Lawrence Abrams reports: The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies. Last week, the LockBit 3.0 ransomware builder was leaked on Twitter after the LockBit operator had a falling out with his developer. This builder allows anyone to build a fully functional encryptor and decryptor…
Category: Malware
Hong Kong, Aoyuan Healthy Life Group hit by PT_Moisha ransomware group
Marco A. DeFelice has been looking into a number of new ransomware groups that have recently poked their heads out. PT_Moisha is one of the new names, but they tell Marco they are an old group: Aoyuan Healthy Life Group, with operational offices also in Sydney in Australia and in Toronto and Vancouver in Canada, is…
“BlackCat” attempts to up the pressure on Suffolk County; starts to leak data?
Since September 8, Suffolk County has been trying to recover from a cyberattack by a ransomware group known as “ALPHV” or “BlackCat.” The attack disabled the county’s 911 system as well as other services. The county reverted to older methods for handling essential county operations, dispatching, and paying bills. State police have also provided support…
Denver suburb won’t cough up millions in ransomware attack that closed city hall
John Aguilar reports: The demand was big: $5 million to unlock Wheat Ridge’s municipal data and computer systems seized by a shadowy overseas ransomware operation. The response was defiant: We’ll keep our money and fix the mess you made ourselves. Read more at The Denver Post.
LockBit ransomware builder leaked online by “angry developer”
Lawrence Abrams reports: The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang’s newest encryptor. In June, the LockBit ransomware operation released version 3.0 of their encryptor, codenamed LockBit Black, after testing it for two months. […] Regardless of how the private ransomware builder was leaked, this…
ALPHV/BlackCat ransomware family becoming more dangerous
Alex Scroxton reports: The developer or developers behind the ransomware-as-a-service (RaaS) family known variously as ALPHV, BlackCat and Noberus, have been hard at work refining their tactics, techniques and procedures (TTPs) and today are probably more dangerous than ever before, according to intelligence from Symantec. The ALPHV/BlackCat/Noberus operation – which Symantec tracks as Coreid (aka FIN7, Carbon Spider)…