DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. “Ransomware has gathered a critical mass of nonsense, b t, hype, and fuss around it.

What is Cyber Security Awareness and Why is it Important?

IT Governance

For all the talk of criminal hacking, ransomware infections and the technologies to prevent them, the key to protecting your organisation is cyber security awareness training. The importance of cyber security staff awareness. Cyber security awareness best practices.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. The DarkSide ransomware note.

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.

Analysis of NoCry ransomware: A variant of the Judge ransomware

Security Affairs

Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. SecurityAffairs – hacking, NoCry ransomware).

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

Analysis: Securing RDP to Prevent Ransomware Attacks

Data Breach Today

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. R1 RCM Inc.

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Diebold Nixdorf takes the security of our systems and customer service very seriously.

Ransomware Is Getting Ugly

Schneier on Security

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The Colonial Pipeline is another current high-profile ransomware victim. Uncategorized cryptocurrency cybercrime doxing police ransomware

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog.

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Ransomware ransomware

Security Firm Prosegur Hit By Ryuk Ransomware

Data Breach Today

Incident May Have Disrupted Networked Security Cameras Global security company Prosegur has blamed Ryuk ransomware for a service disruption that started Wednesday, which may have hampered networked alarms.

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents. Ransomware ransomware Tyler Technologies tylertech.com

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang

Krebs on Security

million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. On May 7, the DarkSide ransomware gang sprang its attack against Colonial, which ultimately paid 75 Bitcoin (~$4.4 The U.S. Department of Justice said today it has recovered $2.3

Neuberger: Ransomware Requires International Response

Data Breach Today

Payroll/HR Giant PrismHR Hit by Ransomware?

Krebs on Security

PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services.

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware

Krebs on Security

Fresenius , Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems.

Bitdefender releases free decrypter for Darkside ransomware

Security Affairs

Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the ransom. The decrypter seems to work for all recent versions of the Darkside ransomware. SecurityAffairs – hacking, ransomware).

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

The Taiwanese memory and storage chip maker ADATA was hit by the Ragnar Locker ransomware gang that also published more than 700GB of stolen data. Ragnar Locker ransomware operators published the data after the chipmaker refused to pay the ransom. SecurityAffairs – hacking, ransomware).

Analysis: The Persistent Ransomware Threat

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the persistent threat of ransomware. Also featured: Sorting out breaches tied to Accellion’s File Transfer Appliance; an update on fraud trends in 2021

CISA Alert Describes FiveHands Ransomware Threat

Data Breach Today

Agency Offers In-Depth Analysis, Risk Mitigation Advice The Cybersecurity and Infrastructure Security Agency has issued an alert providing more details on the threat posed by FiveHands ransomware attacks and offering risk mitigation tips

Researchers Uncover Another DarkSide Ransomware Variant

Data Breach Today

FortiGuard Labs Describes Variant, Which Is No Longer Active Security researchers at FortiGuard Labs have uncovered another DarkSide ransomware variant with destructive capabilities.

FBI Attributes JBS Attack to REvil Ransomware Operation

Data Breach Today

Ransomware-as-a-Service Operation REvil - aka Sodinokibi - Has Been Making a Killing The FBI has attributed the ransomware attack against meat processing giant JBS to the REvil - aka Sodinokibi - ransomware-as-a-service operation.

Ransomware Bites 400 Veterinary Hospitals

Krebs on Security

National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities around the globe, is still working to recover from a ransomware attack late last month that affected more than half of those properties, separating many veterinary practices from their patient records, payment systems and practice management software. NVA said it discovered the ransomware outbreak on the morning of Sunday, Oct.

Threatpost Poll: Weigh in on Ransomware Security

Threatpost

Provide your views on ransomware and how to deal with it in our anonymous Threatpost poll. Breach Cloud Security Malware Vulnerabilities Cyber Insurance Cybersecurity Healthcare poll ransomware

New Ryuk ransomware implements self-spreading capabilities

Security Affairs

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. The ransomware generates every possible IP address on local networks and sends them an ICMP ping.

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI).

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

Krebs on Security

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. ” Ransomware Cryptolocker Eversheds Sutherland Evgeniy Mikhailovich Bogachev Evil Corp.

Analysis: Ransomware Gang Disrupts Global Meat Production

Data Breach Today

The latest edition of the ISMG Security Report details the ongoing wave of ransomware attacks, including the disruption of JBS, the world's largest supplier of meat.

Fonix Ransomware Gang Shuts Down Operations

Data Breach Today

Hackers Release Master Decryptor Key The Fonix ransomware gang has closed down its operations and has released a decryptor key, according to Malwarebytes and Kaspersky. But security researchers warn the gang, like others, might re-emerge with new tactics

Ukraine Arrests 6 Clop Ransomware Operation Suspects

Data Breach Today

Russia summit, at which cybercrime was high on the agenda, authorities in Ukraine announced they had busted six suspected members of the Clop ransomware operation. Security experts say these apparently were midlevel players, with Clop's main operators likely based in Russia

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

Payment card processing giant TSYS suffered a ransomware attack earlier this month. The gang claims the data published so far represents just 15 percent of the information it offloaded from TSYS before detonating its ransomware inside the company.

Conti ransomware demanded $20M ransom to Ireland Health Service Executive

Security Affairs

Ireland Health Service Executive (HSE) refuses to pay a $20 million ransom demand after its systems were hit by the Conti ransomware gang. Ireland’s Health Service Executive that was forced to shut down its IT systems on Friday after being targeted with a significant ransomware attack.

Alerts: Avaddon Ransomware Attacks Increasing

Data Breach Today

FBI and Australian Officials Describe the Threat Attackers are using Avaddon ransomware to target diverse organizations in the U.S., Australia and elsewhere, according to the FBI and the Australian Cyber Security Center.

Pay2Key Ransomware Hits Israeli Targets

Data Breach Today

Check Point Researchers Uncovered New Malware Strain Security analysts at Check Point Research are warning about a recently uncovered ransomware strain called Pay2Key that is primarily targeting Israeli firms

New Ransomware Variant Targets US Hospitality Sector

Data Breach Today

Sophos Says Epsilon Red Extorted $210,000 From One Victim A newly uncovered ransomware variant dubbed 'Epsilon Red' is targeting organizations in the US hospitality sector, with the threat actor successfully extorting $210,000 from one of its victims, a new report by security firm Sophos notes

The DarkSide Ransomware Gang

Schneier on Security

The New York Times has a long story on the DarkSide ransomware gang. DarkSide’s user fees operated on a sliding scale: 25 percent for any ransoms less than $500,000 down to 10 percent for ransoms over $5 million, according to the computer security firm, FireEye.

ISMG Editors’ Panel: Cyber Insurance; Ransomware Update

Data Breach Today

Also: Debating the Issue of Banning Ransom Payments In this week's panel discussion, four editors at Information Security Media Group discuss cyber insurance, persistent ransomware attacks and whether ransom payments should be banned