Tag: ransomware
-
UK Home Office Ransom Ban Proposal Needs More Clarity
by
in SecurityNewsCybersecurity Wonks Find Fault With Home Office Ransomware Proposals. A collection of British cybersecurity policy wonks poured cold water over a British government proposal to outlaw ransom payments by government agencies and from regulated operators of critical infrastructure. A ban wouldn’t likely represent a significant blow to ransomware profits. First seen on govinfosecurity.com Jump to…
-
Minnesota Tribe Struggles After Ransomware Attack
by
in SecurityNewsHotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/minnesota-tribe-operations-ransomware-attack
-
ISMG Editors: Who Will Shore Up Trump’s Federal Cyber Cuts?
by
in SecurityNewsAlso: 23andMe’s Privacy Meltdown, Investors’ $500M AI Bet on ReliaQuest. In this week’s update, ISMG editors discussed the Trump administration’s cybersecurity funding cuts and potential impact on state and local ransomware defense. 23andMe’s bankruptcy and the FTC’s stance on genetic data privacy, ReliaQuest’s $500 million raise and what it means for AI-led SecOps. First seen…
-
Port of Seattle says 90,000 people impacted in 2024 ransomware attack
by
in SecurityNewsThe organization that runs Seattle-Tacoma International Airport and several container terminals said it is sending breach notification letters to those affected by a ransomware attack, including about 71,000 people in Washington state. First seen on therecord.media Jump to article: therecord.media/port-of-seattle-says-90000-impacted-in-2024-ransomware-attack
-
Rheinmetall Opfer eines Cyberangriffs der Babuk2-Gruppe?
by
in SecurityNewsIst der Rüstungskonzern Rheinmetall Opfer eines Ransomware-Angriffs geworden? Zumindest behauptet die Babuk2-Ransomware-Gruppe einen erfolgreichen Angriff auf das Unternehmen ausgeführt zu haben. Allerdings liegen mir derzeit noch sehr wenige Informationen vor, da die Seiten von Babuk2 aktuell nicht erreichbar sind. Babuk2 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/04/rheinmetall-opfer-eines-cyberangriffs-der-babuk2-gruppe/
-
Hunters International Dumps Ransomware, Goes Full-on Extortion
by
in SecurityNewsHunters International, the RaaS group that some believe evolved from Hive, appears to be rebranding and shifting operations, moving away from an unprofitable and risky ransomware business and focusing solely on exfiltrating data and extorting victims, say Group-IB researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/hunters-international-dumps-ransomware-goes-full-on-extortion/
-
Port of Seattle says ransomware breach impacts 90,000 people
by
in SecurityNewsPort of Seattle, the U.S. government agency overseeing Seattle’s seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/port-of-seattle-says-ransomware-breach-impacts-90-000-people/
-
EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures
by
in SecurityNewsEncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor has been linked to ransomware campaigns, data theft, and the development of advanced malware tools, including EncryptRAT. However, critical mistakes in their operational infrastructure have…
-
Medusa Rides Momentum From Ransomware-as-a-Service Pivot
by
in SecurityNewsShifting to a RaaS business model has accelerated the group’s growth, and targeting critical industries like healthcare, legal, and manufacturing hasn’t hurt either. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/medusa-momentum-ransomware-as-a-service-pivot
-
Royal Mail untersucht Datenleck
by
in SecurityNewsDer britische Postdienst Royal Mail untersucht Hinweise auf ein Datenleck. Hintergrund könnte der gleiche wie bei dem Fall von Samsung Deutschland sein.Rund zwei Jahre nach der massiven Ransomware-Attacke auf Royal Mail kursieren aktuell Hinweise auf einen neuen Cybervorfall. Am 31. März behauptete ein Hacker namens ‘GHNA” in einem Darknet-Forum, dass er 144 Gigabyte Daten bei…
-
State Bar of Texas Says Personal Information Stolen in Ransomware Attack
by
in SecurityNewsThe State Bar of Texas is notifying thousands of individuals that their personal information was stolen in a February ransomware attack. The post State Bar of Texas Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/state-bar-of-texas-says-personal-information-stolen-in-ransomware-attack/
-
Longtime ‘Fast Flux’ Evasion Technique Now a National Security Threat
by
in SecurityNewsCISA, the FBI, and NSA issued an advisory about the national security threat posed by “fast flux,” a technique used by threat actors to evade detection of their C2 infrastructures that has been around for two decades but has seen a resurgence in use by ransomware gangs and nation-state bad actors. First seen on securityboulevard.com…
-
Privilegierte Zugänge werden zum Sicherheitsrisiko
by
in SecurityNews
Tags: access, ai, api, apple, authentication, best-practice, cisco, cloud, cyber, cyberattack, dark-web, hacker, mail, malware, mfa, microsoft, password, phishing, ransomware, risk, service, tool, vpn, vulnerabilityKriminelle bevorzugen Phishing als Erstzugriffsmethode und nutzen legale Tools für unauffällige Angriffe auf sensible Systeme, wie eine aktuelle Studie herausfand.Der Missbrauch legitimer privilegierter Zugänge (legitimate privileged access) nimmt zu . Wie der Cisco Talos’ Jahresrückblick 2024 herausfand, nutzten Angreifer immer öfter gestohlene Identitäten für ihre Attacken, darunter auch Ransomware-Erpressungen. Dafür missbrauchen die HackerAnmeldedaten,Tokens,API-Schlüssel undZertifikate.Angriffe dieser…
-
Unbefugter Zugriff bei einer Rechtsanwaltskammer in Texas, USA
by
in SecurityNewsTexas State Bar warns of data breach after INC ransomware claims attack First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/texas-state-bar-warns-of-data-breach-after-inc-ransomware-claims-attack/
-
