May 17, 2023

New MalasLocker ransomware demands charity donation after targeting Zimbra servers

This week, a new ransomware operation, dubbed MalasLocker by BleepingComputer, has been observed which is targeting Zimbra servers to steal emails and encrypt files since the end of March 2023. Although instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking. “Unlike traditional ransomware groups, we’re […]
May 17, 2023

FBI releases joint advisory against the BianLian ransomware gang

On Tuesday 16th of May 2023, the United States Federal Bureau of Investigation (FBI) released a joint TLP:CLEAR cybersecurity advisory warning organisations of the latest tactics, techniques, and procedures (TTPs) used by the BianLian ransomware group. The advisory highlighted that BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organisations in multiple U.S. critical infrastructure sectors […]
May 17, 2023

ScanSource warns of delays following ransomware attack

On Tuesday 16th of May 2023, a US-based technology provider ScanSource disclosed that they had suffered a ransomware attack that has impacted some of its systems, business operations, and customer portals. The impact has been significant, as it is expected to cause delays in the provision of services to customers in North America and Brazil. ScanSource has stated in a press […]
May 15, 2023

Cisco Talos reveals RA Group ransomware targeting USA and South Korean organisations

On Monday 15th of May 2023, Cisco Talos revealed a new ransomware group named ‘RA Group’ that is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea. The blog post covering the group revealed that their operation started in April 2023, when they launched a data leak site on the dark web on Sunday […]
May 12, 2023

FBI releases joint advisory warning of Bl00dy ransomware targets education organisation in PaperCut attacks

On Thursday 11th of May 2023, the United States Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint TLP:CLEAR cybersecurity advisory warning organisation that the Bl00dy Ransomware gang is now actively exploiting a PaperCut remote-code execution vulnerability (CVE-2023-27350) to gain initial access to networks. The advisory revealed that the Bl00dy Ransomware Gang attempted […]
May 7, 2023

Kroll reveals new Cactus ransomware that encrypts itself to evade antivirus

On Wednesday 10th of May 2023, Kroll revealed a new ransomware strain named ‘Cactus’ which has been exploiting vulnerabilities in VPN appliances for initial access to networks of large commercial entities since March 2023. The publication covering the strain revealed that the unique feature of the strain is its self-encryption capability. to make it difficult for antivirus software to detect […]
May 5, 2023

Ransomware attack against Constellation Software claimed by ALPHV ransomware gang

On the 4th of May 2023, Constellation Software confirmed that some of its systems were breached by threat actors who also stole personal information and business data. However, they added that the incident did not impact the independent IT systems of Constellation Software’s operating groups and businesses. Constellation Software has stated that it had contained the incident and has now […]
May 4, 2023

Avos ransomware gang hijacks university alert system to issue threats

On Sunday 30th of April 2023, Bluefield University disclosed that the university had suffered a cyberattack that impacted the IT systems, causing all examinations to be postponed. However, at that time it had claimed that its investigation had found no evidence of any cases of financial fraud or identity theft linked to the incident. Although on Monday 1st of May […]
May 3, 2023

Cl0p ransomware attack impacts 783k Brightline patients

This week, Brightline, a pediatric mental health provider released a data notice warning patients that it suffered a data breach impacting 783,606 people following a cyberattack by the Cl0p ransomware gang. It is believed that the ransomware gang used a zero-day vulnerability (CVE-2023-0669) in its Fortra GoAnywhere MFT secure file-sharing platform to steal the data from 130 organisations including Brightline. […]