Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor knowledge leak and negotiation websites, rumored to be attributable to a regulation enforcement motion.
The FBI revealed this week that they hacked the BlackCat/ALPHV ransomware operation, which raked in $300 million from over 1,000 victims. Whereas quietly surveilling the ransomware gang, regulation enforcement retrieved decryption and Tor non-public keys.
Regulation enforcement says that they have been in a position to assist decrypt 400 victims without spending a dime utilizing the retrieved decryptors and used the Tor non-public keys to grab the URLs for the gang’s knowledge leak web site and negotiation websites.
Nonetheless, because the menace actors and the FBI have the identical keys, there was a relentless tug of battle as they each “reseize” the URL.
Some have seen this fixed change in possession of the URL as a failed operation by regulation enforcement. Nonetheless, retrieving 400 decryption keys and certain extra knowledge from the hacked servers has considerably tarnished the ransomware operation’s fame.
BleepingComputer has realized that this has precipitated some associates to contact victims straight by way of e mail, as they’ve misplaced belief within the ransomware gang’s potential to safe the servers. Others are mentioned to have moved to competing ransomware operations, corresponding to LockBit.
Now, LockBitSupp (the operator of LockBit) and the BlackCat operator have mentioned making a “cartel,” to affix forces towards regulation enforcement.
Earlier “ransomware cartels” allegedly created by Maze did not reach serving to the ransomware operation, as Ukrainian police arrested gang members after they rebranded as Egregor.
We additionally realized this week about new ransomware assaults or details about outdated ones, together with:
Contributors and those that offered new ransomware data and tales this week embody: @malwrhunterteam, @BleepinComputer, @demonslay335, @Seifreed, @billtoulas, @Ionut_Ilascu, @fwosar, @serghei, @LawrenceAbrams, @BrettCallow, @PRODAFT, @AShukuhi, @uuallan, @SophosXOps, @pcrisk, @3xp0rtblog, @oct0xor, @MorganDemboski, and @juanbrodersen.
December 18th 2023
Mortgage large Mr. Cooper knowledge breach impacts 14.7 million folks
Mr. Cooper is sending knowledge breach notifications warning {that a} current cyberattack has uncovered the info of 14.7 million clients who’ve, or beforehand had, mortgages with the corporate.
FBI: Play ransomware breached 300 victims, together with vital orgs
The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, a few of them vital infrastructure entities.
Vans and North Face proprietor VF Corp hit by ransomware assault
American international attire and footwear large VF Company, the proprietor of manufacturers like Supreme, Vans, Timberland, and The North Face, has disclosed a safety incident that precipitated operational disruptions
The UBA suffered a ransomware cyber assault: academics and college students can’t entry the techniques
The College of Buenos Aires (UBA) suffered a ransomware cyberattack , a kind of bug that encrypts the sufferer’s recordsdata, makes them inaccessible and calls for a ransom cash in change. Since Thursday, servers in a part of the tutorial establishment have been compromised and this prevents academics and college students from managing grades, enrolling in summer time programs and extra.
December nineteenth 2023
FBI disrupts Blackcat ransomware operation, creates decryption instrument
The Division of Justice introduced as we speak that the FBI efficiently breached the ALPHV ransomware operation’s servers to observe their actions and acquire decryption keys.
How the FBI seized BlackCat (ALPHV) ransomware’s servers
An unsealed FBI search warrant revealed how regulation enforcement hijacked the ALPHV/BlackCat ransomware operations web sites and seized the related URLs.
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims
The ALPHV/BlackCat ransomware gang has revamped $300 million in ransom funds from greater than 1,000 victims worldwide as of September 2023, in line with the Federal Bureau of Investigation (FBI).
Smoke and Mirrors: Understanding The Workings of Wazawaka
This analysis offers a complete evaluation of Wazawaka’s background, affiliations, and techniques within the menace panorama related together with his actions. It contains details about Wazawaka’s crew and his shut relations with different menace actors.
December twentieth 2023
Healthcare software program supplier knowledge breach impacts 2.7 million
ESO Options, a supplier of software program merchandise for healthcare organizations and hearth departments, disclosed that knowledge belonging to 2.7 million sufferers has been compromised on account of a ransomware assault.
Faux F5 BIG-IP zero-day warning emails push knowledge wipers
The Israel Nationwide Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day safety updates that deploy Home windows and Linux knowledge wipers.
New BO Crew ransomware
PCrisk discovered a brand new ransomware that appends the .bot extension and drops a ransom be aware named How To Restore Your Information.txt.
December twenty first 2023
Akira, once more: The ransomware that retains on taking
Following our preliminary report on Akira ransomware, Sophos has responded to over a dozen incidents involving Akira impacting varied sectors and areas. In accordance with our dataset, Akira has primarily focused organizations situated in Europe, North America, and Australia, and working within the authorities, manufacturing, expertise, training, consulting, prescription drugs, and telecommunication sectors.
Home windows CLFS and 5 exploits utilized by ransomware operators
Seeing a Win32k driver zero-day being utilized in assaults isn’t actually stunning nowadays, because the design points with that element are well-known and have been exploited time and time once more. However we had by no means seen so many CLFS driver exploits being utilized in lively assaults earlier than, after which out of the blue there are such a lot of of them captured in only one yr.
New Phobos ransomware variant
PCrisk discovered a brand new ransomware that appends a novel extension and drops ransom notes named information.txt and information.hta.
New Tprc ransomware
PCrisk discovered a brand new ransomware that appends the .tprc extension and drops a ransom be aware named !RESTORE!.txt.
December twenty second 2023
Nissan Australia cyberattack claimed by Akira ransomware gang
Japanese automotive maker Nissan is investigating a cyberattack that focused its techniques in Australia and New Zealand, which can have let hackers entry private data.
That is it for this week! Hope everybody has a pleasant weekend!