Wizard Spider – WindowsTechs.com

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Posted on February 9, 2023 by BrianKrebs

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “Trickbot,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Continue reading U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group→

Group behind Emotet botnet malware testing new methods to get around Microsoft security

Posted on April 26, 2022 by AJ Vicens

Recent changes to Microsoft automation capabilities may be forcing cybercrime operators to adapt.

The post Group behind Emotet botnet malware testing new methods to get around Microsoft security appeared first on CyberScoop.

Continue reading Group behind Emotet botnet malware testing new methods to get around Microsoft security→

Russian cybercrime continues as government-backed attacks on companies dwindle, CrowdStrike says

Posted on September 8, 2021 by Tim Starks

The Russian approach to hacking shifted considerably over the past year, with state-sponsored attacks on commercial organizations dropping off even as the local cybercrime scene dominated the field, CrowdStrike said in a report Wednesday. From July 2020 to June of this year, Russian state-backed hacking outfits accounted for only a tiny sliver of nation-sponsored attacks aimed at commercial enterprises detected by the cyber firm’s threat hunting service, at 1% compared to China’s 69%. (The figure represents the findings from only one threat intelligence firm, and does not account for hacking campaigns that CrowdStrike might have missed.) Meanwhile, the suspected Russia-based hacking group that CrowdStrike calls Wizard Spider, and that has used the Ryuk ransomware since 2018, was responsible for double the number of detected attempted intrusions of any other cybercrime gang over the same period. While CrowdStrike didn’t have comparison figures on the percentages of state-sponsored attacks on commercial organizations […]

The post Russian cybercrime continues as government-backed attacks on companies dwindle, CrowdStrike says appeared first on CyberScoop.

Continue reading Russian cybercrime continues as government-backed attacks on companies dwindle, CrowdStrike says→

Ransomware Gang Frees Irish Medical Data—but Leak Threat Remains

Posted on May 24, 2021 by Richi Jennings

Ireland’s Health Service Executive suffered a catastrophic ransomware attack last week. But now the gang seems to have had a change of heart.
The post Ransomware Gang Frees Irish Medical Data—but Leak Threat Remains appeared first on Security Boulevar… Continue reading Ransomware Gang Frees Irish Medical Data—but Leak Threat Remains→

What sites is Trickbot targeting?

Posted on March 5, 2020 by Gary Warner, UAB

Its been a while since we decoded Trickbot configs to see what banks and organizations were being actively targeted. While recently most of the news about Trickbot has been how it drops the Ryuk Ransomware, and that is certainly important, we can… Continue reading What sites is Trickbot targeting?→

Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs

Posted on November 4, 2019 by Tara Seals

Wake-on-LAN and ARP pinging have expanded Ryuk’s reach into corporate LANs — and its operators’ monetization abilities. Continue reading Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs→

Ryuk ransomware shows Russian criminal group is going big or going home

Posted on January 10, 2019 by Sean Lyngaas

A criminal hacking group suspected of operating out of Russia has shifted tactics in recent months from wire fraud to targeting big organizations for ransomware payouts, according to new research. The change in tactics is exemplified by the infamous Ryuk ransomware, which cybersecurity company CrowdStrike said Thursday is being used by a subset of the Russian group to rake in $3.7 million since August. The trend in extorting bigger organizations “has been increasing in the last year and poses a significant challenge to enterprises and businesses,” Adam Meyers, vice president of intelligence at CrowdStrike, told CyberScoop. “We have observed numerous adversaries adopting this tactic and charging substantial fees to unlock data across the entire network.” Ryuk has surfaced in a number of cyber incidents in recent months. A North Carolina water utility said it was hit by the ransomware in October. Last month, Ryuk was reportedly used in an attack […]

The post Ryuk ransomware shows Russian criminal group is going big or going home appeared first on CyberScoop.

Continue reading Ryuk ransomware shows Russian criminal group is going big or going home→