March 7, 2022

FBI releases flash alert against RagnarLocker ransomware

On Monday 7th of March 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE flash alert revealed that RagnarLocker ransomware gang has breached the networks of at least 52 organizations across 10 critical infrastructure sectors. These affected sectors include “entities in the critical manufacturing, energy, financial services, government, and information technology sectors”. This flash alert was […]
March 3, 2022

Avast releases free HermeticRansom ransomware decryptor based on weakness in crypto schema

On Thursday 3rd of March 2022, Avast, a Czech cybersecurity software firm announced that they had released a free decryption tool for HermeticRansom ransomware which has been observed being used in targeted attacks against Ukrainian systems. Avast first observed the ransomware strain on the 24th of February 2022 as it was found accompanying the data wiper HermeticWiper. Based on analysis […]
March 1, 2022

Toyota shuts down all plants in Japan after cyber-attack on major

On Monday 28th of February 2022, Toyota, the world’s bestselling carmaker had to halt their operations at all their plants in Japan due to one of their suppliers, Kojima Industries Corporation experiencing a system failure which is believed to be due to a cyber-attack. It is believed that the closure will result in a set back of about 13,000 cars. […]
February 27, 2022

U.S. Marshals Service reveal data theft following a ransomware attack

On Monday 27th of February 2023, the U.S. Marshals Service (USMS), a bureau within the U.S. Justice Department, revealed that they experienced a ransomware attack and had discovered data exfiltration of a stand-alone system on Friday, 17th of February 2023. The USMS has stated they are investigating the theft of sensitive law enforcement information following the ransomware attack and that […]
February 25, 2022

TrickBot developers move to stealthier malware after TrickBot malware operation shuts down

On Thursday 24th of February 2022, the TrickBot malware operation is believed to have shut down after it was reported that their core developers have move to the Conti ransomware gang to focus development on the other malware families which Conti has in their operations. TrickBot has been a key Windows malware which has been part of the threat landscape […]
February 25, 2022

Cyber threat groups pick sides over Russia’s invasion of Ukraine

The week of the 21st of February 2022 has seen threat actor groups announce their support in relation to Russia’s invasion of Ukraine. The one of the first announcements were from an administrator of Raidforums which is one of the largest clearnet hacking forums who announced that the forum was blocking all Russia IPs and therefore block any users connecting […]
February 21, 2022

Expeditors forced to shut own global operations after possible ransomware attack

On Sunday 20th of February 2022, Expeditors, a Seattle-based logistics and freight forwarding company announced they had experienced a cyber-attack which resulted in Expeditors having to shut down most of their operation worldwide. This has led to limitations to their freight, customs and distribution activities which could led to their client’s shipments being delayed. Due to the significant impact of […]
February 21, 2022

Data breach announced by US’s Largest cookware giant Meyer

On Tuesday 15th of February 2022, Meyer Corporation, the largest cookware distributor in the United States of America informed US Attorney General offices of a data breach because of a cyber-attack against the corporation back in October 2021. It is believed that the corporation became a target for a cyber-attack on October 25, 2021, and therefore in response, they launched […]
February 14, 2022

FBI releases joint Advisory with U.S. Secret Service against BlackByte ransomware

On Friday 11th of February 2022, the US Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory with the U.S. Secret Service (USSS) about indicators of compromise associated with BlackByte ransomware. The joint advisory alert details indicators of compromise (IOCs) from previous BlackByte ransomware attack which organisations can use to detect and defend against future BlackByte’s attacks. The joint […]