July 19, 2022

Black Basta ransomware gang claim responsibility for cyberattack against building materials giant Knauf

Recently, the Knauf Group announced they had experienced a cyberattack which resulted in disruptions to their business operations, and ultimately led to its global IT team being forced to shut down all IT systems to isolate the incident. The announcement revealed that the cyberattack took place on the night of Wednesday 29th of June 2022. “We are currently working heavily […]
July 14, 2022

Holy Ghost ransomware operation linked to North Korean threat actors by Microsoft

On Thursday, 14th of July 2022, researchers at Microsoft Threat Intelligence Center (MSTIC) released a report which revealed they had been tracking the Holy Ghost ransomware gang which they have connected with North Korea. The Holy Ghost ransomware gang has been active for over a year but it has struggled to be as successful as other gangs. While Microsoft has […]
July 13, 2022

Japanese Game publishing giant Bandai Namco confirms hack after BlackCat ransomware data leak posting

On Wednesday 13th of July 2022, the Japanese Game publishing giant Bandai Namco confirmed that they experienced a cyberattack on Sunday 3rd of July 2022 where the threat actors breached internal systems for offices in Asian regions, other than Japan. Bandai Namco also stated there is a possibility that customer information has been stolen by the threat actors. On Monday […]
July 13, 2022

New C/C++ ransomware operation emerges

On Tuesday 12th of July 2022, researchers at Cyble released a report that revealed a series of new ransomware operations including the ‘Lilith’ ransomware operation who has already posted its first victim on a data leak site. Based on the analysis by the Cyble researchers, Lilith is C/C++ console-based ransomware which is designed for 64-bit versions of Windows. The operation […]
July 12, 2022

Threat actors impersonate cybersecurity firms in callback phishing campaigns

In a recent report by CrowdStrike, they reveal a callback phishing campaign where threat actors are impersonating well-known cybersecurity companies, such as CrowdStrike to gain initial access to corporate networks. The report stated that this campaign will likely lead to ransomware attacks, as previously seen with past callback phishing campaigns. Callback phishing campaigns involve the impersonation of well-known organisations requesting […]
July 11, 2022

Ransomware groups now implement search functionalities

Last week, the ALPHV ransomware group, also known as the BlackCat ransomware group announced they had implemented a searchable database that consists of leaked data from their victims who didn’t pay. The group clarified that they have indexed all the possible searchable results which allow for people to search by filename or by content available in documents and images. Currently, […]
July 7, 2022

Emsisoft releases free AstraLocker and Yashma ransomware decryptor

On Thursday 7th of July 2022, Emsisoft, a New Zealand-based cybersecurity firm announced that they had released a free decryption tool for AstraLocker and Yashma ransomware which is available for download from Emsisoft’s servers. The decryption tool is based on AstraLocker’s Babuk-based decryptor and Yashma’s Chaos-based decryptor. Emsisoft has warned the victims of these ransomware variants to quarantine the malware […]
July 6, 2022

The University of Maastricht recovers ransom payment from the 2019 ransomware attack

On Saturday 2nd of July 2022, the University of Maastricht announced they had managed to successfully recover a ransom they had paid from a ransomware attack against the university that occurred on December 23, 2019. The ransom demand was 30 Bitcoins which at the time was worth about 197,000 euros ($218,000). But in April this year, the Dutch public prosecution […]
July 4, 2022

AstraLocker ransomware announces shutdown and releases decryptors

This week, the threat actor behind the lesser-known AstraLocker ransomware has reported telling the technology news outlet, BleepingComputer that they are shutting down the operation and plan to switch to cryptojacking. As well as shutting down the operation, the developer also submitted a ZIP archive which contained AstraLocker decryptors to the VirusTotal malware analysis platform. The decryptors have been confirmed […]