DarkSide ransomware is creating a secure data leak service in Iran

Posted by & filed under Security Alerts.

The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software… Read more »

New Pay2Key ransomware encrypts networks within one hour

Posted by & filed under Security Alerts.

A new ransomware called Pay2Key has been targeting organizations from Israel and Brazil, encrypting their networks within an hour in targeted attacks still under investigation. Michael Gillespie, the creator of ID Ransomware, has also seen submissions from Pay2Key victims predominantly from Brazilian IP addresses. Although used in attacks against multiple Brazilian entities, this ransomware is not… Read more »

Scam PSA: Ransomware gangs don’t always delete stolen data when paid

Posted by & filed under Security Alerts.

Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom. In 2019, the Maze ransomware group introduced a new tactic known as double-extortion, which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paid. Now, not only are victims being… Read more »

US indicts Russian GRU ‘Sandworm’ hackers for NotPetya, worldwide attacks

Posted by & filed under Security News.

The U.S. Department of Justice has charged six Russian intelligence operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the notorious NotPetya ransomware attack. Believed to be part of the elite Russian hacking group known as “Sandworm”, the indictment states that all six individuals are part of the Russian Main… Read more »

BazarLoader used to deploy Ryuk ransomware on high-value targets

Posted by & filed under Security Alerts.

The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware. For years, the TrickBot gang has been using their trojan to compromise enterprise networks by downloading different software modules used for specific behavior such as stealing passwords, spreading to other machines, or even stealing a domain’s Active Directory… Read more »