Security News
Two men have pleaded guilty to hacking into a federal law enforcement database to steal personal information of those they were extorting. The two men, Sagar Steven Singh and Nicholas Ceraolo are members of a hacking group called "ViLE," which accessed the sensitive personal information from the portal and then used it to blackmail the victims, threatening to publish the sensitive data unless they were paid.
Ransomware remains one of the most pressing cybersecurity threats in 2024, with attackers continually evolving their methods to maximize impact and evade detection. In this Help Net Security round-up, we present excerpts from previously recorded videos featuring cybersecurity experts discussing ransomware-related topics such as payment practices, the recent surge in ransomware attacks, and more.
According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government bodies for help with the attack. 59% of those organizations that did engage with law enforcement found the process easy or somewhat easy.
Despite significant disruptions for high-profile ransomware gangs LockBit and BlackCat, Q1 2024 became the most active first quarter ever recorded - a 21% increase over Q1 2023, according to Corvus Insurance. In January, Corvus reported that global ransomware attacks in 2023 set a record high, surpassing 2022 by close to 70%. The Q1 Ransomware Report shows that 2024 is picking up right where 2023 left off.
While the results of law enforcement action against ransomware-as-a-service operators Alphv/BlackCat and LockBit are yet to be fully realized, the August 2023 disruption of the Qakbot botnet has had one notable effect: ransomware affiliates have switched to vulnerability exploitation as the primary method of delivering the malware. The researchers pointed out other current trends related to ransomware attacks: the attackers' use of vulnerable drivers, legitimate remote desktop tools, custom data exfiltration tools, and abuse of built-in Windows utilities to steal credentials.
LockBit ransomware could be deployed through compromised website links, phishing, credential theft or other methods. Must-read security coverage LockBit website shut down.
The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its...
LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said....
On Monday afternoon, LockBit's leak site has been taken over by a coalition of law enforcement agencies and is showing a seizure notice that promises more details today, at 11:30 GMT. "This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," the notice says. "We can confirm that Lockbit's services have been disrupted as a result of International Law Enforcement action - this is an ongoing and developing operation."
An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of...