Security News > 2024 > March > The Week in Ransomware - March 8th 2024 - Waiting for the DarkSide rebrand
It is only a matter of time before we see the ransomware operation rebrand under a new name to repeat this cycle.
The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.
Talos observed the GhostSec and Stormous ransomware groups operating together to conduct several double extortion attacks using the GhostLocker and StormousX ransomware programs against the victims in Cuba, Argentina, Poland, China, Lebanon, Israel, Uzbekistan, India, South Africa, Brazil, Morocco, Qatar, Turkiye, Egypt, Vietnam, Thailand and Indonesia according to our assessment of the disclosure messages posted by the group in their Telegram channels and Stormous ransomware data leak site.
Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system.
GhostSec's joint ransomware operation and evolution of their arsenal New Makop ransomware variant.
Trans-Northern Pipelines investigating ALPHV ransomware attack claims.