Tag: extortion
-
‘We too were breached,’ says Google, months after revealing Salesforce attacks
Attackers may have claimed a Google breach, too: GTIG had also disclosed extortion activities related to UNC6040 intrusions, sometimes carried out several months after the initial data theft, by another threat group, UNC6240, which identified themselves as the notorious BreachForums admin ‘ShinyHunters’.At the time, the GTIG team had presumed the claim to be a stunt…
-
Akira and Lynx Ransomware Target MSPs Using Stolen Credentials and Exploited Vulnerabilities
Tags: breach, credentials, cyber, data, defense, exploit, extortion, group, msp, ransomware, service, threat, vpn, vulnerabilityThe Acronis Threat Research Unit (TRU) dissected recent samples from the Akira and Lynx ransomware families, revealing incremental enhancements in their ransomware-as-a-service (RaaS) models and double-extortion strategies. Both groups leverage stolen credentials, VPN vulnerabilities, reconnaissance, privilege escalation, defense evasion, and data exfiltration to infiltrate systems, primarily targeting small and medium-sized businesses (SMBs) with recycled yet…
-
Ransomware groups shift to quadruple extortion to maximize pressure
Threat actors are using a new quadruple extortion tactic in ransomware campaigns, while double extortion remains the most common approach, according to Akamai. Ransomware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/05/ransomware-extortion-tactics-quadruple-extortion/
-
US Agencies Warn of Surging Interlock Ransomware Attacks Targeting Healthcare, Businesses
Federal agencies warn of rising Interlock ransomware attacks targeting healthcare and critical sectors using double extortion and advanced social engineering. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-interlock-ransomware-healthcare-warning/
-
Dell Confirms Security Breach by Extortion Group, Calls Stolen Data ‘Fake’
Cyber extortion group World Leaks released more than 1.3TB of internal Dell data, including scripts and backups. Dell insists no sensitive customer information was exposed. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-dell-data-breach-world-leaks-ransomware/
-
SafePay Ransomware Strikes 260+ Victims Across Multiple Countries
The SafePay ransomware organization has quickly become a powerful operator since its initial detection in September 2024, marking a startling increase in the cyber threat scenario. Unlike predominant ransomware-as-a-service (RaaS) models that rely on affiliates for dissemination and profit-sharing, SafePay operates autonomously, with its core developers directly orchestrating intrusions and extortion campaigns. This self-contained approach…
-
Florida prison email blunder exposes visitor contact info to inmates
Victims fear leak at Everglades Correctional Institution could lead to violent extortion First seen on theregister.com Jump to article: www.theregister.com/2025/08/01/florida_prison_email_blunder/
-
Ransomware Gangs Leverage TrickBot Malware to Steal US $724 Million in Cryptocurrency
Ransomware affiliates associated with groups like Ryuk, Conti, and Diavol have increasingly relied on the modular TrickBot malware to facilitate sophisticated extortion campaigns, resulting in over US$724 million in cryptocurrency theft. Originally emerging in 2016 as a banking Trojan, TrickBot has transformed into a versatile malware platform that supports initial access, credential theft, and lateral…
-
Ransomware gang tells Ingram Micro, ‘Pay up by August 1’
Tags: access, attack, backup, breach, cyber, cyberattack, data, data-breach, encryption, exploit, extortion, government, group, international, Internet, law, leak, organized, ransom, ransomware, technology, tool, vpn, vulnerabilityRansomware attacks increase: In a report on ransomware released this week, researchers at Zscaler ThreatLabz said the number of organizations listed on all ransomware leak sites rose 70% in the 12 month period ending in April.A growing number of ransomware operators are abandoning encryption of data in favour of just data extortion, it noted. For…
-
ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shinyhunters-behind-salesforce-data-theft-attacks-at-qantas-allianz-life-and-lvmh/
-
Qilin Ransomware Uses TPwSav.sys Driver to Bypass EDR Security Measures
Tags: cyber, cybercrime, data, detection, edr, endpoint, exploit, extortion, ransom, ransomware, service, tactics, vulnerabilityCybercriminals affiliated with the Qilin ransomware-as-a-service (RaaS) operation have demonstrated advanced evasion techniques by exploiting a previously undocumented vulnerable driver, TPwSav.sys, to disable Endpoint Detection and Response (EDR) systems through a bring-your-own-vulnerable-driver (BYOVD) attack. First observed in July 2022, Qilin employs double extortion tactics, exfiltrating data for leakage on dedicated sites if ransoms remain unpaid,…
-
Ransomware-Gruppen haben innerhalb eines Jahres 238 TByte an Daten gestohlen
Zscaler veröffentlicht seinen jährlichen . Ransomware-Angriffe nehmen in alarmierendem Tempo zu, was durch den Anstieg der in der Zscaler-Cloud abgewehrten Angriffsversuche im Vergleich zum Vorjahr um 146 Prozent zum Ausdruck kommt. Ransomware-Gruppen legen zudem mehr Fokus auf Erpressung als auf Verschlüsselung, denn die im Berichtszeitraum exfiltrierten Daten stiegen um 92 Prozent […] First seen on…
-
TrickBot Behind More Than $724 Million in Crypto Theft and Extortion
Akamai’s latest Ransomware Report 2025 reveals “quadruple extortion,” new AI-driven tactics by groups like Black Basta, FunkSec, and TrickBot, and growing threats to non-profits. Learn about evolving cyber threats. First seen on hackread.com Jump to article: hackread.com/trickbot-behind-724-million-crypto-theft-extortion/
