Tag: extortion
-
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug.Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the…
-
Sie kommen aus Nordkorea: Wie Unternehmen sich gegen falsche IT-Profis schützen können
Seit einiger Zeit geben sich Bedrohungsakteure:innen aus Nordkorea als legitime IT-Profis aus. Ihr Ziel: Remote-Jobs ergattern, um primär mit ihrem Gehalt nordkoreanische Interessen zu finanzieren und sekundär monetäre Mittel via Erpressung durch Datendiebstahl zu erlangen. Sophos hat insbesondere für Personalverantwortende Tipps zu Vorstellungsgesprächen, Onboarding und Compliance zusammengestellt. ‘Die Betrüger:innen haben in der Vergangenheit mit Fähigkeiten…
-
PowerSchool data breach leads to school extortion attempts
A threat actor has contacted multiple school districts demanding payments related to student and staff data stolen in a December breach. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/powerschool-data-breach-school-extortion-attempts/747801/
-
PowerSchool Admits Ransom Payment Amid Fresh Extortion Demands
PowerSchool said its customers had been hit by new extortion demands using data stolen in a previous attack, despite attacker claims the data had been deleted First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/powerschool-ransom-payment/
-
No Fairy Tale Ending: PowerSchool’s Hacker Targets Customers
After Vendor Paid for Data-Deletion Promise, Criminals Extort Schools Directly Students, gather round for the sad story of how PowerSchool got schooled by hackers, who stole data on students and teachers. After PowerSchool paid a ransom for a guarantee that the data would be deleted, the bad hackers failed to honor their promise. First seen…
-
Double-extortion tactics used in PowerSchool ransomware attack
First seen on scworld.com Jump to article: www.scworld.com/news/double-extortion-tactics-used-in-powerschool-ransomware-attack
-
PowerSchool paid a hacker’s ransom, but now schools say they are being extorted
Schools in Toronto and North Carolina are reporting extortion attempts. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/08/powerschool-paid-a-hackers-ransom-but-now-schools-say-they-are-being-extorted/
-
Living in a Fairytale: PowerSchool’s Failures Continue
Criminals Extort School Employees After Vendor Paid for Data-Deletion Promise Students, gather round for the sad story of how PowerSchool got schooled not once, but twice. Surprise: attackers who received a ransom payment in return for a promise to delete data they stole from PowerSchool pertaining to students and teachers didn’t actually delete the data.…
-
LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online
The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion rings, has itself become the victim of a major cyberattack. On May 7, attackers breached and defaced the group’s dark web sites, leaking a trove of operational data and internal chats in a stunning turn of events that sent shockwaves…
-
PowerSchool customers hit by downstream extortion threats
The large education tech vendor was hit by a cyberattack and paid a ransom in December. Now, a threat actor is attempting to extort the company’s customers with stolen data. First seen on cyberscoop.com Jump to article: cyberscoop.com/powerschool-customers-hit-by-downstream-extortion-threats/
-
Despite ransom payment, PowerSchool hacker now extorting individual school districts
The education tech giant said it is “aware that a threat actor has reached out to multiple school district customers in an attempt to extort them.” First seen on therecord.media Jump to article: therecord.media/despite-ransom-payment-powerschool-extorting
-
UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion
UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has transitioned from niche SIM swapping operations targeting telecommunications organizations to a more aggressive focus on ransomware and data theft extortion across diverse industries. Initially observed exploiting telecom vulnerabilities to facilitate SIM swaps, UNC3944 pivoted in early 2023 to deploy ransomware…
-
Luna Moth extortion hackers pose as IT help desks to breach US firms
The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/luna-moth-extortion-hackers-pose-as-it-help-desks-to-breach-us-firms/
-
Gunra Ransomware’s Double”‘Extortion Playbook and Global Impact
Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems across industries such as real estate, pharmaceuticals, and manufacturing. As reported by CYFIRMA, this ransomware employs a sophisticated double-extortion strategy, encrypting victims’ data while exfiltrating sensitive information to coerce payments. With documented attacks in Japan, Egypt, Panama, Italy, and Argentina, Gunra’s…
-
Ukrainian Extradited to U.S. Over Global Ransomware Scheme Using Nefilim Strain
Artem Stryzhak, a Ukrainian national, has been extradited from Spain to the United States to face charges related to a global ransomware operation that used the notorious Nefilim ransomware strain. The 2025 extradition is an important step in a years-long investigation into a cyber-extortion campaign that targeted multinational corporations and caused millions of dollars in…
