive and Alphv/BlackCat Tied to Greatest Number of Known Victims Ransomware attacks have come storming back after experiencing their typical end-of-the year decline. Security researchers report that the greatest number of known victms has been amassed by Lockbit, followed by Conti, Hive and Alphv/BlackCat.

Ransomware 334

Ransomware Security 334

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Security 361

Security Ransomware Agriculture Cybersecurity 361

Data Breach Today

SEPTEMBER 20, 2021

Researchers Believe NEW Cooperative Targeted By BlackMatter Gang NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according to security researchers and published reports.

Ransomware 340

Ransomware Security 340

Krebs on Security

MARCH 2, 2021

PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR said it detected the activity on Sunday.

Ransomware 336

Ransomware Insurance Cloud Encryption 336

Data Breach Today

JULY 29, 2021

Patch Management and Locking Down Remote Desktop Protocol Remain Essential Defenses Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks.

Ransomware 350

Ransomware Access Security 350

Data Breach Today

DECEMBER 19, 2023

Ransomware Group Declares Nothing Off Limits Outside of CIS Countries The BlackCat ransomware as service operation's putative "unseizing" of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday.

Ransomware 316

Ransomware Security IT 316

Data Breach Today

SEPTEMBER 17, 2024

Former Royal Mail and Manchester University CISOs Talk Ransomware Response Timely notification of ransomware incidents to British law enforcement agencies played a crucial role in understanding the threats and in developing mitigation strategies, the former security heads of Royal Mail and the University of Manchester said.

Ransomware 289

Ransomware Government Security 289

Data Breach Today

MARCH 29, 2021

Awake Security Finds Connection Between Hafinum Group and Hades Researchers at Awake Security says at least one attack launched by the operators of Hades ransomware has a connection to the China-linked Hafnium group waging attacks on vulnerable Exchange servers.

Ransomware 328

Ransomware Security 328

Data Breach Today

MAY 8, 2021

Attackers have Co-Opted Malware For Data Exfiltration and Ransom, Group-IB Finds Attackers have co-opted the Hancitor malware downloader and recently used it to deliver Cuba ransomware as part of an email spam campaign for data exfiltration and ransom extortion, a new report by security firm Group-IB finds.

Ransomware 338

Ransomware Security IT 338

Data Breach Today

MAY 29, 2021

Sophos Says Epsilon Red Extorted $210,000 From One Victim A newly uncovered ransomware variant dubbed 'Epsilon Red' is targeting organizations in the US hospitality sector, with the threat actor successfully extorting $210,000 from one of its victims, a new report by security firm Sophos notes.

Ransomware 328

Ransomware Security IT 328

Data Breach Today

JUNE 24, 2021

Secureworks: New Group Apparently Waging Attacks Using Same Code A newly identified threat group is using a repurposed version of REvil ransomware to wage attacks, according to security company Secureworks’ Counter Threat Unit.

Ransomware 316

Ransomware Security 316

Data Breach Today

OCTOBER 7, 2024

Canadian Cybersecurity Leaders Brace for Changing Security Landscape and Regulations At the recent Cybersecurity Summit: Canada East, hosted by Information Security Media Group, cybersecurity leaders, industry experts and top executives discussed the surge in ransomware attacks, the integration of AI into security frameworks and growing personal liability (..)

Ransomware 301

Ransomware Cybersecurity Information Security Security 301

Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware against the Metropolitan Police Department in Washington, D.C.

Ransomware 297

Ransomware Access Marketing Government 297

Data Breach Today

OCTOBER 26, 2023

Ransomware Groups Listed 514 Victims in Total on Their Data Leak Sites Last Month The volume of known ransomware attacks surged last month to record-breaking levels, with groups collectively listing 514 victims on their data-leak sites, security researchers report.

Ransomware 315

Ransomware Security 315

Data Breach Today

DECEMBER 13, 2023

Oxygen of Publicity' Helps Intimidate Victims and Recruit Affiliates, Experts Warn Seeking to maximize profits no matter the cost, ransomware groups have been bolstering their technical prowess and psychological shakedowns with a fresh strategy: attempting to control the narrative.

Ransomware 316

Ransomware Marketing Security 316

Data Breach Today

JULY 6, 2021

Company Outlines Steps After REvil Ransomware Attack In a Tuesday update, software vendor Kaseya said additional security measures are being put in place to protect its clients in the aftermath of the July 4 holiday weekend ransomware attack that affected about 60 of its MSP customers who supply IT management services and up to 1,500 of their clients. (..)

Security 331

Security Ransomware IT 331

Data Breach Today

OCTOBER 25, 2021

Flaw in DarkSide and BlackMatter Enabled Security Firm to Decrypt Files for Free While ransomware might be today's top cybercrime boogeyman, attackers aren't infallible.

Ransomware 333

Ransomware Security IT 333

Data Breach Today

JUNE 4, 2021

The latest edition of the ISMG Security Report details the ongoing wave of ransomware attacks, including the disruption of JBS, the world's largest supplier of meat. Also featured are police busting criminals who formerly used the EncroChat communications network and the strategies for filling the cyber skills gap.

Ransomware 317

Ransomware Communications Security 317

Krebs on Security

JUNE 14, 2022

The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Brett Callow , a threat analyst with security firm Emsisoft , called the move by ALPHV “a cunning tactic” that will most certainly worry their other victims.

Ransomware 289

Ransomware Privacy Security IT 289

Data Breach Today

MARCH 23, 2022

Organization's Data Center Isolated to Contain Targeted Ransomware Attack Greek postal service Hellenic Post says a ransomware incident has forced it to pull a majority of its operations offline. It is working with IT security experts to probe the attack and restore services.

Ransomware 288

Ransomware Security IT 288

Data Breach Today

SEPTEMBER 13, 2023

Alphv/BlackCat Group Reportedly Hit Casino Operator via Social Engineering Attack Booking and reservation systems, as well as slot machines, hotel room door locks, ATMs and more remain offline at multiple MGM Resorts properties as the publicly traded casino hotel giant battles "a cybersecurity issue" that one group of security researchers has tied (..)

Ransomware 329

Ransomware Cybersecurity Security 329