Tag: extortion
-
Hunters International shifts from ransomware to pure data extortion
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunters-international-rebrands-as-world-leaks-in-shift-to-data-extortion/
-
Oracle Disclosed Breach Of ‘Legacy’ Environment To Customers: Report
A breach of an Oracle ‘legacy’ environment led to the theft of log-in credentials and included a demand by the attacker for an extortion payment, according to a Bloomberg report. First seen on crn.com Jump to article: www.crn.com/news/security/2025/oracle-disclosed-breach-of-legacy-environment-to-customers-report
-
North Korea’s IT Operatives Are Exploiting Remote Work Globally
The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk”, using fake identities, remote access, and extortion to compromise organizations. The post North Korea’s IT Operatives Are Exploiting Remote Work Globally appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-koreas-it-operatives-are-exploiting-remote-work-globally/
-
North Korea’s Fake IT Worker Scheme Sets Sights on Europe
Google has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-fake-it-worker-europe/
-
Babuk Locker 2.0 vs Seceon Platform: MITRE ATTCK Mapping and Early-Stage Detection Remediation
Overview of Babuk Locker 2.0 Babuk Locker 2.0 is a ransomware strain that employs double extortion, where attackers encrypt victim files and exfiltrate sensitive data for ransom. It targets organizations by exploiting RDP vulnerabilities, unpatched systems, weak credentials, and phishing attacks. MITRE ATT&CK Mapping of Babuk Locker 2.0 & Seceon’s Early Detection & Remediation MITRE…
-
Redcurl-Ransomware attackiert Hypervisoren
Eine neue Ransomware-Attacke der bekannten Gruppe Cyberkrimineller richtet sich gezielt auf Hypervisoren anstatt auf Endpunkte. So wollen die Angreifer lange unentdeckt bleiben und zugleich einen maximalen Schaden anrichten. Das belegt eine Bitdefender-Labs-Analyse der ersten digitalen Erpressung von Redcurl. Neben DLL-Sideloading und bösartigem Malware-Code kommen vor allem legitime Tools für Living-of-the-Land-Attacken (LOTL) zum Einsatz. Backups […]…
-
Neue VanHelsing-Ransomware breitet sich rasant aus
Tags: authentication, backup, blockchain, dark-web, encryption, extortion, governance, government, linux, ransomware, service, usa, windowsDas neue Ransomware-Programm VanHelsing zielt auf Windows-, Linux-, BSD-, ARM- und ESXi-Systeme.Das neue RaaS-Projekt namens VanHelsing wurde erstmals am16. März von Forschern von CYFIRMA entdeckt, als Angreifer es für Verschlüsselung und doppelte Erpressung nutzten. Da es für Ziele der Gemeinschaft Unabhängiger Staaten (GUS) verboten ist, gehen die Security-Spezialisten davon aus, dass die Hintermänner aus Russland…
-
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025.”The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%,” Check Point said in…
-
Oracle Cloud breach may impact 140,000 enterprise customers
Tags: access, attack, authentication, breach, business, cloud, control, credentials, data, extortion, finance, hacker, mfa, mitigation, oracle, password, radius, ransom, risk, security-incident, service, strategy, supply-chain, threatBusiness impact and risks: In an alarming development, the threat actor has initiated an extortion campaign, contacting affected companies and demanding payment to remove their data from the stolen cache. This creates immediate financial pressure and complex legal and ethical decisions for victims regarding ransom payments.To increase pressure on both Oracle and affected organizations, the…
-
VanHelsing Ransomware Targets Windows Systems with New Evasion Tactics and File Extension
Tags: advisory, breach, cyber, cybersecurity, data, encryption, extortion, leak, ransomware, tactics, windowsThe cybersecurity landscape has been recently disrupted by the emergence of the VanHelsing ransomware, a sophisticated strain identified by the CYFIRMA Research and Advisory Team. This ransomware targets Windows systems, employing advanced encryption techniques and appending a unique >>.vanhelsing
-
Ransomware-Attacke auf Mönchengladbacher Altenheimbetreiber
Eine Ransomware-Bande erpresst den Altenheimbetreiber der Stadt Mönchengladbach mit verschlüsselten Daten. Das Unternehmen weigert sich jedoch, das geforderte Lösegeld zu bezahlen.Wie der Westdeutsche Rundfunk (WDR) berichtet, haben Cyberkriminelle am Montag (17. März) die IT-Systeme der Mönchengladbacher Stadttochter Sozial-Holding lahmgelegt. Von dem Angriff betroffen sind demnach sowohl die Firmenzentrale als auch die Seniorenheime, die von der…
-
Babuk2 Ransomware Issues Fake Extortion Demands Using Data from Old Breaches
Recent investigations by the Halcyon RISE Team have uncovered a concerning trend in the ransomware landscape: the Babuk2 group is issuing extortion demands based on false claims. Despite announcing numerous attacks, there is no third-party confirmation or evidence from victims that these incidents have actually occurred. This strategy involves reusing data from earlier breaches to…
-
Extortion Reboot: Ransomware Crew Threatens Leak to Snowden
Though the group initially stuck to classic ransomware TTPs before demanding the ransom, it went off script when it began threatening the group and detailing potential consequences the victim would face. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ransomware-crew-leak-snowden-extortion-tactic
-
Extortion crew threatened to inform Edward Snowden (?!) if victim didn’t pay up
Tags: extortionDon’t laugh. This kind of warning shows crims are getting desperate First seen on theregister.com Jump to article: www.theregister.com/2025/03/18/extortionists_ox_thief_legal_threats/
-
Medusa Ransomware Strikes 300+ Targets: FBI CISA Urge Immediate Action to #StopRansomware
