The Last Watchdog

JUNE 20, 2022

Initial access brokers, or IABs , are the latest specialists on the scene. IABs gain unauthorized network access and then they often will conduct exploratory movements to get a sense of what the compromised asset is, Shier told me. Or the payload might be a data exfiltration routine — or a full-blown ransomware attack.

Access 235

Access Ransomware Digital transformation Sales 235

Data Breach Today

JANUARY 11, 2024

Financially Motivated Actors Targeting US, EU and LATAM Countries Financially motivated Turkish hackers are targeting Microsoft SQL servers in the United States, Europe and Latin America in hacking that ultimately ends with deployment of Mimic ransomware or the sale of access to infected hosts on criminal online markets.

Ransomware 283

Ransomware Sales Marketing Access 283

Data Breach Today

OCTOBER 13, 2020

Accenture: Network Access Sellers Change Their Tactics Those selling "network access" on underground forums are adjusting their business models to take advantage of the huge influx of ransomware gangs that are looking for easier and more efficient ways to gain access to their targets, Accenture reports.

Access 204

Access Ransomware 204

Data Breach Today

OCTOBER 30, 2023

Patch or Perish: Researchers See Mass Exploits of NetScaler ADC and Gateway Devices Ransomware-wielding groups are among the attackers exploiting vulnerabilities in NetScaler devices to bypass authentication and gain initial access to victims' networks.

Ransomware 244

Ransomware Authentication Access 244

Krebs on Security

DECEMBER 19, 2023

Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. BlackCat formed by recruiting operators from several competing or disbanded ransomware organizations — including REvil , BlackMatter and DarkSide.

Ransomware 248

Ransomware Encryption IT Access 248

Security Affairs

NOVEMBER 8, 2023

The FBI published a PIN alert warning of ransomware operators compromising third-party vendors and services for initial access to target environments. The FBI continues to observe ransomware operators abusing third-party vendors and services as an attack vector. ” reported the PIN.

Ransomware 111

Ransomware Access Phishing Encryption 111

Krebs on Security

FEBRUARY 20, 2024

authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. First surfacing in September 2019, the gang is estimated to have made hundreds of millions of U.S. Ivan Gennadievich Kondratyev , a.k.a.

Ransomware 267

Ransomware Encryption Insurance Manufacturing 267

Krebs on Security

DECEMBER 3, 2021

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network.

Access 289

Access Ransomware Sales Passwords 289

Data Breach Today

SEPTEMBER 21, 2023

Also, Clorox Product Shortages; California Passes Data Broker Restrictions This week, Colombia grappled with the aftermath of a ransomware attack against IFX Networks, Clorox suffered product shortages, a glitch allowed T-Mobile users to access other users' data, California passed restrictions for data brokers and Finland seized a dark web marketplace. (..)

Ransomware 287

Ransomware Access 287

Data Breach Today

FEBRUARY 2, 2021

High-Quality Access - via RDP, VPN, Citrix - Can Retail for $2,000, Kela Reports To take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks. Economically speaking, it's a no-brainer move for cybercrime gangs.

Access 136

Access Ransomware Retail IT 136

Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware against the Metropolitan Police Department in Washington, D.C.

Ransomware 249

Ransomware Access Marketing Government 249

Krebs on Security

AUGUST 19, 2021

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. ” This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware.

Ransomware 358

Ransomware Access Phishing Encryption 358

Krebs on Security

OCTOBER 25, 2021

The Conti ransomware affiliate program appears to have altered its business plan recently. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked. A redacted screenshot of the Conti News victim shaming blog.

Access 238

Access Ransomware Sales IT 238

Security Affairs

NOVEMBER 1, 2022

Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. On average, there were around 190 access listings in each month of Q3, slightly higher than in Q2.” The average price for access was around $2800, while the median price was $1350.

Sales 99

Sales Access Ransomware Security 99

Data Breach Today

AUGUST 22, 2023

The Attack Accesses an Exposed API on a Component of the Veeam Application The Cuba ransomware group is exploiting a bug in data backup software exposed in March, warn BlackBerry security researchers.

Ransomware 226

Ransomware Access Security IT 226

Data Breach Today

DECEMBER 13, 2022

Victims Still Learning Their Personal Data Was Illegally Accessed, Copied in 2021 A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting.

Ransomware 320

Ransomware Personal data Government Access 320

Data Breach Today

JULY 26, 2021

Malwarebytes: Gang Seeking 'Pentesters' and 'Access Brokers' A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes.

Ransomware 341

Ransomware Access Security 341

Data Breach Today

FEBRUARY 5, 2024

trillion every month, following an outage triggered by ransomware-wielding attackers gaining unauthorized access to its systems.

Ransomware 176

Ransomware Access Security IT 176

Data Breach Today

AUGUST 10, 2021

$5,400 Is the Average Price for Access to Hacked Networks, Kela Reports The rise of ransomware as a criminal moneymaking powerhouse parallels the services offered by initial access brokers, who continue to offer affordable access to victims' networks - often via brute-forced remote desktop protocol or VPN credentials - to help attackers hit more targets (..)

