January 28, 2022

QNAP forces automatic update after DeadBolt ransomware encrypts thousands of devices

On Tuesday 25th of January 2022, a new ransomware variant called “DeadBolt” was observed targeting devices from Network Attached Storage vendor QNAP. The ransomware variant has been observed demanding a ransom of 0.03BTC (equivalent to $1,100) to unlock the victim’s device. On the ransom note that is attached, there is a link titled “important message for QNAP,” which displays a […]
January 20, 2022

Bank Indonesia confirms ransomware attack after Conti leaks stolen documents

On the 20th of January 2022, Bank Indonesia, the central bank of the Republic of Indonesia announced that it experienced a ransomware attack last month although Bank Indonesia stated that the bank’s operations are not disrupted because of the incident. According to CNN Indonesia, a Bank Indonesia spokesman said no critical data was leaked although the bank has stated that […]
January 19, 2022

Leading marketing giant, RR Donnelley confirms data theft occurred during ransomware attack by Conti in December 2021

On the 18th of January 2022, RR Donnelley, a leading integrated services company offering communications, commercial printing, and marketing to enterprise clients confirmed that data was stolen during the ransomware attack they have experienced back in December 2021. RR Donnelley stated they were not aware that any data from their networks was stolen back in December 2021 but they were […]
January 15, 2022

Russian police raids against REvil ransomware gang members results in seizure of $6.6 million

On Friday 14th of January 2022, the Federal Security Service of the Russian Federation (FSB) in cooperation with the Investigation Department of the Ministry of Internal Affairs of Russia conducted police raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions, which were linked to 14 members of REvil ransomware gang.  The raids resulted […]
January 3, 2022

Portugal’s largest media conglomerate, Impresa attacked by Lapsus$ ransomware gang

Over the New Year Holiday, Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV channel and weekly newspaper was hit ransomware which targeted their online IT server infrastructure. This incident resulted in the 2ebsites for the Impressa group, Expresso, and all the SIC TV channels being taken offline as well as […]
December 16, 2021

IT systems of McMenamins taken down after Conti ransomware gang

On Sunday 12th of December 2021, McMenamins, a popular chain of restaurants, pubs, breweries, and hotels located in Oregon and Washington experienced a ransomware that resulted in McMenamins being forced to shut down their IT systems, credit card point-of-sale systems, and corporate email to prevent the further spread of the attack. Although their IT systems were shut down, McMenamins hasn’t been forced […]
December 3, 2021

FBI releases flash alert against the Cuba ransomware gang

On Thursday 2nd of December 2021, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE flash alert which revealed the Cuba ransomware gang have compromised at least 49 organizations in five critical infrastructure sectors, including the financial, government, healthcare, manufacturing, and information technology sectors. The FBI also revealed that the Cuba ransomware variant is commonly distributed through […]
November 30, 2021

FBI name known affiliate of REvil ransomware gang in court documents that revealed they had seized $2.3 million in Bitcoins

On Tuesday 30th of November 2021, the FBI revealed they had seized $2.3 million in Bitcoins on August 3rd, 2021, from a well-known REvil and GandCrab ransomware affiliate Aleksandr Sikerin, in a “complaint for forfeiture” court documents that were filed. The FBI didn’t disclose how they had gained access to the Exodus wallet where the 39.89138522 Bitcoins were originally being […]
November 25, 2021

Singapore offshore vessel operator, Swire Pacific Offshore experiences ransomware attack by CL0P ransomware group

On Thursday 25th of November 2021, Swire Pacific Offshore (SPO), a Singapore offshore vessel operator confirmed they had suffered a cyber-attack might have resulted in the loss of confidential proprietary commercial information and personal information. They have not disclosed any specifics of the attack but the ransomware group, CL0P have released a listing on their leak blog where they have claimed […]