Security News

Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang, as the group's affiliates remains a global scourge, costing US victims alone more than $91 million since 2020. The crew has been linked to Russia, and in May Uncle Sam sanctioned a Russian national, Mikhail Pavlovich Matveev, accused of using LockBit and other ransomware to extort a law enforcement agency and nonprofit healthcare organization in New Jersey, as well as the Metropolitan Police Department in Washington DC, among "Numerous" other victim organizations in the US and globally.

A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side - by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself. Ashley Liles, of Letchworth Garden City, Hertfordshire, pleaded guilty at Reading Crown Court to blackmail and unauthorized access to a computer with intent to commit other offences on May 17 following an investigation by the South East Regional Organised Crime Unit.

Dish Network, an American television provider, most likely paid a ransom after being hit by a ransomware attack in February based on the wording used in data breach notification letters sent to impacted employees. Ransomware gangs only delete data or provide a decryption key after a ransom is paid, meaning that is highly unlikely that Dish could receive confirmation that the stolen data was deleted without paying.

Ransomware affiliates associated with the Qilin ransomware-as-a-service scheme earn anywhere between 80% to 85% of the ransom payments, according to new findings from Group-IB. The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details about the affiliates' payment structure and the inner workings of the RaaS program following a private conversation with a Qilin recruiter who goes by the online alias Haise. "Many Qilin ransomware attacks are customized for each victim to maximize their impact," the Singapore-headquartered company said in a new report.

A new ransomware gang named 'Money Message' has appeared, targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor. While investigating, BleepingComputer has seen evidence of a potential Money Message breach on a well-known computer hardware vendor.

Crown Resorts, Australia's largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability. This data breach was conducted by the Clop ransomware gang, which has shifted over the past year from encrypting files to performing data extortion attacks.

Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company's IT systems."We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment," Ferrari says in breach notification letters sent to customers.

In brief The notorious LockBit ransomware gang has taken credit for an attack on the Royal Mail - but a deadline it gave for payment has come and gone with nothing exposed to the web except the group's claims. LockBit even published a page bragging of an attack against fintech firm ION without directly acknowledging the Royal Mail attack earlier this week - though that's now changed, according to Reuters.

Riot Games says it will not pay the ransom demanded by the attackers responsible for the security breach the company disclosed last week. "While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there's no guarantee it will ever be released," Riot Games said.

The threat actors behind Cuba ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, the agencies highlighted a "Sharp increase in both the number of compromised U.S. entities and the ransom amounts."