Tag: lockbit
-
US Cybercom, CISA retreat in fight against Russian cyber threats: reports
by
in SecurityNews
Tags: apt, blizzard, china, cisa, cyber, cybersecurity, data, government, group, hacker, infrastructure, international, iran, lockbit, microsoft, ransomware, risk, risk-management, russia, threatPurported shift at CISA away from reporting on Russian threats: Shortly after The Record issued its report, The Guardian reported that the US Cybersecurity and Infrastructure Security Agency (CISA) sent an internal memo setting out new priorities for the agency, including China but excluding Russia. One source said analysts at the agency were verbally informed…
-
The New Ransomware Groups Shaking Up 2025
by
in SecurityNewsIn 2024, global ransomware attacks hit 5,414, an 11% increase from 2023. After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year’s total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of…
-
Ransomware-Szene im Umbruch: Aktuelle Entwicklungen und wichtige Trends
by
in SecurityNewsRansomware bleibt eine ständige Bedrohung, verändert sich jedoch stetig. Während große Akteure wie LockBit und ALPHV/BlackCat verschwinden, rücken neue Gruppen nach. Ransomware-as-a-Service (RaaS) entwickelt sich weiter, und sogar Staaten wie Russland und Nordkorea nutzen sie als Einnahmequelle. Neben diesem Strukturwandel zeichnen sich markante Trends ab. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/ransomware-szene-im-umbruch-aktuelle-entwicklungen-und-wichtige-trends/
-
Fragmentierung und Partnerwechsel: Strukturwandel in der Ransomware-Szene
by
in SecurityNewsDas Damoklesschwert Ransomware ist nicht neu, aber es schlägt immer etwas anders aus. Große Akteure wie LockBit und ALPHV/BlackCat sind scheinbar passé, doch in entstehende Lücken drängen neue, noch nicht etablierte Gruppen. Die Ransomware-as-a-Service (RaaS)-Gruppen revidieren zudem ihre interne Arbeitsaufteilung und -organisation. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ransomware-szene-im-umbruch
-
LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat
by
in SecurityNewsLockBit claims to have “classified information” for FBI Director Kash Patel that could “destroy” the agency if leaked. The ransomware gang LockBit sent a strange message to newly appointed FBI Director Kash Patel, they offer alleged “classified information” that could “destroy” this agency if publicly disclosed. The ransomware group published the message on their dark…
-
Siberia’s largest dairy plant reportedly disrupted with LockBit variant
by
in SecurityNewsReports said the dairy company Sayanmoloko’s plant in Semyonishna was attacked with LockBit ransomware, possibly because of its support for Russian troops in Ukraine. Company printers reportedly churned out leaflets. First seen on therecord.media Jump to article: therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant
-
From Confluence Vulnerability (CVE-2023-22527) to LockBit Encryption: A Rapid Attack Chain
by
in SecurityNewsSecurity researchers at The DFIR Report have uncovered a highly coordinated attack that leveraged a critical remote code First seen on securityonline.info Jump to article: securityonline.info/from-confluence-vulnerability-cve-2023-22527-to-lockbit-encryption-a-rapid-attack-chain/
-
LockBit Ransomware Strikes: Exploiting a Confluence Vulnerability
by
in SecurityNews
Tags: attack, cvss, cyber, data-breach, exploit, lockbit, malicious, ransomware, remote-code-execution, vulnerability, windowsIn a swift and highly coordinated attack, LockBit ransomware operators exploited a critical remote code execution vulnerability (CVE-2023-22527) in Atlassian Confluence servers, targeting an exposed Windows server. This vulnerability, rated CVSS 10.0, enabled unauthenticated attackers to execute arbitrary commands by injecting malicious Object-Graph Navigation Language (OGNL) expressions into improperly sanitized template files. The attack commenced…
-
A landscape forever altered? The LockBit takedown one year on
by
in SecurityNewsThe NCA-led takedown of the LockBit ransomware gang in February 2024 heralded a transformative year in the fight against cyber crime. One year on, we look back at Operation Cronos and its impact First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619310/A-landscape-forever-altered-The-LockBit-takedown-one-year-on
-
Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers
by
in SecurityNewsDutch police seized 127 servers of the bulletproof hosting service Zservers/XHost after government sanctions. On February 11, 2025, the US, UK, and Australia sanctioned a Russian bulletproof hosting services provider and two Russian administrators because they supported Russian ransomware LockBit operations. Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov are the two Russian nationals and administrators of Zservers.…
-
RansomHub: The New King of Ransomware? Targeted 600 Firms in 2024
by
in SecurityNewsRansomHub emerges as a major ransomware threat in 2024, targeting 600 organizations after ALPHV and LockBit disruptions. Group-IB… First seen on hackread.com Jump to article: hackread.com/ransomhub-king-of-ransomware-600-firms-2024/
