June 7, 2022

Mandiant confirms no evidence of an attack from the LockBit ransomware group

On Monday 6th of June, the LockBit ransomware gang published a new page on their data leak website that named Mandiant, a major American cybersecurity firm as the victim where they claimed to have stolen 356,841 files from Mandiant. On further investigation of the new page, there is a 0-byte file named ‘mandiantyellowpress.com.7z’ displayed on the page which appears to […]
May 6, 2022

AGCO, US agricultural machinery maker announces they suffered a ransomware attack

On Thursday 5th of May 2022, AGCO, one of the leading US-based agricultural machinery producers suffered a ransomware attack which resulted in some of their production facilities being impacted. This incident was announced on Friday 6th of May 2022 in a press release where AGCO stated that their business operations will be affected for several days whilst they repair their […]
April 18, 2022

Kaspersky add new support to their free RannohDecryptor utility which allows for the decryption of files encrypted by the Yanluowang ransomware strain

On Monday 18th of April 2022, Kaspersky, a Russian cybersecurity firm announced that they had found a vulnerability in Yanluowang ransomware’s encryption algorithm, which makes it possible to recover files it encrypts. Kaspersky has stated they’ve added support for decrypting files locked by the Yanluowang ransomware strain to their free RannohDecryptor utility.  Yanluowang ransomware strain has been observed to encrypt […]
March 14, 2022

Recent Google threat report exposes access broker linked to Conti and Diavol ransomware operations

This week, Google’s Threat Analysis Group has exposed the operations of EXOTIC LILY threat group who are believed to be an initial access broker linked to the Conti and Diavol ransomware operations. They were first spotted when they were exploiting a zero-day vulnerability in Microsoft MSHTML and then based on further investigations, it was determined that they were using large-scale […]
March 11, 2022

Bridgestone Americas confirms ransomware attack by LockBit ransomware gang

On Friday 11th of March 2022, the LockBit ransomware gang announced they had attacked Bridgestone which is the one of the largest manufacturers of tires in the world. Bridgestone had stated back on Sunday 27th of February that they were investigating a potential cyber-attack incident which has been detected in the morning of the 27th of February. But no details […]
March 1, 2022

Toyota shuts down all plants in Japan after cyber-attack on major

On Monday 28th of February 2022, Toyota, the world’s bestselling carmaker had to halt their operations at all their plants in Japan due to one of their suppliers, Kojima Industries Corporation experiencing a system failure which is believed to be due to a cyber-attack. It is believed that the closure will result in a set back of about 13,000 cars. […]
December 17, 2021

Hellmann Worldwide warns clients of possible phishing campaigns after ransomware attack

On Thursday 9th of December 2021, Hellmann Worldwide, an international logistics that handles 16 million shipments per year has disclosed that they experienced a ransomware attack which resulted in Hellmann Worldwide being forced to shut down their systems to contain the spread of the ransomware. Hellmann Worldwide has confirmed that during the forensic investigation that they have conducted, they have discovered evidence […]
October 17, 2021

REvil ransomware group’s Tor sites shut down after being hijacked

On the 17th of October 2021, the Tor sites of REvil ransomware gang went offline after an unknown person hijacked the Tor onion domains with the same private keys as REvil’s Tor sites and may have backups of the sites. One of the threat actors “0_neday”, affiliated with the REvil operation has confirmed that someone has hijack the ransomware gang’s […]
July 12, 2021

Coop supermarket – 500 stores closed due to Ransomware attack

On the 2nd of July 2021, approximately 500 Coop Supermarket in Sweden had to shut down due to their point-of-sale tills and self-service checkouts had stopped working. This is a result of the Kaseya supply chain attack by the REvil ransomware group as Coop’s cash registers are run by Visma Esscom, which manages servers for several Swedish businesses and in […]