Security News

LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator's license.

The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019. "These actors have shifted away from using exclusive ransomware variants to LockBit - a well-known ransomware as a service - in their operations, likely to hinder attribution efforts in order to evade sanctions," threat intelligence firm Mandiant noted in an analysis last week.

American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data. The ransomware group published a new page on its data leak website earlier today, saying that the 356,841 files they allegedly stole from Mandiant will be leaked online.

Evil Corp has shifted tactics once again, this time pivoting to LockBit ransomware after U.S. sanctions have made it difficult for the cybercriminal group to reap financial gain from its activity, researchers have found. The U.S. Treasury Department's Office of Foreign Assets Control sanctioned Evil Corp in December 2019 in a widespread crackdown on the dangerous and prolific cybercriminal group best known for spreading the aforementioned info-stealing Dridex malware and later its own WastedLocker ransomware.

The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control. Active since 2007, Evil Corp is known for pushing the Dridex malware and later switching to the ransomware "Business."

Attackers unleash LockBit ransomware on US government computers. One attack highlighted in the report found that ransomware groups spend at least five months combing through a regional U.S. government agency's files and system before deploying a LockBit attack onto the affected computer.

A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found. According to researchers at cybersecurity company Sophos, the actor accessed the network through open remote desktop ports on a misconfigured firewall and then used Chrome to download the tools needed in the attack.

Atento, a provider of customer relationship management services, has published its 2021 financial performance results, which show a massive impact of $42.1 million due to a ransomware attack the firm suffered in October last year. More specifically, the disruption caused by the cyberattack affected the company's Brazil-based operations, resulting in a revenue loss of $34.8 million and an additional $7.3 million in costs related to mitigating the impact of the incident.

LockBit beats REvil and Ryuk in Splunk's ransomware encryption speed test. Splunk researchers put 10 ransomware variants to a speed test to help network defenders improve their security strategies.

The vendor's research team Surge today published research on how long it takes 10 of the big ransomware families including Lockbit, Conti, and REvil to encrypt 100,000 files. While the criminal gangs' speeds varied, Surge found the median ransomware variant can encrypt nearly 100,000 files totaling 53.93GB in 42 minutes and 52 seconds.