Clop ransomware gang begins extorting GoAnywhere zero-day victims
The Clop ransomware gang has begun extorting companies whose data was stolen using a zero-day vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
The Clop ransomware gang has begun extorting companies whose data was stolen using a zero-day vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution. [...]
This week's biggest news was the coordinated, international law enforcement operation between Europol, the FBI, the Netherlands, Germany, and Ukraine that targeted the DoppelPaymer operation. [...]
File under cost of doing business Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of the cloud software slinger's customers.…
Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission (SEC), alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers. [...]
The campaign leveraged the exploitation of a flaw in IBM's Aspera Faspex file-sharing software
IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.
Much like a hostage's proof-of-life video, the ransomware gang offers the film as verification that it has the goods, and asks $1 million for the data.
A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world
Threat actors linked to the IceFire ransomware operation are now actively targeting Linux systems worldwide with a new dedicated encryptor. [...]
In this entry, we discuss case studies that demonstrated how data-science techniques were applied in our investigation of ransomware groups' ransom transactions, as detailed in our joint research with Waratah Analytics, “What Decision-Makers Need to Know About Ransomware Risk.”
The Medusa ransomware gang is demanding a $1,000,000 ransom from the Minneapolis Public Schools (MPS) district to delete data allegedly stolen in a ransomware attack. [...]
With thousands of applications to manage, enterprises need an effective way to prioritize software security patches. That calls for a contextualized, risk-based approach and good overall attack surface risk management.
The Hospital Clínic de Barcelona suffered a ransomware attack on Sunday morning, severely disrupting its healthcare services after the institution's virtual machines were targeted by the attacks. [...]
A Catalonia government statement attributed the attack to the threat actor known as RansomHouse
Millions extorted from victims, one attack left hospital patient dead German and Ukrainian cops have arrested suspected members of the DoppelPaymer ransomware crew and issued warrants for three other "masterminds" behind the global operation that extorted tens of millions of dollars and may have led to the death of a hospital patient.…
This is the latest in a line of law-enforcement actions busting up the ransomware scene.
Police also seized electronic equipment and are currently performing forensic examinations
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.
The health, manufacturing, and energy sectors are the most vulnerable to ransomware.
Europol has announced that law enforcement in Germany and Ukraine targeted two individuals believed to be core members of the DoppelPaymer ransomware group. [...]