Tag: lockbit
-
New kids on the ransomware block channel Lockbit to raid Fortinet firewalls
It’s March already and you haven’t patched? First seen on theregister.com Jump to article: www.theregister.com/2025/03/14/ransomware_gang_lockbit_ties/
-
U.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown
The U.S. Department of Justice has charged Rostislav Panev, a dual Russian and Israeli national, for his role as a developer of the notorious LockBit ransomware group. Panev, 51, was arrested in Israel in August following a U.S. provisional arrest request, and he is currently awaiting extradition to the United States. This action marks a…
-
SuperBlack ransomware may have ties to LockBit
Forescout researchers report on a new ransomware gang that appears to be keeping the legacy of the notorious LockBit crew alive First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620584/SuperBlack-ransomware-may-have-ties-to-LockBit
-
The state of ransomware: Fragmented but still potent despite takedowns
Tags: ai, alphv, antivirus, attack, backup, cloud, control, cyber, cybercrime, cybersecurity, data, ddos, detection, endpoint, extortion, firewall, group, incident response, intelligence, law, leak, LLM, lockbit, malware, network, ransom, ransomware, service, software, tactics, threat, tool, usa, zero-trustRunners and riders on the rise: Smaller, more agile ransomware groups like Lynx (INC rebrand), RansomHub (a LockBit sub-group), and Akira filled the void after major takedowns, collectively accounting for 54% of observed attacks, according to a study by managed detection and response firm Huntress.RansomHub RaaS has quickly risen in prominence by absorbing displaced operators…
-
US Cybercom, CISA retreat in fight against Russian cyber threats: reports
Tags: apt, blizzard, china, cisa, cyber, cybersecurity, data, government, group, hacker, infrastructure, international, iran, lockbit, microsoft, ransomware, risk, risk-management, russia, threatPurported shift at CISA away from reporting on Russian threats: Shortly after The Record issued its report, The Guardian reported that the US Cybersecurity and Infrastructure Security Agency (CISA) sent an internal memo setting out new priorities for the agency, including China but excluding Russia. One source said analysts at the agency were verbally informed…
-
The New Ransomware Groups Shaking Up 2025
In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023. After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year’s total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of…
-
Ransomware-Szene im Umbruch: Aktuelle Entwicklungen und wichtige Trends
Ransomware bleibt eine ständige Bedrohung, verändert sich jedoch stetig. Während große Akteure wie LockBit und ALPHV/BlackCat verschwinden, rücken neue Gruppen nach. Ransomware-as-a-Service (RaaS) entwickelt sich weiter, und sogar Staaten wie Russland und Nordkorea nutzen sie als Einnahmequelle. Neben diesem Strukturwandel zeichnen sich markante Trends ab. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/ransomware-szene-im-umbruch-aktuelle-entwicklungen-und-wichtige-trends/
-
Fragmentierung und Partnerwechsel: Strukturwandel in der Ransomware-Szene
Das Damoklesschwert Ransomware ist nicht neu, aber es schlägt immer etwas anders aus. Große Akteure wie LockBit und ALPHV/BlackCat sind scheinbar passé, doch in entstehende Lücken drängen neue, noch nicht etablierte Gruppen. Die Ransomware-as-a-Service (RaaS)-Gruppen revidieren zudem ihre interne Arbeitsaufteilung und -organisation. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ransomware-szene-im-umbruch
-
LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat
LockBit claims to have “classified information” for FBI Director Kash Patel that could “destroy” the agency if leaked. The ransomware gang LockBit sent a strange message to newly appointed FBI Director Kash Patel, they offer alleged “classified information” that could “destroy” this agency if publicly disclosed. The ransomware group published the message on their dark…
-
Siberia’s largest dairy plant reportedly disrupted with LockBit variant
Reports said the dairy company Sayanmoloko’s plant in Semyonishna was attacked with LockBit ransomware, possibly because of its support for Russian troops in Ukraine. Company printers reportedly churned out leaflets. First seen on therecord.media Jump to article: therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant
-
From Confluence Vulnerability (CVE-2023-22527) to LockBit Encryption: A Rapid Attack Chain
Security researchers at The DFIR Report have uncovered a highly coordinated attack that leveraged a critical remote code First seen on securityonline.info Jump to article: securityonline.info/from-confluence-vulnerability-cve-2023-22527-to-lockbit-encryption-a-rapid-attack-chain/
-
LockBit Ransomware Strikes: Exploiting a Confluence Vulnerability
