June 29, 2022

Ex-Canadian government employee linked to NetWalker Ransomware crew pleads guilty to U.S. ransomware charges

On Tuesday 28th of June 2022, 34-year-old Sebastien Vachon-Desjardins pleaded guilty in a US court to conspiring to commit computer and wire fraud, intentionally damaged a protected computer, and transmitted a demand in relation to damaging a protected computer. The former Canadian government employee has been described as “one of the most prolific NetWalker Ransomware affiliates” responsible for extorting said millions […]
June 28, 2022

Black Basta ransomware gang are on track to become a highly dangerous group after hitting 50 organisations in just two months

Two recent reports by cyber security researchers have revealed that the new ransomware group known as Black Basta have claimed to have successfully attacked 50 victims in just two months while also revealing that the new group has links to veteran gangs like REvil and Conti. “The Black Basta gang has added nearly 50 victims to their list as of […]
June 28, 2022

Research reveals that Chinese APT are using short-lived ransomware variants as a disguise for cyberespionage activities

On the 23rd of June 2022, cybersecurity researchers from Secureworks published new research which named several ransomware variants which have been identified as being used by a state-backed hacking group with China-linked origins known as ‘Bronze Starlight’ to disguise the true objective of their attacks that is for conducting cyberespionage activities. The research looked into HUI Loader, which is a […]
June 7, 2022

Mandiant confirms no evidence of an attack from the LockBit ransomware group

On Monday 6th of June, the LockBit ransomware gang published a new page on their data leak website that named Mandiant, a major American cybersecurity firm as the victim where they claimed to have stolen 356,841 files from Mandiant. On further investigation of the new page, there is a 0-byte file named ‘mandiantyellowpress.com.7z’ displayed on the page which appears to […]
June 6, 2022

The municipality of Palermo suffers major disruptions due to a ransomware attack

On Friday 3rd of June, the municipality of Palermo in Southern Italy suffered a cyberattack which resulted in a wide range of operations and services used by both citizens and visiting tourists being impacted. The systems have remained offline for the past three days even though local IT experts have been trying to restore the systems. According to multiple local […]
June 2, 2022

Evil Corp attempts to evade sanctions by switching to LockBit ransomware

On Thursday 2nd of June 2020, Mandiant revealed that the Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets’ networks to evade sanctions imposed by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). The cybercrime group has been active since 2007 and was originally known for using the Dridex malware but in more recent […]
June 2, 2022

Victim’s website hacked to display ransom note in a new extortion strategy

A new extortion strategy which is being used by the Industrial Spy has been identified where they gain access to their victim’s corporate websites to publicly display ransom notes. The first incident of this new strategy was seen on Thursday 2nd of June 2020, when Industrial Spy started to sell data, which they claim was stolen from the French company, […]
June 2, 2022

Foxconn confirms disruptions to production in Mexico as a result of a ransomware attack

Recently, the electronics manufacturer, Foxconn has confirmed that one of its production plants in Tijuana, Mexico has been impacted by a ransomware attack in late May. The plant is considered a key plant for Foxconn as it acts as a critical supply hub for the U.S. state of California which is a significant electronics consumer. A Foxconn spokesperson also revealed […]
May 9, 2022

National emergency declared by Costa Rica after Conti ransomware attacks

On Sunday 8th of May 2022, President Rodrigo Chaves, the newly elected Costa Rican President declared a national emergency where he cited ongoing Conti ransomware attacks as the reason for the emergency. The Conti ransomware group originally started their ransomware attacks against government institutions of Costa Rican last month.   In response to these attacks, on the 19th of April, Costa […]