Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor knowledge leak and negotiation websites, rumored to be attributable to a legislation enforcement motion.
The FBI revealed this week that they hacked the BlackCat/ALPHV ransomware operation, which raked in $300 million from over 1,000 victims. Whereas quietly surveilling the ransomware gang, legislation enforcement retrieved decryption and Tor non-public keys.
Regulation enforcement says that they have been capable of assist decrypt 400 victims without cost utilizing the retrieved decryptors and used the Tor non-public keys to grab the URLs for the gang’s knowledge leak web site and negotiation websites.
Supply: BleepingComputer.com
Nonetheless, because the risk actors and the FBI have the identical keys, there was a continuing tug of warfare as they each “reseize” the URL.
Some have seen this fixed change in possession of the URL as a failed operation by legislation enforcement. Nonetheless, retrieving 400 decryption keys and certain extra knowledge from the hacked servers has considerably tarnished the ransomware operation’s repute.
BleepingComputer has discovered that this has brought about some associates to contact victims immediately through e mail, as they’ve misplaced belief within the ransomware gang’s potential to safe the servers. Others are mentioned to have moved to competing ransomware operations, akin to LockBit.
Now, LockBitSupp (the operator of LockBit) and the BlackCat operator have mentioned making a “cartel,” to affix forces in opposition to legislation enforcement.
Supply: 3xp0rt
Earlier “ransomware cartels” allegedly created by Maze did not achieve serving to the ransomware operation, as Ukrainian police arrested gang members after they rebranded as Egregor.
We additionally discovered this week about new ransomware assaults or details about previous ones, together with:
Contributors and those that supplied new ransomware info and tales this week embody: @malwrhunterteam, @BleepinComputer, @demonslay335, @Seifreed, @billtoulas, @Ionut_Ilascu, @fwosar, @serghei, @LawrenceAbrams, @BrettCallow, @PRODAFT, @AShukuhi, @uuallan, @SophosXOps, @pcrisk, @3xp0rtblog, @oct0xor, @MorganDemboski, and @juanbrodersen.
December 18th 2023
Mortgage large Mr. Cooper knowledge breach impacts 14.7 million individuals
Mr. Cooper is sending knowledge breach notifications warning {that a} latest cyberattack has uncovered the info of 14.7 million clients who’ve, or beforehand had, mortgages with the corporate.
FBI: Play ransomware breached 300 victims, together with important orgs
The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, a few of them important infrastructure entities.
Vans and North Face proprietor VF Corp hit by ransomware assault
American international attire and footwear large VF Company, the proprietor of manufacturers like Supreme, Vans, Timberland, and The North Face, has disclosed a safety incident that brought about operational disruptions
The UBA suffered a ransomware cyber assault: lecturers and college students can’t entry the methods
The College of Buenos Aires (UBA) suffered a ransomware cyberattack , a kind of trojan horse that encrypts the sufferer’s recordsdata, makes them inaccessible and calls for a ransom cash in trade. Since Thursday, servers in a part of the academic establishment have been compromised and this prevents lecturers and college students from managing grades, enrolling in summer season programs and extra.
December nineteenth 2023
FBI disrupts Blackcat ransomware operation, creates decryption device
The Division of Justice introduced as we speak that the FBI efficiently breached the ALPHV ransomware operation’s servers to observe their actions and acquire decryption keys.
How the FBI seized BlackCat (ALPHV) ransomware’s servers
An unsealed FBI search warrant revealed how legislation enforcement hijacked the ALPHV/BlackCat ransomware operations web sites and seized the related URLs.
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims
The ALPHV/BlackCat ransomware gang has revamped $300 million in ransom funds from greater than 1,000 victims worldwide as of September 2023, based on the Federal Bureau of Investigation (FBI).
Smoke and Mirrors: Understanding The Workings of Wazawaka
This analysis offers a complete evaluation of Wazawaka’s background, affiliations, and techniques within the risk panorama related along with his actions. It contains details about Wazawaka’s group and his shut relations with different risk actors.
December twentieth 2023
Healthcare software program supplier knowledge breach impacts 2.7 million
ESO Options, a supplier of software program merchandise for healthcare organizations and hearth departments, disclosed that knowledge belonging to 2.7 million sufferers has been compromised on account of a ransomware assault.
Pretend F5 BIG-IP zero-day warning emails push knowledge wipers
The Israel Nationwide Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day safety updates that deploy Home windows and Linux knowledge wipers.
New BO Group ransomware
PCrisk discovered a brand new ransomware that appends the .bot extension and drops a ransom observe named How To Restore Your Recordsdata.txt.
December twenty first 2023
Akira, once more: The ransomware that retains on taking
Following our preliminary report on Akira ransomware, Sophos has responded to over a dozen incidents involving Akira impacting numerous sectors and areas. In accordance with our dataset, Akira has primarily focused organizations positioned in Europe, North America, and Australia, and working within the authorities, manufacturing, expertise, schooling, consulting, prescription drugs, and telecommunication sectors.
Home windows CLFS and 5 exploits utilized by ransomware operators
Seeing a Win32k driver zero-day being utilized in assaults isn’t actually stunning today, because the design points with that element are well-known and have been exploited time and time once more. However we had by no means seen so many CLFS driver exploits being utilized in energetic assaults earlier than, after which out of the blue there are such a lot of of them captured in only one yr.
New Phobos ransomware variant
PCrisk discovered a brand new ransomware that appends a novel extension and drops ransom notes named data.txt and data.hta.
New Tprc ransomware
PCrisk discovered a brand new ransomware that appends the .tprc extension and drops a ransom observe named !RESTORE!.txt.
December twenty second 2023
Nissan Australia cyberattack claimed by Akira ransomware gang
Japanese automobile maker Nissan is investigating a cyberattack that focused its methods in Australia and New Zealand, which can have let hackers entry private info.
That is it for this week! Hope everybody has a pleasant weekend!