Access 262

Access Ransomware 262

Data Breach Today

NOVEMBER 25, 2022

Victims Notified of Ransomware Attack Six Months After the Incident A cyberattack on a Canadian teachers’ union gave thieves access to sensitive data of more than 60,000 members The union is yet to disclose the exact number of affected individuals, but stated that both former and current members are impacted.

Ransomware 290

Ransomware Access 290

Data Breach Today

OCTOBER 11, 2021

Mandiant Report Says Threat Actors Deploy Ryuk, Leverage Initial Access Brokers A Russian-speaking threat actor group that deploys the Ryuk variant ransomware, leverages initial access brokers, and generally skips double-extortion attempts in favor of fast and higher payout ransoms has been predominately targeting the healthcare sector, warns security (..)

Ransomware 335

Ransomware Access Security 335

Data Breach Today

FEBRUARY 11, 2023

Group Says It Has Confidential Data, Tech Docs; A10 Says Operations Not Impacted The Play ransomware group listed networking hardware manufacturer A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber.

Ransomware 309

Ransomware IT Manufacturing Data breaches 309

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. This is not an idle concern.

Ransomware 307

Ransomware Encryption Manufacturing Phishing 307

Data Breach Today

SEPTEMBER 6, 2021

Revenue, Size, Geography and Level of Access Help Determine Sale Price for Access The most sought-after type of victim for ransomware-wielding attackers is a large, U.S.-based

Ransomware 343

Ransomware Sales Education Access 343

Data Breach Today

SEPTEMBER 22, 2022

FBI, CISA Detail How Iran Launched Destructive Cyberattack Iranian hackers rambled across the Albanian government's network for 14 months before launching a ransomware and disk wiper attack in July, says the U.S. Iran exploited a Microsoft SharePoint vulnerability to gain access and then harvested credentials and exfiltrated data.

Access 213

Access Ransomware Government 213

Krebs on Security

MAY 14, 2021

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform.

Ransomware 364

Ransomware Education Communications Access 364

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. Cado Security Labs recently became aware that Cerber ransomware is being deployed into Confluence servers via the CVE-2023-22518 exploit. ” states Cado Security. ” continues the report.

Ransomware 136

Ransomware Encryption Access IT 136

Data Breach Today

DECEMBER 11, 2020

Researchers: Attackers Also Selling Access to Over 250,000 Stolen Databases Hackers are targeting thousands of vulnerable MySQL servers around the world, using ransomware to exfiltrate data from organizations and then demanding payment, according to Guardicore Labs.

Ransomware 346

Ransomware Access 346

The Last Watchdog

DECEMBER 19, 2022

Related: IABs fuel ransomware surge. Initial access brokers (IABs) play an increasingly central role in this cyber underworld. They search for weak points and perform the challenging, technically demanding work of breaking past an organization’s security, then offer access to the victim to the highest bidder. IABs on the rise.

Access 124

Access Ransomware Digital transformation Cybersecurity 124

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. ” Image: Chainalysis.

Ransomware 276

Ransomware Encryption Access Cloud 276

Data Breach Today

AUGUST 17, 2023

Fortinet SSL VPN Vulnerability Is Among Top Most Common Vulnerabilities The Play ransomware group is targeting security managed service providers to gain initial access and using up to a half-decade-old vulnerabilities in security appliances, warn security researchers with Adlumin.

Ransomware 227

Ransomware Encryption Access Security 227

Data Breach Today

AUGUST 22, 2023

Seiko Hints at Data Breach But Declines to Address BlackCat’s Claims The BlackCat group on Monday claimed responsibility for a ransomware attack on Japanese watchmaker Seiko, publishing samples of stolen data files as proof of its exploit. announced earlier this month that it had detected unauthorized users accessing of some of its servers.

Ransomware 203

Ransomware Data breaches Access IT 203

Data Breach Today

JULY 29, 2021

Patch Management and Locking Down Remote Desktop Protocol Remain Essential Defenses Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks.

Ransomware 349

Ransomware Access Security 349

Krebs on Security

SEPTEMBER 18, 2023

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The 8Base ransomware group’s victim shaming website on the darknet.

Ransomware 237

Ransomware Communications Encryption IT 237

Data Breach Today

JANUARY 11, 2023

December Incident that Shut Down UK Offices Was Ransomware The Guardian newspaper told staffers Wednesday that a December cyber incident was a ransomware attack and that hackers have accessed staff information. The breach is limited to UK staff and no personal data of readers or staff in its U.S.

Access 130

Access Ransomware Personal data IT 130

Data Breach Today

SEPTEMBER 8, 2021

Classes Canceled as the University's IT Staff Repairs Damage Howard University canceled classes Tuesday in the wake of a ransomware attack it first detected on Friday, the university has announced. There is no evidence the attackers accessed or exfiltrated personal information, the school says.

Ransomware 312

Ransomware Access IT 312

Security Affairs

FEBRUARY 9, 2024

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company.

Ransomware 130

Ransomware Data breaches Manufacturing Sales 130