CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks. The vulnerability in question is CVE-2020-

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool

The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North

Ransomware-as-a-Service: The Growing Threat You Can't Ignore

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks.

CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks

A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance [...] where threat actors deploying CACTUS ransomware have exploited vulnerabilities in Qlik Sense for initial access,"

Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals

The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it," the

8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader

The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by the cybercriminals. “Most of the group’s Phobos variants are distributed by SmokeLoader, a backdoor trojan," security researcher Guilherme Venere said in an

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). "Observed as a ransomware-as-a-service (RaaS)

New Ransomware Group Emerges with Hive's Source Code and Infrastructure

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone going by the name Hassan Nozari," Halcyon said in a new

The Prolificacy of LockBit Ransomware

Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the ".abcd virus" extension first

Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company

The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises

Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method

The operators of the Hive ransomware-as-a-service (RaaS) scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method. "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," Microsoft Threat