Medusa ransomware now operates as a RaaS model, recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-medusa-ransomware-fbi-cisa/
-
Scammers Pose as Cl0p Ransomware to Send Fake Extortion Letters
Scammers are sending fake extortion and ransom demands while posing as ransomware gangs, including the notorious Cl0p ransomware…. First seen on hackread.com Jump to article: hackread.com/scammers-pose-cl0p-ransomware-fake-extortion-letters/
-
Fraudsters Impersonate Clop Ransomware to Extort Businesses
Barracuda observed threat actors impersonating the Clop ransomware group via email to extort payments, claiming to have exfiltrated sensitive data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fraudsters-clop-ransomware-extort/
-
The most notorious and damaging ransomware of all time
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
Medusa Ransomware Turns Critical Infrastructure to Stone
FBI Ties Group to Triple-Extortion Tactics Involving Follow-On Ransom Demands. The Medusa ransomware group has been continuing to pummel critical infrastructure sectors across America, warns a joint U.S. government alert. The FBI said the group’s tactics include triple extortion, meaning it continues to shake victims down for a ransom, even after they’ve paid. First seen…
-
CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure
CISA and FBI warn of Medusa ransomware impacting over 300 victims across critical infrastructure sectors with double extortion tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-fbi-warn-medusa-ransomware/
-
Medusa ransomware affiliate tried triple extortion scam up from the usual double demand
Feds warn gang still rampant and now cracked 300+ victims around the world First seen on theregister.com Jump to article: www.theregister.com/2025/03/13/medusa_ransomware_infects_300_critical/
-
Die entscheidende Rolle der Replikation bei der Gewährleistung der Datenausfallsicherheit
Tags: extortionDatenverluste und Ausfallzeiten sind kostspielig. Aktuelle Kennzahlen sprechen diesbezüglich eine deutliche Sprache: Nach Selbsteinschätzung der von Statista im Jahr 2024 befragten Unternehmen entfielen 13,4 Milliarden Euro der hochgerechneten Gesamtschadenssumme in Höhe von 266,6 Milliarden Euro in den letzten 12 Monaten auf die Erpressung mit gestohlenen oder verschlüsselten Daten. Für die Sicherheit der Geschäftskontinuität ist es……
-
The state of ransomware: Fragmented but still potent despite takedowns
Tags: ai, alphv, antivirus, attack, backup, cloud, control, cyber, cybercrime, cybersecurity, data, ddos, detection, endpoint, extortion, firewall, group, incident response, intelligence, law, leak, LLM, lockbit, malware, network, ransom, ransomware, service, software, tactics, threat, tool, usa, zero-trustRunners and riders on the rise: Smaller, more agile ransomware groups like Lynx (INC rebrand), RansomHub (a LockBit sub-group), and Akira filled the void after major takedowns, collectively accounting for 54% of observed attacks, according to a study by managed detection and response firm Huntress.RansomHub RaaS has quickly risen in prominence by absorbing displaced operators…
-
SilentCryptoMiner malware spread via YouTuber extortion
First seen on scworld.com Jump to article: www.scworld.com/brief/silentcryptominer-malware-spread-via-youtuber-extortion
-
Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros
Tags: advisory, ai, awareness, banking, best-practice, business, cloud, compliance, corporate, crime, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, extortion, finance, fraud, governance, government, group, healthcare, infrastructure, iot, jobs, mail, malicious, microsoft, mitigation, monitoring, network, nis-2, privacy, qr, ransom, ransomware, regulation, resilience, risk, risk-assessment, risk-management, scam, service, strategy, technology, threat, tool, vmware, vulnerability, vulnerability-management, zero-dayCheck out best practices for shoring up data security and reducing cyber risk. Plus, get tips on how to improve job satisfaction among tech staff. Meanwhile, find out why Congress wants federal contractors to adopt vulnerability disclosure programs. And get the latest on cyber scams; zero-day vulnerabilities; and critical infrastructure security. Dive into six things…
-
Ransomware poseurs are trying to extort businesses through physical letters
The FBI is warning business leaders about the scam perpetrated by an unidentified threat group. First seen on cyberscoop.com Jump to article: cyberscoop.com/physical-mail-extortion-letters-target-executives/
-
FBI: Fake Ransomware Attack Claims Sent to US Executives via Snail Mail
An extortion group has been sending physical mail to corporate executives, threatening to leak their data unless a ransom is paid. The post FBI: Fake Ransomware Attack Claims Sent to US Executives via Snail Mail appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fbi-fake-ransomware-attack-claims-sent-to-us-executives-via-snail-mail/
-
Medusa Ransomware Attacks Surge 42% with Advanced Tools Tactics
Medusa ransomware attacks have seen a significant increase, rising by 42% between 2023 and 2024, with a further escalation in early 2025. This surge is attributed to the group Spearwing, which operates Medusa as a ransomware-as-a-service (RaaS) model. Spearwing and its affiliates are known for conducting double extortion attacks, where they steal data before encrypting…
-
FBI Issues Urgent Warning About Data Extortion Scam Targeting Corporate Executives
The Federal Bureau of Investigation (FBI) has alerted businesses about a disturbing new data extortion scam targeting corporate executives. The scheme, which is being orchestrated by criminals posing as the “BianLian Group,” involves sending fraudulent letters to high-level professionals with threats of sensitive data leaks unless hefty ransom payments are made. First seen on thecyberexpress.com…