Cybercrime, is Prometheus ransomware gang part of REvil?
Palo Alto Networks Unit 42 cybersecurity experts: The malware group claims to be part of the well-known firm, but there is no indication about a relation.
Cybercrime, Siloscape targets Windows Containers to compromise Cloud environments
Palo Alto Networks cybersecurity experts: The malware, heavy obfuscated, attacks Kubernetes clusters to open a backdoor.
Cybercrime, Evil Corp uses PayloadBIN ransomware to evade US sanctions
Bleeping Computer cybersecurity experts: The gang now impersonates Babuk and its malware to let the victims pay the ransoms.
Cybercrime, Conti attacks healthcare and first responder networks
The FBI cybersecurity experts: The ransomware hit at least 16 specific targets. The malware steals victims’ files and encrypts the servers to force a ransom payment.
Cybercrime, Is Qlocker gang shutting down its ransomware operation?
The group’s Tor sites began displaying a message stating that it “will be closed soon”. It seems a preventive move to try to escape from the DarkSide fate.
Cybercrime, has the DarkSide ransomware operation shut down?
It seems the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. Is the attack on Colonial Pipeline related?
Cybercrime, the Avaddon ransomware global campaign is escalating
The FBI and the ACSC cybersecurity experts: The malware attacks are expanding the target list worldwide from a wide range of sectors.
Cybercrime, Darkside gang now target stock markets organizations
Recorded Future cybersecurity experts: The ransomware group will notify info to crooked market traders in advance, so they can short a company’s stock price.
Cybercrime, Hello ransomware uses China Chopper web shell vulnerability
Trend Micro cybersecurity experts: The malware (aka WickrMe) arrives via the CVE-2019-0604. Then, the threat actors exploit web shell to download Cobalt Strike.
Cybercrime: here it is ToxicEye, a new malware exploiting Telegram
Check Point cybersecurity experts: The RAT is managed over the platform, communicating with the attacker’s C&C server and exfiltrating data to it.