DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. “Ransomware has gathered a critical mass of nonsense, b t, hype, and fuss around it.

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. The DarkSide ransomware note.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Colonial Pipeline Starts Recovery from Ransomware

Data Breach Today

Report: DarkSide Ransomware Gang Infected Fuel Supplier Colonial Pipeline Company has restored smaller pipelines that ship fuels to the U.S. East Coast after a ransomware incident, but its larger ones are still offline as it assesses safety.

Ransomware Is Getting Ugly

Schneier on Security

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The Colonial Pipeline is another current high-profile ransomware victim. Uncategorized cryptocurrency cybercrime doxing police ransomware

DarkSide's Pipeline Ransomware Hit: Strictly Business?

Data Breach Today

Affiliate-Driven Ransomware-as-a-Service Operations Keep Generating Big Profits "It's not personal. It's strictly business."

Houston Rockets Investigate Ransomware Attack

Data Breach Today

Babuk Ransomware Gang Reportedly Posted Exfiltrated Team Data The NBA's Houston Rockets reported on Wednesday that the organization was recently hit with a ransomware attack for which the Babuk cyber gang has taken responsibility.

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. R1 RCM Inc.

Ransomware Shuts Down US Pipeline

Schneier on Security

This is a major story : a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to publish it.

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Ransomware BleepingComputer Diebold Nixdorf Emsisoft Fabian Wosar Lawrence Abrams ProLock ransomware

Arrest, Seizures Tied to Netwalker Ransomware

Krebs on Security

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week.

How Conti Ransomware Works

Data Breach Today

Researchers Analyze the Severe Threat the Malware Poses Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason's Nocturnus Team, which offers an in-depth analysis of how the malware works

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Ransomware ransomware

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog.

FBI: DarkSide Ransomware Used in Colonial Pipeline Attack

Data Breach Today

Company Moves Into Remediation Phase; White House Monitoring Incident The FBI and White House confirmed Monday that the DarkSide ransomware variant was used in the Friday attack that caused disruptions at Colonial Pipeline Co.,

Ransomware Cleanup Costs Scottish Agency $1.1 Million

Data Breach Today

Conti Ransomware Gang Hit Scottish Environment Protection Agency on Christmas Eve How much does it cost to recover from a ransomware attack?

CISA Alert Describes FiveHands Ransomware Threat

Data Breach Today

Agency Offers In-Depth Analysis, Risk Mitigation Advice The Cybersecurity and Infrastructure Security Agency has issued an alert providing more details on the threat posed by FiveHands ransomware attacks and offering risk mitigation tips

DarkSide Ransomware Gang Says It Has Shut Down

Data Breach Today

Colonial Pipeline Attack Used DarkSide Malware The gang behind DarkSide ransomware, which U.S. says it's closed its ransomware-as-a-service operation after losing access to part of its infrastructure

Alerts: Avaddon Ransomware Attacks Increasing

Data Breach Today

FBI and Australian Officials Describe the Threat Attackers are using Avaddon ransomware to target diverse organizations in the U.S., Australia and elsewhere, according to the FBI and the Australian Cyber Security Center.

Payroll/HR Giant PrismHR Hit by Ransomware?

Krebs on Security

PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services.

Ryuk Ransomware Updated With 'Worm-Like Capabilities'

Data Breach Today

Prolific Ransomware Can 'Spread Automatically' Inside Networks, CERT-FR Warns Prolific Ryuk ransomware has a new trick up its sleeve. "A

Colonial Restarts Operations Following Ransomware Attack

Data Breach Today

Company Says It Will Take Several Days for Supply Chain to Return to Normal Colonial Pipeline on Wednesday announced that the company had restarted its operations following a ransomware attack last week.

