Security News

BlackCat ransomware turns off servers amid claim they stole $22 million ransom
2024-03-04 17:44

The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. Today, BleepingComputer confirmed the ransomware operations negotiation sites are now shut down as well, indicating a further deliberate take down of the ransomware gang's infrastructure.

LockBit's contested claim of fresh ransom payment suggests it's been well hobbled
2024-03-04 03:15

Infosec in brief The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. LockBit quickly set up a new website and updated it with a list of forthcoming victim ransom deadlines - one of which included data allegedly stolen from Fulton County, Georgia.

EquiLend back in the saddle as ransom payment rumors swirl
2024-02-06 15:45

Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago. Providing regular updates via a dedicated web page, EquiLend almost completed its full restoration last week, waiting only for its data and analytics solutions to get back up and running.

Paying ransoms is becoming a cost of doing business for many
2024-02-06 04:00

Today's pervasive cyberattacks are forcing the majority of companies to pay ransoms and break their 'do not pay' policies, with data recovery deficiencies compounding the problem, according to Cohesity. All respondents said they need over 24 hours to recover data and restore business processes, and just 7% said their company could recover data and restore business processes within 1-3 days.

BTC-e server admin indicted for laundering ransom payments, stolen crypto
2024-02-02 15:33

Aliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation. The U.S. DoJ alleged back then that the platform was used to launder funds stolen during the hack of Japanese crypto exchange platform Mt. Gox, as well as ransom payments for the Locky, Cerber, NotPetya, WannaCry, and Spora ransomware operations.

UK water giant admits attackers broke into system as gang holds it to ransom
2024-01-23 11:48

Southern Water provides water services to 2.5 million customers and wastewater services to 4.7 million customers in the southern regions of the England. Some documents leaked online are branded with Greensands logos - the parent company of Southern Water.

Freight giant Estes refuses to deliver ransom, says personal data opened and stolen
2024-01-03 21:30

One of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals may have stolen their personal information. "As you may be aware, on October 1, 2023, Estes discovered that an unauthorized threat actor had gained access to a portion of the Company's IT network and deployed ransomware," it said in a letter mailed to 21,184 people [PDF].

Kansas courts confirm data theft, ransom demand after cyberattack
2023-11-22 19:40

The Kansas Judicial Branch has published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems. In mid-October 2023, the Kansas courts authority disclosed a "Security incident" that impacted the availability of multiple systems, including the eFiling system attorney's use for document submission, electronic payment systems, and the case management systems used by district and appellate courts.

Impatient LockBit says it's leaked 50GB of stolen Boeing files after ransom fails to land
2023-11-10 20:21

The LockBit crew is claiming to have leaked all of the data it stole from Boeing late last month, after the passenger jet giant apparently refused to pay the ransom demand. Neither data dump has been verified by The Register, and Boeing declined to answer specific questions about the incident or the stolen files.

QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks
2023-10-05 13:18

Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of...