Accellion FTA attacks, extortion attempts might be the work of FIN11

Mandiant/FireEye researchers have tentatively linked the Accellion FTA zero-day attacks to FIN11, a cybercrime group leveraging CLOP ransomware to extort targeted organizations. Accellion has also confirmed on Monday that “out of approximately 30… Continue reading Accellion FTA attacks, extortion attempts might be the work of FIN11

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

Vastaamo, the Finnish psychotherapy practice that covered up a horrific data breach which resulted in patients receiving blackmail threats, has declared itself bankrupt.

Read more in my article on the Hot for Security blog. Continue reading After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

Meet Babuk, a ransomware attacker blamed for the Serco breach

It began with a laughable offer. Someone calling themselves “biba99” on a popular criminal forum claimed on Jan. 5 to provide “non-malicious” software to help organizations identify “security issues.” The author struggled to explain, in halting English, “why we are not … criminals” while assuring readers that the group would not hack hospitals or schools. A month later, the attacker behind what appeared to be a bumbling forum post is reportedly claiming responsibility for a ransomware attack on the multibillion-dollar outsourcing firm Serco. The ransomware gang, dubbed Babuk after the strain of code it uses, is a case study in how quickly crooks can learn the basics of digital extortion — and how that breeds ambition for big corporate scalps. It shows how even relatively unsophisticated criminals can bedevil major corporations. After claiming to only target companies that earn less than $4 million, the Babuk attacker went after Serco, Sky News […]

The post Meet Babuk, a ransomware attacker blamed for the Serco breach appeared first on CyberScoop.

Continue reading Meet Babuk, a ransomware attacker blamed for the Serco breach

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames. Continue reading Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

PART I: Retrospective 2020: DDoS Was Back — Bigger and Badder Than Ever Before

Never before has the risk of a distributed denial-of-service (DDoS) attack been higher. In 2020, we saw record-breaking attacks, a DDoS extortion campaign impacting thousands of organizations globally, more emergency customer turnups, and more Akamai customers attacked than any year on record — and we’ve been successfully fighting DDoS attacks since 2003! We also saw a big increase in attacks targeting verticals that haven’t seen as much activity of late, with 7 of 11 of the industries we track seeing peak attack counts in 2020. Continue reading PART I: Retrospective 2020: DDoS Was Back — Bigger and Badder Than Ever Before

On the Evolution of Ransomware

Good article on the evolution of ransomware:

Though some researchers say that the scale and severity of ransomware attacks crossed a bright line in 2020, others describe this year as simply the next step in a gradual and, unfortunately, predictable devolution. After years spent honing their techniques, attackers are growing bolder. They’ve begun to incorporate other types of extortion like blackmail into their arsenals, by exfiltrating an organization’s data and then threatening to release it if the victim doesn’t pay an additional fee. Most significantly, ransomware attackers have transitioned from a model in which they hit lots of individuals and accumulated many small ransom payments to one where they carefully plan attacks against a …

Continue reading On the Evolution of Ransomware

Finnish Data Theft and Extortion

The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they started extorting money from the patients:

Neither the company nor Finnish investigators have released many details about the nature of the breach, but reports say the attackers initially sought a payment of about 450,000 euros to protect about 40,000 patient records. The company reportedly did not pay up. Given the scale of the attack and the sensitive nature of the stolen data, the case has become a national story in Finland. Globally, attacks on health care organizations have escalated as cybercriminals look for higher-value targets…

Continue reading Finnish Data Theft and Extortion

Pandemic, A Driving Force in 2021 Financial Crime

Ransomware gangs with zero-days and more players overall will characterize financially motivated cyberattacks next year. Continue reading Pandemic, A Driving Force in 2021 Financial Crime

Pay2Key Ransomware Joins the Threat Landscape

As we approach the end of a year that has been trying for so many reasons, yet another ransomware has been seen in the wild targeting corporations—in particular, Israeli companies. A report published by Check Point Software tells of the new ransomware… Continue reading Pay2Key Ransomware Joins the Threat Landscape

Don’t Let DDoS Extortionists Deliver a KO Punch

Since mid-August, a variety of threat actors (and copycats alike) have been targeting organizations across all industries globally, threatening impending DDoS attacks unless Bitcoin is paid out. It’s apparent, as the campaign rages on, that some busine… Continue reading Don’t Let DDoS Extortionists Deliver a KO Punch