November 15, 2021

Cyber security research groups observe signs of Emotet malware returning and rebuilding its botnet via TrickBot

On Monday 15th of November 2021, Emotet research groups Cryptolaemus, GData, and Advanced Intel started to observe the TrickBot malware dropping a loader for Emotet on infected devices. The Emotet malware was considered the most widely spread malware in the past although at the start of the year, it was taken down by an international law enforcement action coordinated by Europol […]
November 2, 2021

FBI warn ransomware gangs are targeting companies during time-sensitive financial events

On Monday 1st of November 2021, the United States Federal Bureau of Investigation (FBI) released a TLP: WHITE private industry notification where they warned that threat actors from ransomware gangs are starting to target companies that involved in significant, time-sensitive financial events like corporate mergers and acquisitions in the hope that these events will encourage these target companies to pay […]
November 1, 2021

Canadian province of Newfoundland and Labrador healthcare providers hit by possible ransomware attack

On Saturday 30th of October 2021, healthcare providers and hospitals from the Canadian province of Newfoundland and Labrador experienced a possible ransomware attack. The attack led to the regional health systems having to shut down their networks and thousands of medical appointments were cancelled because of the outage. It has been confirmed that the outage is a result of a […]
October 21, 2021

Carbanak hacking group enters ransomware space by creating a fake cybersecurity company

On Thursday 21st of October 2021, researchers at Gemini Advisory released a blog detailing evidence that FIN7 (aka ‘Carbanak’) hacking group has set up a fake cybersecurity company known as Bastion Security which was being used to hire pentesters and system administrators to conduct pre-encryption stages of ransomware attacks. Researchers discovered Bastion Security website was made up of stolen and […]
October 19, 2021

Free BlackByte ransomware decryptor released after AES encryption key was reused

On Thursday 15th of October 2021, a free decryptor for the BlackByte ransomware and a SpiderLabs blog detailing the process of decrypting the ransomware was released to the public to allow past victims to recover their files for free. Researchers had found that the ransomware was downloading an image file called ‘forest.png’ from a remote malicious site under the control […]
October 18, 2021

Attacks on ten Israeli hospitals attributed to Chinese threat actors

On the 17th of October 2021, the Ministry of Health and the National Cyber Directorate in Israel released a joint announcement details a spike in ransomware attacks over the weekend of the 16th that has seen by targeting systems of nine health institutes in Israel. The Israeli government have stated that the attempts had resulted in no damage to the […]
October 8, 2021

American media conglomerate, Cox Media Group disclose ransomware attack.

On Friday 8th of October 2021, Cox Media Group, an American media conglomerate disclosed that they experienced a ransomware attack that led to TV and radio broadcast streams to be taken down in June of 2021. The attack disclosed to the public via mail that was sent to over 800 individuals who have had their personal information exposed during the […]
October 2, 2021

Sandhills Global experience disrupt to operations, caused by Conti ransomware attack

On Thursday 30th of September 2021, Sandhills Global, a US-based trade publication and hosting company catering to the transportation, agriculture, aircraft, heavy machinery, and technology industries, was hit by a Conti Ransomware attack that caused Sandhills Global to shut down all their IT systems to prevent the spread of the ransomware attack. “Sandhills Global is currently responding to a ransomware […]
September 24, 2021

Disruptions to major European call center provider- Covisian after Conti Ransomware attack

On Saturday 18th of September 2021, GSS, the Spanish and Latin America division of Covisian was hit by a ransomware attack by the Conti ransomware gang. The attack led to them having to shut down a large portion of their IT systems and led to disruptions to call centers across its Spanish-speaking client base. Some of the impacted clients included […]