Mathew J. Schwartz reports: How might banning ransomware victims from paying a ransom to their attacker work in practice? As ransomware groups are causing massive damage and disruption and showing no signs of stopping, Ciaran Martin, the former head of Britain’s National Cyber Security Center, said “it’s time to figure out how to make a ransomware payments…
Category: Malware
Hamilton’s ransomware attack, week two: What we know and what we don’t
Grant LaFleche reports: On Feb. 25, a sprawling cyberattack hit the City of Hamilton’s digital network, disrupting phone lines, emails, and databases the municipality uses every day. The crisis is almost two weeks old, and the city remains largely locked out of its systems. Phone lines remain down, council meetings have been postponed, registration to recreation programs…
Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1)
Developing: Someone claiming to be an “affiliate plus” for AlphV claims they were responsible for the Change Healthcare attack but that AlphV stole the payment Change Healthcare had made and suspended the affiliate’s account. The affiliate’s claims appeared on Ramp Forum and have been circulating since then. The post can be seen below, via @vx-underground:…
Fulton County, Security Experts Call LockBit’s Bluff
Brian Krebs reports: The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor…
CISA Alert CodeAA23-353A: ALPHV BlackCat
February 27, 2024: SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware….
loanDepot notifying 17 million customers after ransomware attack in January
On February 16, BlackCat added loanDepot to their dark web leak site, but without any data as proof. At the time, they claimed that LoanDepot had shown up in the negotiation chat, and had offered $6 million for the data and a decryptor, but allegedly claimed they could offer more after the weekend. But after…