-
LockBit crackdown continues with Zservers sanctions
by
in SecurityNews
Tags: lockbitFirst seen on scworld.com Jump to article: www.scworld.com/news/lockbit-crackdown-continues-with-zservers-sanctions
-
Feds Sanction Russian Cybercrime Bulletproof Hosting Service
by
in SecurityNewsUS, UK and Australia Target Zservers for Supporting LockBit, Other Cybercrime Groups. A Russian bulletproof hosting service used by cybercriminals including the LockBit ransomware group has been sanctioned by Australian, British and American agencies. Zservers has been advertised in criminal forums as an aid to avoid law enforcement investigations and takedowns. First seen on govinfosecurity.com…
-
Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks
by
in SecurityNewsUS, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/feds-sanction-russian-hosting-provider-lockbit-attacks
-
US Treasury Sanctions Russian Bulletproof Hosting Provider Zservers for Supporting LockBit Ransomware Attacks
by
in SecurityNewsThe U.S. Department of the Treasury, in a coordinated effort with Australia and the United Kingdom, has announced First seen on securityonline.info Jump to article: securityonline.info/us-treasury-sanctions-russian-bulletproof-hosting-provider-zservers-for-supporting-lockbit-ransomware-attacks/
-
Russian bulletproof hosting service Zservers sanctioned by US for LockBit coordination
by
in SecurityNewsThe U.S., the U.K. and Australia sanctioned Russia-based Zservers, connecting the Russian company’s internet hosting services to the LockBit ransomware operation. First seen on therecord.media Jump to article: therecord.media/zservers-russia-bulletproof-hosting-us-uk-sanctions
-
UK, US, Oz blast holes in LockBit’s bulletproof hosting provider Zservers
by
in SecurityNews
Tags: lockbitUK foreign secretary says Putin is running a ‘corrupt mafia state’ First seen on theregister.com Jump to article: www.theregister.com/2025/02/11/aukus_zservers_lockbit_sanctions/
-
AUKUS blasts holes in LockBit’s bulletproof hosting provider
by
in SecurityNews
Tags: lockbitUK foreign secretary says Putin is running a ‘corrupt mafia state’ First seen on theregister.com Jump to article: www.theregister.com/2025/02/11/aukus_zservers_lockbit_sanctions/
-
Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia
by
in SecurityNewsRussia-based bulletproof hosting services provider Zservers was sanctioned for providing services to support LockBit ransomware operations. The post Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-cybercrime-network-targeted-for-sanctions-across-us-uk-and-australia/
-
U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure
by
in SecurityNewsZservers, a Russia-based company, along with two employees, allegedly ran specialized servers tied to ransomware attacks. First seen on cyberscoop.com Jump to article: cyberscoop.com/zservers-bulletproof-hosting-sanctions-lockbit-ransomware/
-
US sanctions LockBit ransomware’s bulletproof hosting provider
by
in SecurityNewsThe United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomwares-bulletproof-hosting-provider/
-
Ransom Payments Fell 35% in 2024 After LockBit, BlackCat Takedowns
by
in SecurityNewsLaw enforcement actions, better defenses, and a refusal by victims to pay helped to reduce the amount of ransoms paid in 2024 by $35%, a sharp decline from the record $1.25 billion shelled out in 2023, according to researchers with Chainalysis. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/ransom-payments-fell-35-in-2024-after-lockbit-blackcat-takedowns/
-
Mehr Cyberangriffe bei weniger Beute
by
in SecurityNews
Tags: backup, blockchain, crime, crypto, cyberattack, cyersecurity, intelligence, leak, lockbit, ransomware, risk, service, usa -
Still-Lucrative Ransomware’s Profits Plunged 35% Last Year
by
in SecurityNewsCollapse of LockBit and BlackCat/ALPHV Tied to Ongoing Decline in Big-Game Hunting. Ransomware may still be raking in massive cryptocurrency profits for practitioners, but 2024 turned out to be less of a banner year than predicted, with blockchain researchers reporting that the sum total of known ransom payments to ransomware groups in 2024 plummeted by…
-
LockBit Ransomware: 11-Day Timeline from Initial Compromise to Deployment
by
in SecurityNewsA well-coordinated cyber intrusion, spanning 11 days, culminated in the deployment of LockBit ransomware across a corporate environment. The attack, which began with the execution of a malicious file posing as a Windows Media Configuration Utility, displayed a sophisticated playbook leveraging Cobalt Strike, advanced persistence mechanisms, lateral movement, data exfiltration tools, and an eventual ransomware…
-
Post-ALPHV, LockBit takedown surge of RansomHub examined
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/post-alphv-lockbit-takedown-surge-of-ransomhub-examined
-
How cops taking down LockBit, ALPHV led to RansomHub’s meteoric rise
by
in SecurityNewsCut off one head, two more grow back in its place First seen on theregister.com Jump to article: www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/