Collaborate Disseminate
If your organization gets hit by a ransomware gang that has also managed to steal company data before hitting the “encrypt” button, which types of data are more likely to end up being disclosed as you debate internally on whether you should… Continue reading Which stolen data are ransomware gangs most likely to disclose?
The Alphv (aka BlackCat) ransomware group is trying out a new tactic to push companies to pay for their post-breach silence: a clearnet (public Internet) website with sensitive data about the employees and customers stolen from a victim organization. A… Continue reading Ransomware gang publishes stolen victim data on the public Internet
Zscaler released the findings of its annual ThreatLabz Ransomware Report, which revealed an 80 percent increase in ransomware attacks year-over-year. In 2022, the most prevalent ransomware trends include double-extortion, supply chain attacks, ransomwa… Continue reading Ransomware attacks setting new records
Karakurt Team attacks are hitting indiscriminate targets in North America and Europe with data theft, requesting a ransom to delete stolen data. Learn more about their methods and how to protect from it.
The post Karakurt Team hits North America and Eu… Continue reading Karakurt Team hits North America and Europe with data theft and extortion
A new cybercrime outfit that calls itself RansomHouse is attempting to carve out a niche of the cyber extortion market for itself by hitting organizations, stealing their data, and offering to delete it and provide a full report on how and what vulnera… Continue reading RansomHouse: Bug bounty hunters gone rogue?
Cybercriminals often specialize. An extortion effort usually begins with a person or a team selecting targets in one of two ways: either they get a request from an extortionist or they just find their own victim to sell access to. Attackers pick victim… Continue reading Taking the right approach to data extortion
Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data.
Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.
But in certain circumstances – such as a case involving imminent harm or death – an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents…
Continue reading Hackers Using Fake Police Data Requests against Tech Companies
Even after the arrests, the group has released more stolen data.
The post Two alleged Lapsus$ teens appear in London court appeared first on CyberScoop.
Continue reading Two alleged Lapsus$ teens appear in London court
International IT and software development firm Globant has confirmed that an increasingly-notorious cybercrime gang breached its network and stole intellectual property and passwords.
Read more in my article on the Hot for Security blog. Continue reading LAPSUS$ hacks Globant. 70GB of data leaked from IT firm
The FBI is calling on members of the public to help it uncover members of an increasingly-notorious cybercrime gang. Continue reading FBI adds LAPSUS$ data extortion gang to its “Most Wanted” list