A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice … [Read more...] about LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
ransomware
CrowdStrike Named a Leader in GigaOm Radar for Ransomware Prevention
GigaOm noted in its report that a broad platform approach is often required to protect customers from ransomware — and CrowdStrike delivers. “CrowdStrike offers a broad security platform that covers endpoint protection, identity protection, cloud security, IT automation, next-gen SIEM and more. [The] Falcon platform enables comprehensive ransomware detection, prevention, and … [Read more...] about CrowdStrike Named a Leader in GigaOm Radar for Ransomware Prevention
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
Dec 09, 2024Ravie LakshmananThreat Intelligence / Malware The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by … [Read more...] about Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
Nov 30, 2024Mohit KumarRansomware / Cybercrime A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt … [Read more...] about Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Oct 30, 2024Ravie LakshmananRansomware / Threat Intelligence Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, … [Read more...] about North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions
Oct 26, 2024Ravie LakshmananCybercrime / Malware Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg … [Read more...] about Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
Oct 24, 2024Ravie LakshmananRansomware / Cybercrime Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI … [Read more...] about New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?
Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role in lateral movement in over 70% of ransomware attacks. However, there's an … [Read more...] about Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?
CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. "CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved," ESET … [Read more...] about CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, … [Read more...] about RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors