Kevin Poireault reports: Netherlands-based threat intelligence firm Prodaft revealed on February 20 that internal chatlogs from the BlackBasta ransomware gang have been leaked online. BlackBasta is a ransomware strain that was first detected in April 2022. Early on, cyber threat intelligence experts assessed that the members of the group behind the ransomware were associated with other…
Category: Malware
Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors
Marine Pichon and Alexis Bonnefoi of Orange Cyberdefense report: Last year, Orange Cyberdefense’s CERT investigated a series of incidents from an unknown threat actor leveraging both ShadowPad and PlugX. Tracked as Green Nailao (“Nailao” meaning “cheese” in Chinese – a topic our World Watch CTI team holds in high regard), the campaign impacted several European organizations, including in the healthcare vertical, during…
FBI and CISA Warn of Ghost Ransomware
Waqas reports: A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals the ongoing threat of Ghost ransomware, also known as Cring. Active since early 2021, this group, operating out of China, has targeted organizations in over 70 countries, impacting…
Medusa ransomware gang demands $2M from UK private health services provider
Iain Thomson reports: HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what’s claimed to be stolen internal records unless a substantial ransom is paid. Previously known as Virgin Care and now owned by Twenty20 Capital, HCRG runs child and…
There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victims
Solomon Klappholz reports: The BlackLock ransomware group has become one of the most prolific operators in the Ransomware as a Service (RaaS) ecosystem, with experts warning it could accelerate its growth over the next year. Also known as El Dorado, BlackLock was ranked as the the seventh most active ransomware group based on the number of posts…
$10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit
Waqas reports: A new report reveals how inexpensive cybercrime can compromise even the most secure organizations. According to Hudson Rock, employees at key US defence entities, including the Pentagon, major contractors like Lockheed Martin and Honeywell, military branches, and federal agencies like the FBI, have fallen victim to Infostealer malware. These infections expose highly sensitive data,…