Security News

A cyberattack on Royal Mail, UK's largest mail delivery service, has been linked to the LockBit ransomware operation. "Royal Mail is experiencing severe service disruption to our international export services following a cyber incident," disclosed Royal Mail in a service update.

Notorious ransomware gang LockBit "Formally apologized" for an extortion attack against Canada's largest children's hospital that the criminals blamed on a now-blocked affiliate group, and said it published a free decryptor for the victim to recover the files. "The partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program," LockBit reportedly said on its leak site.

U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information. Wabtec is a U.S.-based public company producing state-of-the-art locomotives and rail systems.

LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion. The notorious ransomware gang boasted it exfiltrated 76GB from the state agency, which apparently included databases, confidential information, financial and IT documents, and, oddly enough, "Sexual proceedings in court." LockBit has promised to publish "All available data" on December 24, presumably unless the California state government pays a ransom, although no information has been released about any monetary demand.

The Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang. California Governor's Office of Emergency Services has confirmed that the Department of Finance has been affected by a cyber incident but did not provide too many details.

In Brief A suspected member of the notorious international LockBit ransomware mob has been arrested - and could spend several years behind bars if convicted. "This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world," said Deputy Attorney General Lisa Monaco.

Other reports have linked the Black Basta ransomware to FIN7, warned that Venus ransomware is targeting healthcare, linked the Russian Sandworm hackers with Ukrainian ransomware attacks, and detailed how a threat actor is distributing LockBit through the Amdey botnet. LockBit ransomware claims attack on Continental automotive giant.

The U.S. Department of Justice has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world.Also found were a text file with instructions to deploy LockBit ransomware, the malware's source code, and a website that's believed to be the control panel operated by the group to administer the ransomware.

Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide. "One of the world's most prolific ransomware operators has been arrested on 26 October in Ontario, Canada," Europol said today.

A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices. The Amadey Bot malware is an old strain capable of performing system reconnaissance, data exfiltration, and payload loading.