Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor information leak and negotiation websites, rumored to be attributable to a legislation enforcement motion.
The FBI revealed this week that they hacked the BlackCat/ALPHV ransomware operation, which raked in $300 million from over 1,000 victims. Whereas quietly surveilling the ransomware gang, legislation enforcement retrieved decryption and Tor non-public keys.
Regulation enforcement says that they had been capable of assist decrypt 400 victims totally free utilizing the retrieved decryptors and used the Tor non-public keys to grab the URLs for the gang’s information leak website and negotiation websites.
Nevertheless, because the menace actors and the FBI have the identical keys, there was a relentless tug of conflict as they each “reseize” the URL.
Some have seen this fixed change in possession of the URL as a failed operation by legislation enforcement. Nevertheless, retrieving 400 decryption keys and sure extra information from the hacked servers has considerably tarnished the ransomware operation’s repute.
BleepingComputer has realized that this has triggered some associates to contact victims instantly by way of e-mail, as they’ve misplaced belief within the ransomware gang’s potential to safe the servers. Others are mentioned to have moved to competing ransomware operations, similar to LockBit.
Now, LockBitSupp (the operator of LockBit) and the BlackCat operator have mentioned making a “cartel,” to hitch forces in opposition to legislation enforcement.
Earlier “ransomware cartels” allegedly created by Maze did not reach serving to the ransomware operation, as Ukrainian police arrested gang members after they rebranded as Egregor.
We additionally realized this week about new ransomware assaults or details about previous ones, together with:
Contributors and those that supplied new ransomware info and tales this week embrace: @malwrhunterteam, @BleepinComputer, @demonslay335, @Seifreed, @billtoulas, @Ionut_Ilascu, @fwosar, @serghei, @LawrenceAbrams, @BrettCallow, @PRODAFT, @AShukuhi, @uuallan, @SophosXOps, @pcrisk, @3xp0rtblog, @oct0xor, @MorganDemboski, and @juanbrodersen.
December 18th 2023
Mortgage big Mr. Cooper information breach impacts 14.7 million folks
Mr. Cooper is sending information breach notifications warning {that a} current cyberattack has uncovered the information of 14.7 million prospects who’ve, or beforehand had, mortgages with the corporate.
FBI: Play ransomware breached 300 victims, together with important orgs
The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, a few of them important infrastructure entities.
Vans and North Face proprietor VF Corp hit by ransomware assault
American world attire and footwear big VF Company, the proprietor of manufacturers like Supreme, Vans, Timberland, and The North Face, has disclosed a safety incident that triggered operational disruptions
The UBA suffered a ransomware cyber assault: lecturers and college students can not entry the methods
The College of Buenos Aires (UBA) suffered a ransomware cyberattack , a sort of bug that encrypts the sufferer’s recordsdata, makes them inaccessible and calls for a ransom cash in alternate. Since Thursday, servers in a part of the academic establishment have been compromised and this prevents lecturers and college students from managing grades, enrolling in summer season programs and extra.
December nineteenth 2023
FBI disrupts Blackcat ransomware operation, creates decryption software
The Division of Justice introduced at present that the FBI efficiently breached the ALPHV ransomware operation’s servers to observe their actions and procure decryption keys.
How the FBI seized BlackCat (ALPHV) ransomware’s servers
An unsealed FBI search warrant revealed how legislation enforcement hijacked the ALPHV/BlackCat ransomware operations web sites and seized the related URLs.
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims
The ALPHV/BlackCat ransomware gang has remodeled $300 million in ransom funds from greater than 1,000 victims worldwide as of September 2023, in line with the Federal Bureau of Investigation (FBI).
Smoke and Mirrors: Understanding The Workings of Wazawaka
This analysis supplies a complete evaluation of Wazawaka’s background, affiliations, and ways within the menace panorama related together with his actions. It consists of details about Wazawaka’s crew and his shut relations with different menace actors.
December twentieth 2023
Healthcare software program supplier information breach impacts 2.7 million
ESO Options, a supplier of software program merchandise for healthcare organizations and fireplace departments, disclosed that information belonging to 2.7 million sufferers has been compromised on account of a ransomware assault.
Faux F5 BIG-IP zero-day warning emails push information wipers
The Israel Nationwide Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day safety updates that deploy Home windows and Linux information wipers.
New BO Staff ransomware
PCrisk discovered a brand new ransomware that appends the .bot extension and drops a ransom be aware named How To Restore Your Recordsdata.txt.
December twenty first 2023
Akira, once more: The ransomware that retains on taking
Following our preliminary report on Akira ransomware, Sophos has responded to over a dozen incidents involving Akira impacting numerous sectors and areas. In response to our dataset, Akira has primarily focused organizations positioned in Europe, North America, and Australia, and working within the authorities, manufacturing, expertise, schooling, consulting, prescription drugs, and telecommunication sectors.
Home windows CLFS and 5 exploits utilized by ransomware operators
Seeing a Win32k driver zero-day being utilized in assaults isn’t actually shocking today, because the design points with that part are well-known and have been exploited time and time once more. However we had by no means seen so many CLFS driver exploits being utilized in energetic assaults earlier than, after which all of a sudden there are such a lot of of them captured in only one yr.
New Phobos ransomware variant
PCrisk discovered a brand new ransomware that appends a novel extension and drops ransom notes named information.txt and information.hta.
New Tprc ransomware
PCrisk discovered a brand new ransomware that appends the .tprc extension and drops a ransom be aware named !RESTORE!.txt.
December twenty second 2023
Nissan Australia cyberattack claimed by Akira ransomware gang
Japanese automotive maker Nissan is investigating a cyberattack that focused its methods in Australia and New Zealand, which can have let hackers entry private info.