Security News

March 4th 2024 BlackCat ransomware turns off servers amid claim they stole $22 million ransom. March 5th 2024 BlackCat ransomware shuts down in exit scam, blames the "Feds".

It is only a matter of time before we see the ransomware operation rebrand under a new name to repeat this cycle. The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.

Change Healthcare has taken the first steps toward a full recovery from the ransomware attack in February by bringing its electronic prescription services back online. The first step towards a full restoration of systems will be welcome news to the US healthcare system after thousands of hospitals and pharmacies reported severe disruptions following the attack in late February.

The Swiss government had around 65,000 files related to it stolen by the Play ransomware gang during an attack on an IT supplier, its National Cyber Security Center says. A total of 1.3 million files were stolen during the incident at software biz Xplain in May 2023, meaning 5 percent of the entire trove related to the Swiss Federal Administration - a collection of seven federal agencies that alongside the Federal Council comprise the main government departments.

The National Cyber Security Centre of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. The Swiss government started investigating the leaked files and instantly admitted that the leaked data might contain documents belonging to the Federal Administration of Switzerland.

A criminal claiming to be an ALPHV/BlackCat affiliate - the gang responsible for the widely disruptive Change Healthcare ransomware infection last month - may have ties to Chinese government-backed cybercrime syndicates. "Some of our HUMINT sources with direct contact to Notchy says it's high probability that Notchy is associated with China Nation-State groups," Menlo's threat intel team said in a report Wednesday.

Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains' TeamCity that in some cases are leading to ransomware deployment. Christiaan Beek, senior director of threat analytics at Rapid7, noted on AttackerKB that both TeamCity vulnerabilities were spotted being exploited in the wild.

Belgian beer brewer Duvel says a ransomware attack has brought its facility to a standstill while its IT team works to remediate the damage. Duvel Moortgat not only brings Duvel to shop shelves, restaurants, and bars alike, but also other popular tipples such as La Chouffe, Vedett, Firestone Walker, and more.

In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts are forming the threat landscape in 2024 and beyond. X-Force observed shifts toward credential-driven attacks with a 71% increase in attacks caused by using valid accounts.

"Cybercriminals continue to adjust their tactics, and the FBI has observed emerging ransomware trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate," according to the IC3 report. Crooks had no qualms about infecting critical infrastructure organizations with ransomware.