-
Qilin Ransomware Gains Momentum with Legal Assistance Option for Affiliates
The Qilin ransomware gang has introduced a >>Call Lawyer>legal department
-
FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation
FBI Dallas has seized almost 23 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seizes-24m-in-bitcoin-from-new-chaos-ransomware-operation/
-
Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims
A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter’s dark web infrastructure has been the subject of a law enforcement seizure.Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double extortion…
-
Naval Group: Hacker erpresst französischen Kriegsschiffhersteller
Der französische Schiffsbaukonzern Naval Group untersucht einen möglichen Cyberangriff. In einem Hackerforum sind militärische Daten aufgetaucht. First seen on golem.de Jump to article: www.golem.de/news/naval-group-hacker-erpresst-franzoesischen-kriegsschiffhersteller-2507-198601.html
-
Naval Group: Hacker erpresst französischen Kriegsschiffhersteller
Der französische Schiffsbaukonzern Naval Group untersucht einen möglichen Cyberangriff. In einem Hackerforum sind militärische Daten aufgetaucht. First seen on golem.de Jump to article: www.golem.de/news/naval-group-hacker-erpresst-franzoesischen-kriegsschiffhersteller-2507-198601.html
-
GLOBAL GROUP Ransomware Claims Breach of Media Giant Albavisión
GLOBAL GROUP Ransomware targets media giant Albavisión, claims 400 GB data theft as it continues hitting global sectors with advanced extortion tactics. First seen on hackread.com Jump to article: hackread.com/global-group-ransomware-media-giant-albavision-breach/
-
Chaos Ransomware Rises as BlackSuit Gang Falls
Researchers detailed a newer double-extortion ransomware group made up of former members of BlackSuit, which was recently disrupted by international law enforcement. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chaos-ransomware-rises-blacksuit-falls
-
Interlock Ransomware Targets Healthcare in Stealth Attacks, Say U.S. Cyber Agencies
Federal agencies warn of rising Interlock ransomware attacks targeting healthcare and critical sectors using double extortion and advanced social engineering. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/security/interlock-ransomware-healthcare-warning/
-
Dell Confirms Security Breach by Extortion Group, Calls Stolen Data ‘Fake’
Cyber extortion group World Leaks released more than 1.3TB of internal Dell data, including scripts and backups. Dell insists no sensitive customer information was exposed. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/security/dell-data-breach-world-leaks-ransomware/
-
BlackSuit Ransomware Infrastructure Seized by Authorities
International law enforcement agencies delivered a significant blow to cybercriminals this week with the successful takedown of critical infrastructure belonging to the BlackSuit ransomware gang. The coordinated operation, dubbed >>Operation Checkmate,
-
BlackSuit ransomware extortion sites seized in Operation Checkmate
Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/law-enforcement-seizes-blacksuit-ransomware-leak-sites/
-
Mutmaßlicher Betreiber von großem Cybercrime-Forum geschnappt
Der mutmaßliche Betreiber einer großen Plattform für Cyberkriminalität wurde festgenommen.Der mutmaßliche Betreiber einer großen russischsprachigen Plattform für Cyberkriminalität ist in der Ukraine festgenommen worden. Das Forum sei seit 2013 aktiv gewesen und einer der zentralen Orte für Cyberkriminalität weltweit gewesen, teilte die Staatsanwaltschaft Paris mit, die seit Jahren gegen die Plattform ermittelt. Der Verdächtige sei…
-
Mutmaßlicher Betreiber von großem Cybercrime-Forum geschnappt
Der mutmaßliche Betreiber einer großen Plattform für Cyberkriminalität wurde festgenommen.Der mutmaßliche Betreiber einer großen russischsprachigen Plattform für Cyberkriminalität ist in der Ukraine festgenommen worden. Das Forum sei seit 2013 aktiv gewesen und einer der zentralen Orte für Cyberkriminalität weltweit gewesen, teilte die Staatsanwaltschaft Paris mit, die seit Jahren gegen die Plattform ermittelt. Der Verdächtige sei…
-
Feds Warn Health, Other Sectors of Interlock Threats
Healthcare Providers Are Among Dozens of Entities Hit Since Gang Emerged in 2024. U.S. authorities are warning of threats posed by double-extortion gang Interlock, which has been hitting an assortment of businesses across many industries, including healthcare and other critical infrastructure sectors, with a ransomware variant first seen in September 2024. First seen on govinfosecurity.com…
-
Dell Breached by Extortion Group, Says Data Stolen Was ‘Fake’
The World Leaks group accessed and released data from the company’s Customer Solution Center, which is separated from customer and partner systems and stores primarily synthetic datasets used for demos and testing, Dell said. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dell-breached-data-stolen-fake
-
Dell demonstration platform breached by World Leaks extortion group
Tags: access, attack, breach, data, data-breach, defense, encryption, exploit, extortion, finance, group, insurance, international, leak, network, ransomware, risk, risk-management, strategy, threat, toolLimited impact but strategic implications: Dell emphasized that the breached platform is architecturally separated from customer-facing networks and internal production systems. “Data used in the solution center is primarily synthetic (fake) data, publicly available datasets used solely for product demonstration purposes or Dell scripts, systems data, non-sensitive information, and testing outputs,” the report added, quoting…