Collaborate Disseminate
The suspected Conti ransomware group spinoff employs a variety of attack methods, the notice warns.
The post U.S. cybersecurity officials issue notice on Karakurt extortion group appeared first on CyberScoop.
Continue reading U.S. cybersecurity officials issue notice on Karakurt extortion group
The claim comes after Conti doubled its extortion demand to $20 million and called for the overthrow of the government.
The post Costa Rican president claims collaborators are aiding Conti’s ransomware extortion efforts appeared first on CyberScoop.
The targeted systems are just two of dozens of the group’s attacks in the last year.
The post Ransomware group strikes second U.S. health care system in the last two months appeared first on CyberScoop.
Continue reading Ransomware group strikes second U.S. health care system in the last two months
Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name “Ryuk.” Continue reading Conti’s Ransomware Toll on the Healthcare Industry
The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked. Continue reading Conti Ransom Gang Starts Selling Access to Victims
It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years.
Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere.
Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members — such as which types of victims aren’t allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network. Continue reading Ransomware Gangs and the Name Game Distraction
Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.
Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse. Continue reading The Life Cycle of a Breached Database
Kaseya, the company at the center of a ransomware outbreak that claimed perhaps thousands of victims, said on Monday that it didn’t pay off the attackers to obtain the decryption tool it announced last week. The Florida IT firm, breached just before the July 4 holiday, did not elaborate on how it obtained the working decryption key, beyond its statement that a “trusted third party” provided it. “While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment,” the company said in a website update. “As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom — either directly or indirectly through a third party — to obtain the decryptor.” Kaseya said it was teaming with the security firm […]
The post Kaseya says it didn’t pay ransomware gang for decryption key after hacks affected hundreds appeared first on CyberScoop.
There’s finally some good news for the MSPs and their customers that have been hit by the REvil ransomware gang via compromised Kaseya VSA software: a universal decryptor has made it available to affected organizations. “We can confirm that… Continue reading Kaseya obtains universal REvil decryptor
Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective. Continue reading Don’t Wanna Pay Ransom Gangs? Test Your Backups.