Russian Pleads Guilty to Role in Developing TrickBot Malware

Russian national Vladimir Dunaev pleaded guilty to involvement in the development and use of the TrickBot malware that caused tens of millions of dollars in losses.
The post Russian Pleads Guilty to Role in Developing TrickBot Malware appeared first on… Continue reading Russian Pleads Guilty to Role in Developing TrickBot Malware

Conti’s Ransomware Toll on the Healthcare Industry

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name “Ryuk.” Continue reading Conti’s Ransomware Toll on the Healthcare Industry

Notorious hacking group FIN7 adds ransomware to its repertoire

Ransomware strains such as Maze, Ryuk and BlackCat have increasingly been part of FIN7’s playbook in recent years, Mandiant says.

The post Notorious hacking group FIN7 adds ransomware to its repertoire appeared first on CyberScoop.

Continue reading Notorious hacking group FIN7 adds ransomware to its repertoire

Conti Ransomware Group Diaries, Part II: The Office

Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves. Continue reading Conti Ransomware Group Diaries, Part II: The Office

International effort takes down VPN service, VPNLab, used for criminal activity

A virtual private network service used for malware distribution, ransomware operations and other cybercrime activities was taken offline Monday as law enforcement officials from nearly a dozen countries jointly seized its website and customer data. Multiple investigations into the distribution of malware and other illicit activities alerted authorities to VPNLab.net, according to the European law enforcement agency Europol, which announced the takedown Tuesday. Authorities “seized or disrupted 15 servers” that hosted the site’s infrastructure, the agency said. “This service provided a platform for the anonymous commission of high value cybercrime cases, and was involved in several major international cyberattacks,” a message posted to the site’s home page reads. “Law enforcement has now gained access to the vpnlab.net servers and seized the customer data stored within. The investigation regarding customer data of this network will continue.” Led by German police, the operation included the Netherlands, Canada, the Czech Republic, France, Hungary, […]

The post International effort takes down VPN service, VPNLab, used for criminal activity appeared first on CyberScoop.

Continue reading International effort takes down VPN service, VPNLab, used for criminal activity

Inside Ireland’s Public Healthcare Ransomware Scare

The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousand of outdated Windows 7 systems, and that the health system’s IT administrators failed to respond to multiple warning signs that a massive attack was imminent. Continue reading Inside Ireland’s Public Healthcare Ransomware Scare

Conti Ransom Gang Starts Selling Access to Victims

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked. Continue reading Conti Ransom Gang Starts Selling Access to Victims

Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets

A Russian-speaking ransomware gang in recent months has aggressively targeted North American organizations with more than $300 million in revenue, with a ruthless focus on the health care sector amid the COVID-19 pandemic, according to new findings. The threat intelligence firm Mandiant published details Thursday about a group it calls FIN12, a gang that moves quickly and uses an array of established hacking tools to infiltrate its targets. Over the past year, hackers have kept investigators busy, accounting for 20% of the ransomware incidents that Mandiant has responded to, with the next highest attackers at 5%, according to Kimberly Goody, the company’s director of cyber crime analysis. “They have a significantly higher cadence of attacks from our perspective,” she said. “We also see that, unlike other threat actors, this group has also aggressively pursued victims in critical sectors like health care, even during the pandemic, which had resulted in several actors saying that […]

The post Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets appeared first on CyberScoop.

Continue reading Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets

What Will Take Emotet’s Place?

Emotet’s seven-year reign of terror will come to an end Sunday, April 25, 2021 – at least in theory, when law enforcement completes a scheduled mass uninstallation of its infrastructure. A ‘scheduled uninstallation.’ Talk about going… Continue reading What Will Take Emotet’s Place?

Black Kingdom Ransomware Jumps on the Exchange Express

When Microsoft announced that it discovered a state-sponsored threat group, Hafnium, was exploiting four separate zero-day vulnerabilities, the InfoSec community was already looking into their crystal ball to predict when other groups and cybercrimina… Continue reading Black Kingdom Ransomware Jumps on the Exchange Express