July 13, 2022

New C/C++ ransomware operation emerges

On Tuesday 12th of July 2022, researchers at Cyble released a report that revealed a series of new ransomware operations including the ‘Lilith’ ransomware operation who has already posted its first victim on a data leak site. Based on the analysis by the Cyble researchers, Lilith is C/C++ console-based ransomware which is designed for 64-bit versions of Windows. The operation […]
July 12, 2022

Threat actors impersonate cybersecurity firms in callback phishing campaigns

In a recent report by CrowdStrike, they reveal a callback phishing campaign where threat actors are impersonating well-known cybersecurity companies, such as CrowdStrike to gain initial access to corporate networks. The report stated that this campaign will likely lead to ransomware attacks, as previously seen with past callback phishing campaigns. Callback phishing campaigns involve the impersonation of well-known organisations requesting […]
July 11, 2022

Ransomware groups now implement search functionalities

Last week, the ALPHV ransomware group, also known as the BlackCat ransomware group announced they had implemented a searchable database that consists of leaked data from their victims who didn’t pay. The group clarified that they have indexed all the possible searchable results which allow for people to search by filename or by content available in documents and images. Currently, […]
July 7, 2022

Emsisoft releases free AstraLocker and Yashma ransomware decryptor

On Thursday 7th of July 2022, Emsisoft, a New Zealand-based cybersecurity firm announced that they had released a free decryption tool for AstraLocker and Yashma ransomware which is available for download from Emsisoft’s servers. The decryption tool is based on AstraLocker’s Babuk-based decryptor and Yashma’s Chaos-based decryptor. Emsisoft has warned the victims of these ransomware variants to quarantine the malware […]
July 6, 2022

The University of Maastricht recovers ransom payment from the 2019 ransomware attack

On Saturday 2nd of July 2022, the University of Maastricht announced they had managed to successfully recover a ransom they had paid from a ransomware attack against the university that occurred on December 23, 2019. The ransom demand was 30 Bitcoins which at the time was worth about 197,000 euros ($218,000). But in April this year, the Dutch public prosecution […]
July 4, 2022

AstraLocker ransomware announces shutdown and releases decryptors

This week, the threat actor behind the lesser-known AstraLocker ransomware has reported telling the technology news outlet, BleepingComputer that they are shutting down the operation and plan to switch to cryptojacking. As well as shutting down the operation, the developer also submitted a ZIP archive which contained AstraLocker decryptors to the VirusTotal malware analysis platform. The decryptors have been confirmed […]
June 30, 2022

FBI releases joint advisory alert against the MedusaLocker ransomware gang

On Thursday 30th of June 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE joint advisory that revealed that the MedusaLocker ransomware gang has predominantly been relying on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. This flash alert was released in coordination with CISA, the Department of the Treasury, and FinCEN to provide […]
June 29, 2022

Ex-Canadian government employee linked to NetWalker Ransomware crew pleads guilty to U.S. ransomware charges

On Tuesday 28th of June 2022, 34-year-old Sebastien Vachon-Desjardins pleaded guilty in a US court to conspiring to commit computer and wire fraud, intentionally damaged a protected computer, and transmitted a demand in relation to damaging a protected computer. The former Canadian government employee has been described as “one of the most prolific NetWalker Ransomware affiliates” responsible for extorting said millions […]
June 28, 2022

Black Basta ransomware gang are on track to become a highly dangerous group after hitting 50 organisations in just two months

Two recent reports by cyber security researchers have revealed that the new ransomware group known as Black Basta have claimed to have successfully attacked 50 victims in just two months while also revealing that the new group has links to veteran gangs like REvil and Conti. “The Black Basta gang has added nearly 50 victims to their list as of […]