Security News

LockBit ransomware blames Entrust for DDoS attacks on leak sites
2022-08-22 14:39

The LockBit ransomware operation's data leak sites have been shut down over the weekend due to a DDoS attack telling them to remove Entrust's allegedly stolen data. Soon after they started leaking data, researchers began reporting that the ransomware gang's Tor data leak sites were unavailable due to a DDoS attack.

LockBit claims ransomware attack on security giant Entrust, leaks data
2022-08-18 23:06

This post was originally published on August 18th. The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. Today, security researcher Dominic Alvieri told BleepingComputer that LockBit had created a dedicated data leak page for Entrust on their website, stating that they would publish all of the stolen data tomorrow evening.

LockBit claims ransomware attack on security giant Entrust
2022-08-18 23:06

The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. Last month, BleepingComputer broke the story that Entrust suffered a ransomware attack on June 18th, 2022.

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload
2022-08-02 08:07

A threat actor associated with the LockBit 3.0 ransomware-as-a-service operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. "Once initial access had been achieved, the threat actors performed a series of enumeration commands and attempted to run multiple post-exploitation tools, including Meterpreter, PowerShell Empire, and a new way to side-load Cobalt Strike," researchers Julio Dantas, James Haughom, and Julien Reisdorffer said.

LockBit ransomware abuses Windows Defender to load Cobalt Strike
2022-07-29 14:29

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software. Security solutions have become better at detecting Cobalt Strike beacons, causing threat actors to look for innovative ways to deploy the toolkit.

LockBit operator abuses Windows Defender to load Cobalt Strike
2022-07-29 14:29

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software. Security solutions have become better at detecting Cobalt Strike beacons, causing threat actors to look for innovative ways to deploy the toolkit.

Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware
2022-07-26 16:16

Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what's the very first ransomware bug bounty program, alongside Zcash as a cryptocurrency payment option.

LockBit claims ransomware attack on Italian tax agency
2022-07-26 11:17

Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service. LockBit claims they stole 100 GB of data that will be leaked online if the Italian tax agency doesn't pay a ransom demand until August 1st. The Italian revenue agency shared an official statement on its website regarding "The alleged theft of data from the tax information system," saying that it requested more info from Sogei SpA, a Ministry of Economy and Finance public company that manages the financial administration's technological infrastructure.

LockBit ransomware gang claims it ransacked Italy’s tax agency
2022-07-26 07:30

The LockBit ransomware crew is claiming to have stolen 78GB of data from Italy's tax agency and is threatening to leak it if a ransom isn't paid by July 31.If information was stolen, the tax agency would only be the latest in an expanding list of victims of LockBit.

Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets
2022-07-09 01:28

LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. LockBit, which operates on a ransomware-as-a-service model like most groups, was first observed in September 2019 and has since emerged as the most dominant ransomware strain this year, surpassing other well-known groups like Conti, Hive, and BlackCat.