8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files. [...]
Ransomware group BlackCat/ALPHV files SEC complaint against its latest victim, putting an audacious new twist on cyber extortion tactics.
The library said that it expects many of its services to be restored in the forthcoming weeks.
Cybercrime group worried over dwindling payments ... didn't they tell them to Always Be Closing? In response to growing frustrations inside the LockBit organization, its leaders have overhauled the way they negotiate with ransomware victims going forward.…
Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information. [...]
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations. [...]
Postal service was breached in January 2023
Famed institution warns of ongoing disruption
U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to infiltrate targets
Ransomware Group Says MeridianLink Didn't Tell SEC About Cyberattack Within 4 DaysThe BlackCat ransomware group tattled to U.S. federal regulators about an alleged victim not disclosing a material cyberattack within four business days. The group, also known as Alphv, listed MeridianLink on its data leak site and threatened to leak stolen data.
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation.. [...]
Ransomware Group Says MeridianLink Didn't Tell SEC About Cyberattack Within 4 DaysThe BlackCat ransomware group tattled to U.S. federal regulators about an alleged victim not disclosing a material cyberattack within four business days. The group, also known as Alphv, listed MeridianLink on its data leak site and threatened to leak stolen data.
And that's not counting the incoming lawsuits. Thank goodness for insurance, eh? Rackspace's costs from last year's ransomware infection continue to mount: the cloud hosting biz told America's financial watchdog, the SEC, its total expenses to date regarding that cyberattack have now reached about $11 million.…
And that's not counting the incoming lawsuits Rackspace's costs from last year's ransomware infection continue to mount: the cloud hosting biz told America's financial watchdog, the SEC, its total expenses to date regarding that cyberattack have reached $12 million – so far.…
Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. [...]
Ads for Slack and Cisco AnyConnect actually downloaded Nitrogen malware Affiliates of the ALPHV/BlackCat ransomware-as-a-service operation are turning to malvertising campaigns to establish an initial foothold in their victims' systems.…
First time hard figure given on recovery costs for January incident Royal Mail's parent company has revealed for the first time the infrastructure costs associated with its January ransomware attack.…
The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors
A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks