Security News

Threat actors are promoting a new 'Exfiltrator-22' post-exploitation framework designed to spread ransomware in corporate networks while evading detection. Threat analysts at CYFIRMA claim that this new framework was created by former Lockbit 3.0 affiliates who are experts in anti-analysis and defense evasion, offering a robust solution in exchange for a subscription fee.

In brief The notorious LockBit ransomware gang has taken credit for an attack on the Royal Mail - but a deadline it gave for payment has come and gone with nothing exposed to the web except the group's claims. LockBit even published a page bragging of an attack against fintech firm ION without directly acknowledging the Royal Mail attack earlier this week - though that's now changed, according to Reuters.

The LockBit ransomware operation has claimed the cyberattack on UK's leading mail delivery service Royal Mail that forced the company to halt its international shipping services due to "Severe service disruption." This comes after LockBitSupport, the ransomware gang public-facing representative, previously told BleepingComputer that the LockBit cybercrime group did not attack Royal Mail.

UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the software provider doesn't pay up. According to a statement posted on ION Market's website, its ION Cleared Derivatives division "Experienced a cybersecurity event" on January 31.

The LockBit ransomware gang has again started using encryptors based on other operations, this time switching to one based on the leaked source code for the Conti ransomware. This week, cybersecurity collective VX-Underground first reported that the ransomware gang is now using a new encryptor named 'LockBit Green,' based on the leaked source code of the now-disbanded Conti gang.

The LockBit ransomware operation has again taken center stage in the ransomware news, as we learned yesterday they were behind the attack on Royal Mail. Yesterday, we learned that this disruption was caused by a LockBit ransomware attack that encrypted the computers used to print customs dockets required for international shipping.

A cyberattack on Royal Mail, UK's largest mail delivery service, has been linked to the LockBit ransomware operation. "Royal Mail is experiencing severe service disruption to our international export services following a cyber incident," disclosed Royal Mail in a service update.

Notorious ransomware gang LockBit "Formally apologized" for an extortion attack against Canada's largest children's hospital that the criminals blamed on a now-blocked affiliate group, and said it published a free decryptor for the victim to recover the files. "The partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program," LockBit reportedly said on its leak site.

U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information. Wabtec is a U.S.-based public company producing state-of-the-art locomotives and rail systems.

LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion. The notorious ransomware gang boasted it exfiltrated 76GB from the state agency, which apparently included databases, confidential information, financial and IT documents, and, oddly enough, "Sexual proceedings in court." LockBit has promised to publish "All available data" on December 24, presumably unless the California state government pays a ransom, although no information has been released about any monetary demand.