Tulsa City Officials Report Ransomware Attack

Data Breach Today

City Shuts Down Websites, Systems Tulsa city officials shut down systems and websites after a Sunday ransomware attack, making it impossible for residents to gain online access to many services

Teardown: Inside the Colonial Pipeline Ransomware Attack

Data Breach Today

Diving into the Colonial Pipeline ransomware attack - culprits, impact, recovery, and the increasing political firestorm it’s triggered - is the focus of the latest edition of the ISMG Security Report.

Whirlpool Hit With Ransomware Attack

Data Breach Today

Nefilim Ransomware Gang Takes Responsibility, Posts Allegedly Stolen Data The major appliances giant Whirlpool acknowledges it was hit with a ransomware attack in November, with the cyber gang Nefilim taking responsibility for the cyber incident and claiming to have stolen company data

Colonial Pipeline Confirms Ransomware Causing Disruptions

Data Breach Today

East Coast, confirmed Saturday that a ransomware attack has distributed its services and the company has taken some of its IT systems offline as a precaution

Ransomware Profitability

Schneier on Security

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Ransomware is now an established worldwide business. Uncategorized crime cryptocurrency ransomware

Ransomware Attack Leads to IT Shutdown for Irish Hospitals

Data Breach Today

Conti Ransomware Blamed; No Ransom Paid After Health Service Executive, Ireland’s state health services provider, shut down all its IT systems serving hospitals in the wake of a ransomware attack early Friday, some security experts praised its decisive action and refusal to pay a ransom

Blackbaud Ransomware Victim Count Climbing

Data Breach Today

Health Data Breach Tally Shows Impact of Vendor Breach The May ransomware attack on cloud-based fundraising database management vendor Blackbaud continues to rack up victims in the healthcare sector.

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware

Krebs on Security

Fresenius , Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems.

Analysis: The Persistent Ransomware Threat

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the persistent threat of ransomware. Also featured: Sorting out breaches tied to Accellion’s File Transfer Appliance; an update on fraud trends in 2021

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents. Ransomware ransomware Tyler Technologies tylertech.com

DOJ Launches Task Force to Battle Ransomware Threat

Data Breach Today

Prosecutors to Target the 'Ransomware Criminal Ecosystem' The Justice Department is creating a task force to tackle the growing threat of ransomware and related extortion schemes.

Iran's Military Reportedly Backs Ransomware Campaign

Data Breach Today

Iran's Islamic Revolutionary Guard Corps was behind a ransomware campaign that used a contracting company called "Emen Net Pasargard" to target more than a dozen organizations, according to the security firm Flashpoint. Could Cyberespionage Be Campaign's Real Purpose?

Ryuk Ransomware Profits: $150 Million

Data Breach Today

Researchers Track Funds in 61 Cryptocurrency Wallets Researchers say cryptocurrency wallets used by the operators behind the Ryuk ransomware strain and the gang's affiliates hold more than $150 million

Acer Reportedly Targeted by Ransomware Gang

Data Breach Today

PC and Device Maker Appears to Have Been Targeted by REvil Acer, one of the world's largest PC and device makers, has reportedly been targeted by the ransomware gang REvil, aka Sodinokibi, according to multiple published reports.

Fighting Ransomware: A Call for Cryptocurrency Regulation

Data Breach Today

Coalition Offers a Framework for Disrupting Attacks A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.

Ransomware + Exfiltration + Leaks = Data Breach

Data Breach Today

Data-Leaking Extortionists' Revised Playbook Goes Way Beyond Ransomware Ransomware-wielding attackers continue to pummel organizations.

Ransomware Gang Exploits SonicWall Zero-Day Flaw

Data Breach Today

FireEye: Attacks Happened Before Patch Issued for VPN Vulnerability A cyberthreat gang that's been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks launched earlier this year, FireEye Mandiant researchers say

Ransomware Bites 400 Veterinary Hospitals

Krebs on Security

National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities around the globe, is still working to recover from a ransomware attack late last month that affected more than half of those properties, separating many veterinary practices from their patient records, payment systems and practice management software. NVA said it discovered the ransomware outbreak on the morning of Sunday, Oct.