Five Ransomware Groups Responsible for 40% of Cyber-Attacks in 2024
Corvus Insurance highlighted the growing complexity and competition within the ransomware ecosystem, with the threat level remaining elevated
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
Corvus Insurance highlighted the growing complexity and competition within the ransomware ecosystem, with the threat level remaining elevated
Fledgling band of crooks says it stole 1.2 TB of data The new SafePay ransomware gang has claimed responsibility for the attack on UK telematics biz Microlise, giving the company less than 24 hours to pay its extortion demands before leaking data.…
Also: VPN Vulnerabilities Attract Hackers, Hackers Use Swiss Mail to Send MalwareThis week, Russia suspected in Balctic Sea cable sabotage, VPNs draw ransomware attackers and Swiss snail mail malware. An AI training company reported a cybertheft of $250,000 and a U.S. space firm reported a breach. Microsoft said it will pay $$$ for AI vulnerabilities and a MFA success story.
The BianLian ransomware operation has shifted its tactics, becoming primarily a data theft extortion group, according to an updated advisory from the U.S. Cybersecurity & Infrastructure Security Agency, the FBI, and the Australian Cyber Security Centre. [...]
The BianLian ransomware group has shifted exclusively to exfiltration-based extortion and is deploying multiple new TTPs for initial access and persistence
Change Healthcare’s $2 billion recovery is still a work in progress Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began.…
Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day
Ransomware scum LockBit claims it did the dirty deed Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven months ago.…
This malware is FREE for EVERY crook ($300 decryption keys sold separately) A Russian citizen has been extradited from South Korea to the United States to face charges related to his alleged role in the Phobos ransomware operation.…
Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more.
Incident Is Among Growing List of Attacks on Small, Rural HospitalsAn Oklahoma hospital quickly restored its IT systems after a ransomware attack in September, but the 62-bed hospital could not recover some data and later learned that hackers may have accessed the personal information of 133,000 people. The attack is the latest involving a small rural hospital.
Firewall Vendor Warns Attackers Using Valid Credentials They Previously StoleAttackers wielding an emerging strain of ransomware called Helldown have been gaining a foothold in victims' networks by exploiting a previously unknown flaw in their Zyxel firewalls, security researchers warn. Zyxel has warned attackers may be using valid credentials they previously stole.
In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations.
According to the unsealed criminal charges, the operation is believed to have running for nearly four years.
The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...]
Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data
Ransomware groups are recruiting pen testers from the dark web to expand their operations, as revealed by Cato Network's Q3 2024 SASE Threat Report
A Russian national suspected of involvement in Phobos ransomware has appeared in court in the US
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus