FBI Seeks Info on BlackCat
Bureau asks for IP logs and benign samples of encrypted files to aid ransomware investigation
Investigation covers the forensic analysis of cyber incidents, helping determine how attacks occurred, what was affected, and which evidence supports response.
Search across headline titles and summaries.
Background for this topic.
Investigation is the systematic examination of an event, claim, or suspected activity to establish what happened, when it happened, and who or what was involved. In information security, it commonly covers suspected intrusions, misuse of accounts, data exposure, fraud, and control failures. Investigators reconstruct an event from sources such as authentication records, endpoint artifacts, network telemetry, cloud logs, and disk or memory images, then determine the affected systems, data, and attack path.
Reliable investigations depend on preserving evidence without altering it, recording its provenance, and separating confirmed facts from assumptions. Findings can guide containment and recovery, reveal vulnerabilities that require remediation, and provide threat intelligence about tools or techniques used against an organization. Privacy and legal requirements may restrict what data can be collected or shared, while weak logging, short retention, or uncontrolled access can leave important questions unanswered and undermine any disciplinary, regulatory, or judicial action.
Bureau asks for IP logs and benign samples of encrypted files to aid ransomware investigation
The Federal Bureau of Investigation (FBI) says the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide, between November 2021 and March 2022. [...]
Companies must enforce more security on their own third-party providers and retain the ability to conduct independent investigations, experts say.
The US Federal Bureau of Investigation (FBI) warned Food and Agriculture (FA) sector organizations today of an increased risk that ransomware gangs "may be more likely" to attack them during the harvest and planting seasons. [...]
Identity and access management firm Okta says an investigation into the January Lapsus$ breach concluded the incident's impact was significantly smaller than expected. [...]
Authentication vendor completes investigation into incident
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies
We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model.