July 12, 2022

Threat actors impersonate cybersecurity firms in callback phishing campaigns

In a recent report by CrowdStrike, they reveal a callback phishing campaign where threat actors are impersonating well-known cybersecurity companies, such as CrowdStrike to gain initial access to corporate networks. The report stated that this campaign will likely lead to ransomware attacks, as previously seen with past callback phishing campaigns. Callback phishing campaigns involve the impersonation of well-known organisations requesting […]
July 11, 2022

Ransomware groups now implement search functionalities

Last week, the ALPHV ransomware group, also known as the BlackCat ransomware group announced they had implemented a searchable database that consists of leaked data from their victims who didn’t pay. The group clarified that they have indexed all the possible searchable results which allow for people to search by filename or by content available in documents and images. Currently, […]
July 7, 2022

Emsisoft releases free AstraLocker and Yashma ransomware decryptor

On Thursday 7th of July 2022, Emsisoft, a New Zealand-based cybersecurity firm announced that they had released a free decryption tool for AstraLocker and Yashma ransomware which is available for download from Emsisoft’s servers. The decryption tool is based on AstraLocker’s Babuk-based decryptor and Yashma’s Chaos-based decryptor. Emsisoft has warned the victims of these ransomware variants to quarantine the malware […]
July 6, 2022

“Professional malware attack” impacts the network of IT services giant SHI

On Wednesday 6th of July 2022, SHI International, one of North America’s largest IT solutions providers, confirmed that they had experienced “a coordinated and professional malware attack” which impacted their network over the weekend of the Fourth of July holiday. “Thanks to the quick reactions of the security and IT teams at SHI, the incident was swiftly identified and measures […]
July 6, 2022

FBI releases advisory warning of the use of the Maui ransomware by North Korean state-sponsored threat actors to target the Healthcare and Public Health Sector

On Wednesday 6th of July 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE joint advisory which revealed the Maui ransomware has been used by North Korean state-sponsored threat actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organisations. The goals of these ransomware attacks are to encrypt servers that are […]
July 6, 2022

The University of Maastricht recovers ransom payment from the 2019 ransomware attack

On Saturday 2nd of July 2022, the University of Maastricht announced they had managed to successfully recover a ransom they had paid from a ransomware attack against the university that occurred on December 23, 2019. The ransom demand was 30 Bitcoins which at the time was worth about 197,000 euros ($218,000). But in April this year, the Dutch public prosecution […]
July 4, 2022

AstraLocker ransomware announces shutdown and releases decryptors

This week, the threat actor behind the lesser-known AstraLocker ransomware has reported telling the technology news outlet, BleepingComputer that they are shutting down the operation and plan to switch to cryptojacking. As well as shutting down the operation, the developer also submitted a ZIP archive which contained AstraLocker decryptors to the VirusTotal malware analysis platform. The decryptors have been confirmed […]
June 30, 2022

Macmillan Publishers’s systems were forced offline by a possible ransomware attack

On Monday 25th of June, the book publisher, Macmillan disclosed they had experienced a cyber-attack which has been believed to be a ransomware attack by experts as the publisher had initially stated that a portion of the company’s files had been encrypted and that they had taken protection measures by taking their systems offline to prevent further compromise. Employees of […]
June 29, 2022

Walmart denies claims of successful attack conducted by Yanluowang ransomware group

On Monday 27th of June 2020, the new Yanluowang ransomware operation claimed in a published entry to their data leak site that they had breached, the American retailer, Walmart and encrypted between 40,000 and 50,000 devices. Additionally, various files were uploaded with the entry which allegedly contains information extracted from Walmart’s Windows domain during the attack. “We encrypted about 40-50k Walmart […]