LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants
The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants
TZW is the latest version of Adhubllka, which has been active since 2019 but has gone largely unreported due to its lower ransom demands.
Ransomware threat actors are spending less time on compromised networks before security solutions sound the alarm. In the first half of the year the hackers' median dwell time dropped to five days from nine in 2022 [...]
Hive tells us a lot about ransomware-as-a-service trends and the best ways to defend against attacks.
Netenrich suggested LOLKEK, BIT, OBZ, U2K and TZW ransomware strains share significant similarities
The critical rise of generative AI use in ransomware attacks on applications Webinar It's a fact of life that ransomware is a constant threat, like a dark cloud on every horizon. Recent research suggests that the volume of attacks has doubled in the last year.…
UK council identified attack on Monday
It's not going anywhere: Easy-to-exploit bugs like MOVEit, leaks of stolen data, and rapid-fire escalation are keeping ransomware attacks as painful as ever.
The Check Point report also highlights an evolution of ransomware tactics
Danish hosting firms CloudNordic and AzeroCloud have suffered ransomware attacks, causing the loss of the majority of customer data and forcing the hosting providers to shut down all systems, including websites, email, and customer sites. [...]
A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally
IT outfit says it can't — and won't — pay the ransom demand CloudNordic has told customers to consider all of their data lost following a ransomware infection that encrypted the large Danish cloud provider's servers and "paralyzed CloudNordic completely," according to the IT outfit's online confession.…
In large metropolitan areas, tourists are often easy to spot because they're far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.
ESET's investigation also revealed that certain Spacecolon versions contain Turkish strings
There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data. [...]
How a Russian cybercrime group using Cuban Revolution references and iconography has emerged as one of the most profitable ransomware operations.
How AI is powering ransomware attacks on applications Webinar You could be forgiven for wondering if anything can ever again be completely straightforward or demonstrably authentic in a world where generative AI can masquerade convincingly as your mother, or express itself in the exact language your best friend might use.…
NCC Group researchers observed 502 ransomware attacks in July 2023, with a large proportion made up of Clop’s continued exploitation of MOVEit
The BlackCat/ALPHV ransomware gang has added Seiko to its extortion site, claiming responsibility for a cyberattack disclosed by the Japanese firm earlier this month. [...]
Russian gang operates comprehensive set of attack tools