Tag: extortion
-
Google Reveals Hackers Targeting US Following UK Retailer Attacks
The Google Threat Intelligence Group (GTIG) recently revealed that the well-known hacker collective UNC3944, which also overlaps with the widely publicized Scattered Spider, is a persistent and dynamic cyberthreat. Initially focused on telecommunications for SIM swap operations, UNC3944 has since pivoted to ransomware and data theft extortion tactics since early 2023, casting a wider net…
-
Coinbase Says Breach May Cost $400 Million, Issues $20 Million Bounty
The major data breach of cryptocurrency exchange Coinbase could cost the company as much as $400 million, it told the SEC. However, rather than pay the $20 million extortion demand, Coinbase issued a $20 million bounty on the hackers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/coinbase-says-breach-may-cost-400-million-issues-20-million-bounty/
-
‘Would rather pay bounty than ransom’: Coinbase on $20M extortion attempt
Hackers are demanding a ransom of the same amount: According to the filing, the email communication by the threat actor demanded $20 million in exchange for not publicly disclosing the information. It remains to be seen how threat actors respond to Coinbase refusing to pay the ransom.”Coinbase’s decision to publicly counter-extort with a $20 million…
-
Coinbase flips $20M extortion demand into bounty for info on attackers
The largest cryptocurrency exchange in the U.S. said cybercriminals bribed insiders to steal data on customers, some of whom were duped into handing over crypto assets. First seen on cyberscoop.com Jump to article: cyberscoop.com/coinbase-cyberattack-extortion-counter-reward/
-
Scattered-Spider mischt den britischen Einzelhandel auf
Check Point Software Technologies analysiert die Hacker-Gruppe Scattered-Spider, die als Teil des Dragonforce-Ransomware-Kartells agiert, das sich zu einer Reihe von Angriffen auf britische Einzelhandelsunternehmen im April und Mai 2025 bekannt hat. Während Dragonforce sich für Erpressung und Datenabfluss verantwortlich erklärte, deuten immer mehr Hinweise darauf hin, dass auch Scattered-Spider eine grundlegende Rolle bei der Durchführung…
-
Researchers Replicate Advanced Tactics and Tools of VanHelsing Ransomware
Cybersecurity researchers at AttackIQ have meticulously emulated the intricate tactics, techniques, and procedures (TTPs) of the VanHelsing ransomware, a potent ransomware-as-a-service (RaaS) operation that surfaced in March 2025. This cyber threat has rapidly gained notoriety within the cybercriminal underworld for its advanced cross-platform capabilities and aggressive double extortion model. VanHelsing targets a wide array of…
-
Coinbase disclosed a data breach after an extortion attempt
Coinbase confirmed rogue contractors stole customer data and demanded a $20M ransom in a breach reported to the SEC. Coinbase said rogue contractors stole data on under 1% of users and demanded $20M; the data breach was disclosed in an SEC filing. On May 11, 2025, the company received a ransom demand from a threat…
-
Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers.”Criminals targeted our customer support agents overseas,” the company said in a statement. “They used cash offers to convince a small group of insiders to copy data in our customer support tools…
-
Coinbase offers $20 million bounty after extortion attempt with stolen data
Cryptocurrency trading platform Coinbase said an attacker tried to extort the company for $20 million over stolen data. “We said no,” Coinbase said, and instead offered that amount as a bounty. First seen on therecord.media Jump to article: therecord.media/coinbase-extortion-attempt-company-offers-20million-reward
-
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug.Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the…
-
Sie kommen aus Nordkorea: Wie Unternehmen sich gegen falsche IT-Profis schützen können
Seit einiger Zeit geben sich Bedrohungsakteure:innen aus Nordkorea als legitime IT-Profis aus. Ihr Ziel: Remote-Jobs ergattern, um primär mit ihrem Gehalt nordkoreanische Interessen zu finanzieren und sekundär monetäre Mittel via Erpressung durch Datendiebstahl zu erlangen. Sophos hat insbesondere für Personalverantwortende Tipps zu Vorstellungsgesprächen, Onboarding und Compliance zusammengestellt. ‘Die Betrüger:innen haben in der Vergangenheit mit Fähigkeiten…
-
PowerSchool data breach leads to school extortion attempts
A threat actor has contacted multiple school districts demanding payments related to student and staff data stolen in a December breach. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/powerschool-data-breach-school-extortion-attempts/747801/
-
PowerSchool Admits Ransom Payment Amid Fresh Extortion Demands
PowerSchool said its customers had been hit by new extortion demands using data stolen in a previous attack, despite attacker claims the data had been deleted First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/powerschool-ransom-payment/
