February 5, 2022

FBI releases flash alert against LockBit 2.0 ransomware

On Friday 4th of February 2022, the US Federal Bureau of Investigation (FBI) released a flash alert about indicators of compromise associated with LockBit 2.0 ransomware. The flash alert details the advances to the LockBit 2.0 since the LockBit ransomware gang became active in September 2019. LockBit 2.0 is the second iteration of the original LockBit ransomware which was released […]
February 4, 2022

Flights suffer delays after ransomware attack hit Swissport

On Thursday 3rd of February 2022, Swissport, one of the largest aviation services companies in the world, announced that it had experienced a ransomware attack which resulted in their IT infrastructure and services being impacted and causing flights to be delayed. The attack was believed to have occurred at 6 AM on Thursday morning and led to minor delays between […]
February 2, 2022

Energy giant, Shell forced to reroute supplies after cyber-attack on two German oil suppliers

On Saturday 29th of January 2022, Shell, the energy giant had to re-routing oil supplies due to a cyber-attack against two subsidiaries of two German oil suppliers, Oiltanking GmbH Group and Mabanaft GmbH & Co. KG Group. The incident resulted in disruptions to their IT systems and therefore caused disruptions to their supply chains. There have been concerns around shortages […]
January 30, 2022

Ransomware attack results in Curo Fund Services being locked out of systems for five days

On Wednesday 19th of January 2022, Curo Fund Services, South Africa’s biggest provider of investment administration services suffered a ransomware attack resulted in the company being locked out of their IT system for 5 days. This impacted some of their operations including the daily valuation for their clients. Although their clients’ investments were kept safe from the threat actors. Curo […]
January 28, 2022

QNAP forces automatic update after DeadBolt ransomware encrypts thousands of devices

On Tuesday 25th of January 2022, a new ransomware variant called “DeadBolt” was observed targeting devices from Network Attached Storage vendor QNAP. The ransomware variant has been observed demanding a ransom of 0.03BTC (equivalent to $1,100) to unlock the victim’s device. On the ransom note that is attached, there is a link titled “important message for QNAP,” which displays a […]
January 20, 2022

Bank Indonesia confirms ransomware attack after Conti leaks stolen documents

On the 20th of January 2022, Bank Indonesia, the central bank of the Republic of Indonesia announced that it experienced a ransomware attack last month although Bank Indonesia stated that the bank’s operations are not disrupted because of the incident. According to CNN Indonesia, a Bank Indonesia spokesman said no critical data was leaked although the bank has stated that […]
January 19, 2022

Leading marketing giant, RR Donnelley confirms data theft occurred during ransomware attack by Conti in December 2021

On the 18th of January 2022, RR Donnelley, a leading integrated services company offering communications, commercial printing, and marketing to enterprise clients confirmed that data was stolen during the ransomware attack they have experienced back in December 2021. RR Donnelley stated they were not aware that any data from their networks was stolen back in December 2021 but they were […]
January 15, 2022

Russian police raids against REvil ransomware gang members results in seizure of $6.6 million

On Friday 14th of January 2022, the Federal Security Service of the Russian Federation (FSB) in cooperation with the Investigation Department of the Ministry of Internal Affairs of Russia conducted police raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions, which were linked to 14 members of REvil ransomware gang.  The raids resulted […]
January 3, 2022

Portugal’s largest media conglomerate, Impresa attacked by Lapsus$ ransomware gang

Over the New Year Holiday, Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV channel and weekly newspaper was hit ransomware which targeted their online IT server infrastructure. This incident resulted in the 2ebsites for the Impressa group, Expresso, and all the SIC TV channels being taken offline as well as […]