Incidents involving malware or ransomware. In some cases, incidents called “ransomware” do not involve any locking but merely hack, exfiltrate, and attempt to extort.
Security Affairs reports: The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. Coop is one of the largest retail and grocery providers in Sweden, with approximately 800 stores across the country. The stores are co-owned by 3.5 million members in 29 consumer associations. All surplus that […]
The South China Morning Post reports: Four cyber attackers in China have been arrested for developing ransomware with the help of ChatGPT, the first such case in the country involving the popular chatbot that is not officially available locally. The attack was first reported by an unidentified company in Hangzhou, capital of eastern Zhejiang province, which […]
Bleeping Computer reports: The Ohio Lottery was forced to shut down some key systems after a cyberattack affected an undisclosed number of internal applications on Christmas Eve. While the incident is now under investigation, and the lottery is working to restore all impacted servies, its gaming system is still fully operational. […] While the state […]
Cybernews reports: More than 1.3 million files – stolen from Sony-owned Insomniac Games in last week’s ransomware attack – have now been leaked online by the Rhysida gang. Rhysida claimed the Insomniac hack of “exclusive, unique, and impressive data” on its dark leak site December 11th. The stolen data was put up for auction with a […]
The Register reports: Singapore-based Group-IB celebrated its 20th anniversary in the cybersecurity industry this year, and during this time its researchers have broken into an array of ransomware groups and their affiliates. The full number remains a secret. Before the authorities got their hands on Hive at the start of this year, Group-IB’s researchers were inside […]
Infosecurity Magazine reports: Proofpoint has warned recruiters of a skilled threat actor targeting them with emails designed to deploy malware. TA4557 is a financially motivated threat actor known to distribute the More_Eggs backdoor, which is designed to establish persistence, profile the targeted machine and drop additional payloads. Throughout 2022 and most of 2023 the actor has […]
Researchers and analysts who track developments in ransomware leak sites are buzzing this morning about a post by the AlphV (“BlackCat”) threat actors. Normally, threat actors try to extort their victims and then, if the victims do not pay or respond, they start leaking information about the attack and any data. This time, AlphV is […]
If there’s anything the past few years should have taught businesses, it is that if you think you can just wait a month or a few months to patch vulnerabilities when a patch is released, expect to hacked by threat actors who are already searching for businesses that haven’t patched. In this week’s example, Bleeping […]
The Register reports: Read more at The Register.
Study Finds Increase in Remote Encryption Attacks Ransomware Groups
Ticker.tv reports: A recent report released cybersecurity service provider Sophos reveals a significant rise in remote encryption attacks conducted some of the most active ransomware groups. The study, titled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle,” identifies ransomware groups including Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta as perpetrators of remote encryption attacks. In […]