-
No Fairy Tale Ending: PowerSchool’s Hacker Targets Customers
After Vendor Paid for Data-Deletion Promise, Criminals Extort Schools Directly Students, gather round for the sad story of how PowerSchool got schooled by hackers, who stole data on students and teachers. After PowerSchool paid a ransom for a guarantee that the data would be deleted, the bad hackers failed to honor their promise. First seen…
-
Double-extortion tactics used in PowerSchool ransomware attack
First seen on scworld.com Jump to article: www.scworld.com/news/double-extortion-tactics-used-in-powerschool-ransomware-attack
-
PowerSchool paid a hacker’s ransom, but now schools say they are being extorted
Schools in Toronto and North Carolina are reporting extortion attempts. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/08/powerschool-paid-a-hackers-ransom-but-now-schools-say-they-are-being-extorted/
-
Living in a Fairytale: PowerSchool’s Failures Continue
Criminals Extort School Employees After Vendor Paid for Data-Deletion Promise Students, gather round for the sad story of how PowerSchool got schooled not once, but twice. Surprise: attackers who received a ransom payment in return for a promise to delete data they stole from PowerSchool pertaining to students and teachers didn’t actually delete the data.…
-
LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online
The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion rings, has itself become the victim of a major cyberattack. On May 7, attackers breached and defaced the group’s dark web sites, leaking a trove of operational data and internal chats in a stunning turn of events that sent shockwaves…
-
PowerSchool customers hit by downstream extortion threats
The large education tech vendor was hit by a cyberattack and paid a ransom in December. Now, a threat actor is attempting to extort the company’s customers with stolen data. First seen on cyberscoop.com Jump to article: cyberscoop.com/powerschool-customers-hit-by-downstream-extortion-threats/
-
Despite ransom payment, PowerSchool hacker now extorting individual school districts
The education tech giant said it is “aware that a threat actor has reached out to multiple school district customers in an attempt to extort them.” First seen on therecord.media Jump to article: therecord.media/despite-ransom-payment-powerschool-extorting
-
UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion
UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has transitioned from niche SIM swapping operations targeting telecommunications organizations to a more aggressive focus on ransomware and data theft extortion across diverse industries. Initially observed exploiting telecom vulnerabilities to facilitate SIM swaps, UNC3944 pivoted in early 2023 to deploy ransomware…
-
Luna Moth extortion hackers pose as IT help desks to breach US firms
The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/luna-moth-extortion-hackers-pose-as-it-help-desks-to-breach-us-firms/
-
Gunra Ransomware’s Double”‘Extortion Playbook and Global Impact
Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems across industries such as real estate, pharmaceuticals, and manufacturing. As reported by CYFIRMA, this ransomware employs a sophisticated double-extortion strategy, encrypting victims’ data while exfiltrating sensitive information to coerce payments. With documented attacks in Japan, Egypt, Panama, Italy, and Argentina, Gunra’s…
-
Ukrainian Extradited to U.S. Over Global Ransomware Scheme Using Nefilim Strain
Artem Stryzhak, a Ukrainian national, has been extradited from Spain to the United States to face charges related to a global ransomware operation that used the notorious Nefilim ransomware strain. The 2025 extradition is an important step in a years-long investigation into a cyber-extortion campaign that targeted multinational corporations and caused millions of dollars in…
-
NCSC Warns of Ransomware Attacks Targeting UK Organisations
National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber attacks targeting UK retailers. These incidents have prompted concerns about the evolving threat landscape, particularly regarding ransomware and data extortion techniques. The NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse, have highlighted specific technical measures that organizations…
-
Leaders of 764, global child sextortion group, arrested and charged
The Justice Department accuses two men of running a “network of nihilistic violent extremists” who engaged in and facilitated the grooming, manipulation and extortion of minors. First seen on cyberscoop.com Jump to article: cyberscoop.com/764-leaders-arrested-charged-child-sextortion/
-
RansomHub Refines Extortion Strategy as RaaS Market Fractures
RansomHub refines extortion strategy amid RaaS market fractures, expanding affiliate recruitment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomhub-refines-extortion/
-
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).”LAGTOY…