Emsisoft – WindowsTechs.com

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

Posted on March 6, 2024 by BrianKrebs

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV”) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data that Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears to have prompted BlackCat to cease operations entirely. Continue reading BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare→

Fulton County, Security Experts Call LockBit’s Bluff

Posted on February 29, 2024 by BrianKrebs

The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. Instead, LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming county officials had paid. But county officials said they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely bluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. and U.K. law enforcement. Continue reading Fulton County, Security Experts Call LockBit’s Bluff→

Most dual ransomware attacks occur within 48 hours

Posted on October 2, 2023 by Helga Labus

Since July 2023, the Federal Bureau of Investigation (FBI) has noticed a new trend: dual ransomware attacks on the same victim, occurring in close proximity of one another. Dual ransomware attacks Dual ransomware attacks are when against the same victi… Continue reading Most dual ransomware attacks occur within 48 hours→

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

Posted on September 26, 2023 by Helga Labus

The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The victim organizations are overwhelmingly based in the US. “The most heavily … Continue reading Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations→

Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap

Posted on September 8, 2023 by Ionut Arghire

Emsisoft urges its users to update anti-malware and other security products after signing them with an improperly issued digital certificate.
The post Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap appeared first on S… Continue reading Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap→

Has the MOVEit hack paid off for Cl0p?

Posted on July 24, 2023 by Zeljka Zorz

The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research. The cyber extortion group has lately sw… Continue reading Has the MOVEit hack paid off for Cl0p?→

New Ransom Payment Schemes Target Executives, Telemedicine

Posted on December 8, 2022 by BrianKrebs

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading. Continue reading New Ransom Payment Schemes Target Executives, Telemedicine→

Ransomware gang publishes stolen victim data on the public Internet

Posted on June 15, 2022 by Zeljka Zorz

The Alphv (aka BlackCat) ransomware group is trying out a new tactic to push companies to pay for their post-breach silence: a clearnet (public Internet) website with sensitive data about the employees and customers stolen from a victim organization. A… Continue reading Ransomware gang publishes stolen victim data on the public Internet→

Ransomware Group Debuts Searchable Victim Data

Posted on June 14, 2022 by BrianKrebs

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form. Continue reading Ransomware Group Debuts Searchable Victim Data→

LockBit 2.0 gang claims Mandiant as latest victim; Mandiant sees no evidence of it

Posted on June 6, 2022 by AJ Vicens

Mandiant said Monday it has no “evidence to support” the ransomware group’s claims, but will monitor the situation.

The post LockBit 2.0 gang claims Mandiant as latest victim; Mandiant sees no evidence of it appeared first on CyberScoop.

Continue reading LockBit 2.0 gang claims Mandiant as latest victim; Mandiant sees no evidence of it→