July 11, 2022

Ransomware groups now implement search functionalities

Last week, the ALPHV ransomware group, also known as the BlackCat ransomware group announced they had implemented a searchable database that consists of leaked data from their victims who didn’t pay. The group clarified that they have indexed all the possible searchable results which allow for people to search by filename or by content available in documents and images. Currently, […]
July 7, 2022

Emsisoft releases free AstraLocker and Yashma ransomware decryptor

On Thursday 7th of July 2022, Emsisoft, a New Zealand-based cybersecurity firm announced that they had released a free decryption tool for AstraLocker and Yashma ransomware which is available for download from Emsisoft’s servers. The decryption tool is based on AstraLocker’s Babuk-based decryptor and Yashma’s Chaos-based decryptor. Emsisoft has warned the victims of these ransomware variants to quarantine the malware […]
July 6, 2022

The University of Maastricht recovers ransom payment from the 2019 ransomware attack

On Saturday 2nd of July 2022, the University of Maastricht announced they had managed to successfully recover a ransom they had paid from a ransomware attack against the university that occurred on December 23, 2019. The ransom demand was 30 Bitcoins which at the time was worth about 197,000 euros ($218,000). But in April this year, the Dutch public prosecution […]
July 4, 2022

AstraLocker ransomware announces shutdown and releases decryptors

This week, the threat actor behind the lesser-known AstraLocker ransomware has reported telling the technology news outlet, BleepingComputer that they are shutting down the operation and plan to switch to cryptojacking. As well as shutting down the operation, the developer also submitted a ZIP archive which contained AstraLocker decryptors to the VirusTotal malware analysis platform. The decryptors have been confirmed […]
June 30, 2022

FBI releases joint advisory alert against the MedusaLocker ransomware gang

On Thursday 30th of June 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE joint advisory that revealed that the MedusaLocker ransomware gang has predominantly been relying on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. This flash alert was released in coordination with CISA, the Department of the Treasury, and FinCEN to provide […]
June 29, 2022

Ex-Canadian government employee linked to NetWalker Ransomware crew pleads guilty to U.S. ransomware charges

On Tuesday 28th of June 2022, 34-year-old Sebastien Vachon-Desjardins pleaded guilty in a US court to conspiring to commit computer and wire fraud, intentionally damaged a protected computer, and transmitted a demand in relation to damaging a protected computer. The former Canadian government employee has been described as “one of the most prolific NetWalker Ransomware affiliates” responsible for extorting said millions […]
June 28, 2022

Black Basta ransomware gang are on track to become a highly dangerous group after hitting 50 organisations in just two months

Two recent reports by cyber security researchers have revealed that the new ransomware group known as Black Basta have claimed to have successfully attacked 50 victims in just two months while also revealing that the new group has links to veteran gangs like REvil and Conti. “The Black Basta gang has added nearly 50 victims to their list as of […]
June 28, 2022

Research reveals that Chinese APT are using short-lived ransomware variants as a disguise for cyberespionage activities

On the 23rd of June 2022, cybersecurity researchers from Secureworks published new research which named several ransomware variants which have been identified as being used by a state-backed hacking group with China-linked origins known as ‘Bronze Starlight’ to disguise the true objective of their attacks that is for conducting cyberespionage activities. The research looked into HUI Loader, which is a […]
June 27, 2022

Sensitive health data leaked after ransomware attack against Fitzgibbon Hospital

On Saturday 25th of June 2022, information pointing to an attack on Fitzgibbon Hospital in Missouri was discovered. The group “Daixin Team” have claimed responsibility for the attack via their onion site which contained files allegedly stolen from Fitzgibbon. Based on the leaked files, the Daixin Team had claimed to have exfiltrated 40 GB of data which contained numerous files […]