-
NCSC Warns of Ransomware Attacks Targeting UK Organisations
National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber attacks targeting UK retailers. These incidents have prompted concerns about the evolving threat landscape, particularly regarding ransomware and data extortion techniques. The NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse, have highlighted specific technical measures that organizations…
-
Leaders of 764, global child sextortion group, arrested and charged
The Justice Department accuses two men of running a “network of nihilistic violent extremists” who engaged in and facilitated the grooming, manipulation and extortion of minors. First seen on cyberscoop.com Jump to article: cyberscoop.com/764-leaders-arrested-charged-child-sextortion/
-
RansomHub Refines Extortion Strategy as RaaS Market Fractures
RansomHub refines extortion strategy amid RaaS market fractures, expanding affiliate recruitment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomhub-refines-extortion/
-
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).”LAGTOY…
-
Vor diesen Ransomware-Banden sollten Sie sich hüten
Tags: ai, cyber, cyberattack, data, data-breach, exploit, extortion, germany, group, hacker, intelligence, leak, lockbit, malware, moveIT, ransomware, service, software, strategy, threat, tool, usa, vulnerability, zero-dayRansomware-Attacken werden immer mehr. Höchste Zeit, die Schutzmaßnahmen hochzufahren.In den ersten drei Monaten des laufenden Jahres gab es einen neuen Höchststand bei den weltweit gemeldeten Ransomware-Vorfällen. Laut dem aktuellen Bericht State of Ransomware von Check Point Research (CPR) haben Hacker im ersten Quartal 2025 insgesamt 2.289 Unternehmen erpresst 126 Prozent mehr als im Vorjahreszeitraum (1.011…
-
Emulating the Hellish Helldown Ransomware
AttackIQ has released a new attack graph emulating the behaviors exhibited by Helldown ransomware since its emergence in August 2024. Helldown is operated by the eponymous and still largely undocumented adversary, which employs double extortion tactics by exfiltrating sensitive data prior to encrypting victim systems and threatening to leak the data on its Dedicated Leak…
-
BEC scams, investment fraud accounted for biggest cybercrime losses in 2024
Americans lost $16.6 billion to cyber fraud last year, according to a new FBI report, with;phishing, spoofing and extortion topping the list of complaints. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fbi-internet-crime-bec-scams-investment-fraud-losses/746181/
-
Interlock Ransomware Uses Multi-Stage Attack Through Legitimate Websites to Deliver Malicious Browser Updates
The Interlock ransomware intrusion set has escalated its operations across North America and Europe with sophisticated techniques. Not falling under the typical Ransomware-as-a-Service (RaaS) category, Interlock operates independently, focusing primarily on Big Game Hunting and double extortion campaigns. This group’s activities have been closely monitored by cybersecurity firms such as Sekoia Threat Detection & Research…
-
Neue RaaS im Umlauf – ‘VanHelsing” erpresst 500.000 Dollar von Unternehmen
Tags: extortionFirst seen on security-insider.de Jump to article: www.security-insider.de/neue-ransomware-vanhelsing-entdeckt-a-d7f1590a97a46fa1cd68173866750715/
-
RansomHouse ransomware: what you need to know
RansomHouse is a cybercrime operation that follows a Ransomware-as-a-Service (RaaS) business model, where affiliates (who do not require technical skills of their own) use the ransomware operator’s infrastructure to extort money from victims. First seen on fortra.com Jump to article: www.fortra.com/blog/ransomhouse-ransomware-what-you-need-know
-
Ransomware ohne Erpressung – RedCurl attackiert mit neuer Ransomware virtuelle Maschinen
First seen on security-insider.de Jump to article: www.security-insider.de/redcurl-hackergruppe-taktikwechsel-ransomware-a-762d79677d058e3d04000938c2154659/
-
Ransomware Underground Faces Declining Relevance
Rising Attacks Masks Lowering Profits, Attention Economy Competition Ransomware groups’ collective power to command victims’ attention and compel extortion is waning, notwithstanding the disruption and chaos that continues to be their hallmark. The criminal underground powering ransomware is a world in flux where old, established groups are giving way to new brands. First seen on…
-
Hunters International Dumps Ransomware, Goes Full-on Extortion
Hunters International, the RaaS group that some believe evolved from Hive, appears to be rebranding and shifting operations, moving away from an unprofitable and risky ransomware business and focusing solely on exfiltrating data and extorting victims, say Group-IB researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/hunters-international-dumps-ransomware-goes-full-on-extortion/
-
Hunters International shifts from ransomware to pure data extortion
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunters-international-rebrands-as-world-leaks-in-shift-to-data-extortion/