Grant LaFleche reports: On Feb. 25, a sprawling cyberattack hit the City of Hamilton’s digital network, disrupting phone lines, emails, and databases the municipality uses every day. The crisis is almost two weeks old, and the city remains largely locked out of its systems. Phone lines remain down, council meetings have been postponed, registration to recreation programs…
Category: Malware
Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1)
Developing: Someone claiming to be an “affiliate plus” for AlphV claims they were responsible for the Change Healthcare attack but that AlphV stole the payment Change Healthcare had made and suspended the affiliate’s account. The affiliate’s claims appeared on Ramp Forum and have been circulating since then. The post can be seen below, via @vx-underground:…
Fulton County, Security Experts Call LockBit’s Bluff
Brian Krebs reports: The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor…
CISA Alert CodeAA23-353A: ALPHV BlackCat
February 27, 2024: SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware….
loanDepot notifying 17 million customers after ransomware attack in January
On February 16, BlackCat added loanDepot to their dark web leak site, but without any data as proof. At the time, they claimed that LoanDepot had shown up in the negotiation chat, and had offered $6 million for the data and a decryptor, but allegedly claimed they could offer more after the weekend. But after…
Lockbit takedown accompanied by some arrests and indictments
Although there has been no arrest of LockBitSupp, the disruption of LockBit3.0 was accompanied by some arrests and indictments in various countries: United States: The U.S. Department of Justice unsealed indictments against two Russian men: Artur Sungatov allegedly used LockBit ransomware against victims. And Ivan Gennadievich Kondratyev, a.k.a. “Bassterlord,” allegedly used LockBit ransomware against targets in…