Connor Jones reports: A Ukrainian cybercrime kingpin who ran some of the most pervasive malware operations faces 40 years in prison after spending nearly a decade on the FBI’s Cyber Most Wanted List. Vyacheslav Igorevich Penchukov, 37, pleaded guilty this week in the US to two charges related to his leadership role in both the…
Category: Malware
Reward for Information: ALPHV/Blackcat Ransomware as a Service
REWARD OF UP TO $15 MILLION NAME: ALPHV/Blackcat Ransomware as a Service (RaaS) NATIONALITY: Various (Unknown) CITIZENSHIP: Various (Unknown) The U.S. Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold a key leadership position in the Transnational Organized Crime group behind the ALPHV/Blackcat ransomware variant. In…
Update on INTEGRIS Health data breach: incident response criticized by patients
In December, INTEGRIS Health disclosed a cyberattack in November in which threat actors contacted patients directly to extort them when INTEGRIS wouldn’t pay their demands. DataBreaches subsequently reported additional details. On February 6, INTEGRIS updated its breach notice. The updated website notice incorporates the kind of language that advocates for transparency and data protection may…
PA: Washington County pays $350,000 ransom after cyberattack
Chris Hoffman reports: The Washington County Board of Commissioners formally voted on Thursday on handling the recent cyberattack. Some have questioned the transparency of the process. The questions about transparency have been because of secret and emergency meetings. According to the solicitor, some of that was because of the deadlines set up by the cybercriminals….
HC3: Analyst Note: Akira Ransomware
February 7, 2024 TLP:CLEAR Report: 202402071200 Executive Summary Akira ransomware is a relatively new ransomware gang that has demonstrated aggressive and capable targeting of the U.S. health sector in its short lifespan. U.S. healthcare organizations are advised to follow the steps in this alert to minimize their risk of attack. Overview Akira ransomware was first…
Rhysida ransomware decryptor publicly released
Laura French reports: A Rhysida ransomware decryption tool has been publicly released and detailed in a preprint paper by South Korean researchers Friday. The Rhysida decryptor takes advantage of a vulnerability in the ransomware’s encryption process, enabling the process to be reverse engineered to recover files. The researchers from Kookmin University and the Korea Internet…