Security News

LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion. The notorious ransomware gang boasted it exfiltrated 76GB from the state agency, which apparently included databases, confidential information, financial and IT documents, and, oddly enough, "Sexual proceedings in court." LockBit has promised to publish "All available data" on December 24, presumably unless the California state government pays a ransom, although no information has been released about any monetary demand.

The Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang. California Governor's Office of Emergency Services has confirmed that the Department of Finance has been affected by a cyber incident but did not provide too many details.

In Brief A suspected member of the notorious international LockBit ransomware mob has been arrested - and could spend several years behind bars if convicted. "This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world," said Deputy Attorney General Lisa Monaco.

Other reports have linked the Black Basta ransomware to FIN7, warned that Venus ransomware is targeting healthcare, linked the Russian Sandworm hackers with Ukrainian ransomware attacks, and detailed how a threat actor is distributing LockBit through the Amdey botnet. LockBit ransomware claims attack on Continental automotive giant.

The U.S. Department of Justice has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world.Also found were a text file with instructions to deploy LockBit ransomware, the malware's source code, and a website that's believed to be the control panel operated by the group to administer the ransomware.

Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide. "One of the world's most prolific ransomware operators has been arrested on 26 October in Ontario, Canada," Europol said today.

A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices. The Amadey Bot malware is an old strain capable of performing system reconnaissance, data exfiltration, and payload loading.

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. The document contains a malicious VBA macro that, when enabled by the victim, runs a PowerShell command to download and run Amadey.

The LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive group Continental.Since LockBit says that it will publish "All available" data, this indicates that Continental is yet to negotiate with the ransomware operation or it has already refused to comply with the demands.

Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them. Pendragon owns CarStore, Evans Halshaw, and Stratstone luxury car retailer, that sell brands cars for all budgets, from Jaguar, Porsche, Ferrari, Mercedes-Benz, BMW, Land Rover, or Aston Martin, to Renault, Ford, Hyundai, Nissan, Peugeot, Vauxhall, Citroen, DS, Dacia, and DAF. Pendragon did not provide many details about the security incident and limited the information to saying that there is no impact on operations.