Brian Krebs reports: The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor…
Category: Of Note
CISA Alert CodeAA23-353A: ALPHV BlackCat
February 27, 2024: SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware….
As expected, LockBit is back already
Only five days after an international law enforcement effort seized LockBit’s leak sites, 34 servers, and 14,400 rogue email accounts used to support infrastructure and extortion, LockBit3.0 has reappeared with a new Tor site that looks like the old one. There are half a dozen entries on it at this time. One of the listings…
True or false, Friday law enforcement edition
From today’s update to the LockBit3.0 blog, now under the control of law enforcement, we read claims that law enforcement knows who and where LockBitSupp is, and that he drives a Mercedes and not a Lamborghini. Now that last bit may be enough to get a response from LockBitSupp if they’re just trolling him. But…
If you pay ransom, you may not get your data back and worse, you probably WILL get hit again – Cybereason Survey
Ever since ransomware attacks and “double extortion” attacks became common, law enforcement has urged victims not to pay ransom demands. Paying criminals ransom only encourages them to attack more victims, and despite criminals swearing they will delete their copy of your data that they stole, they don’t. Then, too, once you show them that you…
Change Healthcare responding to cyberattack; few details known at this point
Early yesterday, Change Healthcare reported that they were experiencing enterprise-wide connectivity issues. They didn’t call it a cyberattack at that point, but by mid-day, their status reports were indicating that they were experiencing “a network interruption related to a cyber security issue.” A few hours later, they added a statement, “Once we became aware of…