Cyberangriff auf eine Nahverkehrsgesellschaft in der Schweiz
by
in SecurityNewsVerkehrsbetriebe Baden-Wettingen mit Ransomware attackiert First seen on inside-it.ch Jump to article: www.inside-it.ch/verkehrsbetriebe-baden-wettingen-mit-ransomware-attackiert-20250403
-
For healthcare orgs, DR means making sure docs can save lives during ransomware infections
by
in SecurityNewsOrganizational, technological resilience combined defeat the disease that is cybercrime First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/disaster_recovery_healthcare/
-
Hunters International shifts from ransomware to pure data extortion
by
in SecurityNewsThe Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunters-international-rebrands-as-world-leaks-in-shift-to-data-extortion/
-
CISA warns of Fast Flux DNS evasion used by cybercrime gangs
by
in SecurityNewsCISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-fast-flux-dns-evasion-used-by-cybercrime-gangs/
-
US, Australia, Canada warn of ‘fast flux’ scheme used by ransomware gangs
by
in SecurityNewsRansomware gangs and Russian government hackers are increasingly turning to an old tactic called “fast flux” to hide the location of infrastructure used in cyberattacks. First seen on therecord.media Jump to article: therecord.media/us-australia-canada-warn-of-fast-flux-ransomware-rusia
-
Texas State Bar warns of data breach after INC ransomware claims attack
by
in SecurityNewsThe State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/texas-state-bar-warns-of-data-breach-after-inc-ransomware-claims-attack/
-
Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems
by
in SecurityNewsHunters International, a ransomware group suspected to be a rebrand of the infamous Hive ransomware, has been linked to widespread attacks targeting Windows, Linux, FreeBSD, SunOS, and ESXi systems. Emerging in October 2023, the group has gained notoriety for its sophisticated techniques in data exfiltration and extortion. Cybersecurity researchers have noted similarities between Hunters International’s…
-
Qilin Operators Imitate ScreenConnect Login Page to Deploy Ransomware and Gain Admin Access
by
in SecurityNews
Tags: access, attack, cyber, cyberattack, exploit, group, login, monitoring, msp, phishing, ransomware, service, sophos, threatIn a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a Managed Service Provider (MSP) by mimicking the login page of ScreenConnect, a popular Remote Monitoring and Management (RMM) tool. The attack, which occurred in January 2025, highlights the growing sophistication of phishing campaigns targeting MSPs to exploit downstream customers. Sophos’…
-
Texas State Bar warns of data breach after INC ransomware claims attack
by
in SecurityNewsThe State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/texas-state-bar-warns-of-data-breach-after-inc-ransomware-claims-attack/
-
Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems
by
in SecurityNewsHunters International, a ransomware group suspected to be a rebrand of the infamous Hive ransomware, has been linked to widespread attacks targeting Windows, Linux, FreeBSD, SunOS, and ESXi systems. Emerging in October 2023, the group has gained notoriety for its sophisticated techniques in data exfiltration and extortion. Cybersecurity researchers have noted similarities between Hunters International’s…
-
Qilin Operators Imitate ScreenConnect Login Page to Deploy Ransomware and Gain Admin Access
by
in SecurityNews
Tags: access, attack, cyber, cyberattack, exploit, group, login, monitoring, msp, phishing, ransomware, service, sophos, threatIn a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a Managed Service Provider (MSP) by mimicking the login page of ScreenConnect, a popular Remote Monitoring and Management (RMM) tool. The attack, which occurred in January 2025, highlights the growing sophistication of phishing campaigns targeting MSPs to exploit downstream customers. Sophos’…
-
HellCat ransomware: what you need to know
by
in SecurityNews
Tags: ransomwareHellCat – the ransomware gang that has been known to demand payment… in baguettes! First seen on tripwire.com Jump to article: www.tripwire.com/state-of-security/hellcat-ransomware-what-you-need-know
-
Neun von zehn Gesundheitseinrichtungen sind höchst gefährdet
by
in SecurityNews89 Prozent der Einrichtungen des Gesundheitswesens weisen Internet of Medical Things (IoMT)-Geräte in ihren Netzwerken auf, die zum gefährdetsten Prozent gehören. Diese verfügen über bereits bekannte ausgenutzte Schwachstellen (Known Exploited Vulnerability, KEV), die zudem von Ransomware-Gruppen genutzt werden, sowie über unsichere Verbindungen zum Internet. Dies ist eins der Ergebnisse des neuen Reports ‘State of CPS…
-
EvilCorp and RansomHub Collaborate to Launch Worldwide Attacks on Organizations
by
in SecurityNewsEvilCorp, a sanctioned Russia-based cybercriminal enterprise, has been observed collaborating with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This partnership has heightened the threat landscape, as both entities leverage advanced tools and techniques to target organizations across the globe. EvilCorp: A History of Cybercrime EvilCorp, led by Maksim Yakubets, has long been notorious…
-
Hunters International Ransomware Gang Rebranding, Shifting Focus
by
in SecurityNewsThe notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion. The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hunters-international-ransomware-gang-rebranding-shifting-focus/
-
Sensitive Data Breached in Highline Schools Ransomware Incident
by
in SecurityNewsHighline Public Schools revealed that sensitive personal, financial and medical data was accessed by ransomware attackers during the September 2024 incident First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sensitive-data-highline-ransomware/