New ‘Luna Moth’ hackers breach orgs via fake subscription renewals
A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom. [...]
Ransom-related coverage examines extortion demands, data theft, and disruption caused when attackers lock or threaten to expose systems.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malicious software that disrupts access to systems or data, typically by encrypting files, to pressure a victim into paying. Modern campaigns may also steal data and threaten to publish it, making the demand a form of extortion even when encryption is unsuccessful. Common access routes include phishing, exposed remote services, stolen credentials, and unpatched vulnerabilities, though no single route is universal.
Important safeguards include regularly tested, offline or otherwise isolated backups; multifactor authentication and least-privilege access; network segmentation; and timely remediation of known, internet-facing vulnerabilities. During an incident, organizations should isolate affected systems, preserve evidence, identify the scope of compromise, and coordinate recovery and legal or regulatory decisions. Payment does not guarantee data recovery or deletion. Threat intelligence may help identify associated infrastructure or available decryptors, while documented recovery plans reduce dependence on an attacker’s demands.
A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom. [...]
Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private.
Maastricht University (UM), a Dutch university with more than 22,000 students, said last week that it has recovered the ransom paid after a ransomware attack that hit its network in December 2019. [...]