Tags: attack, cvss, cyber, data-breach, exploit, lockbit, malicious, ransomware, remote-code-execution, vulnerability, windowsIn a swift and highly coordinated attack, LockBit ransomware operators exploited a critical remote code execution vulnerability (CVE-2023-22527) in Atlassian Confluence servers, targeting an exposed Windows server. This vulnerability, rated CVSS 10.0, enabled unauthenticated attackers to execute arbitrary commands by injecting malicious Object-Graph Navigation Language (OGNL) expressions into improperly sanitized template files. The attack commenced…
-
A landscape forever altered? The LockBit takedown one year on
The NCA-led takedown of the LockBit ransomware gang in February 2024 heralded a transformative year in the fight against cyber crime. One year on, we look back at Operation Cronos and its impact First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619310/A-landscape-forever-altered-The-LockBit-takedown-one-year-on
-
Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers
Dutch police seized 127 servers of the bulletproof hosting service Zservers/XHost after government sanctions. On February 11, 2025, the US, UK, and Australia sanctioned a Russian bulletproof hosting services provider and two Russian administrators because they supported Russian ransomware LockBit operations. Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov are the two Russian nationals and administrators of Zservers.…
-
RansomHub: The New King of Ransomware? Targeted 600 Firms in 2024
RansomHub emerges as a major ransomware threat in 2024, targeting 600 organizations after ALPHV and LockBit disruptions. Group-IB… First seen on hackread.com Jump to article: hackread.com/ransomhub-king-of-ransomware-600-firms-2024/
-
LockBit crackdown continues with Zservers sanctions
Tags: lockbitFirst seen on scworld.com Jump to article: www.scworld.com/news/lockbit-crackdown-continues-with-zservers-sanctions
-
Feds Sanction Russian Cybercrime Bulletproof Hosting Service
US, UK and Australia Target Zservers for Supporting LockBit, Other Cybercrime Groups. A Russian bulletproof hosting service used by cybercriminals including the LockBit ransomware group has been sanctioned by Australian, British and American agencies. Zservers has been advertised in criminal forums as an aid to avoid law enforcement investigations and takedowns. First seen on govinfosecurity.com…
-
Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks
US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/feds-sanction-russian-hosting-provider-lockbit-attacks
-
US Treasury Sanctions Russian Bulletproof Hosting Provider Zservers for Supporting LockBit Ransomware Attacks
The U.S. Department of the Treasury, in a coordinated effort with Australia and the United Kingdom, has announced First seen on securityonline.info Jump to article: securityonline.info/us-treasury-sanctions-russian-bulletproof-hosting-provider-zservers-for-supporting-lockbit-ransomware-attacks/
-
Russian bulletproof hosting service Zservers sanctioned by US for LockBit coordination
The U.S., the U.K. and Australia sanctioned Russia-based Zservers, connecting the Russian company’s internet hosting services to the LockBit ransomware operation. First seen on therecord.media Jump to article: therecord.media/zservers-russia-bulletproof-hosting-us-uk-sanctions
-
UK, US, Oz blast holes in LockBit’s bulletproof hosting provider Zservers
Tags: lockbitUK foreign secretary says Putin is running a ‘corrupt mafia state’ First seen on theregister.com Jump to article: www.theregister.com/2025/02/11/aukus_zservers_lockbit_sanctions/
-
AUKUS blasts holes in LockBit’s bulletproof hosting provider
Tags: lockbitUK foreign secretary says Putin is running a ‘corrupt mafia state’ First seen on theregister.com Jump to article: www.theregister.com/2025/02/11/aukus_zservers_lockbit_sanctions/
-
Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia
Russia-based bulletproof hosting services provider Zservers was sanctioned for providing services to support LockBit ransomware operations. The post Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-cybercrime-network-targeted-for-sanctions-across-us-uk-and-australia/
-
U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure
Zservers, a Russia-based company, along with two employees, allegedly ran specialized servers tied to ransomware attacks. First seen on cyberscoop.com Jump to article: cyberscoop.com/zservers-bulletproof-hosting-sanctions-lockbit-ransomware/
-
US sanctions LockBit ransomware’s bulletproof hosting provider
The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomwares-bulletproof-hosting-provider/
-
Ransom Payments Fell 35% in 2024 After LockBit, BlackCat Takedowns
Law enforcement actions, better defenses, and a refusal by victims to pay helped to reduce the amount of ransoms paid in 2024 by $35%, a sharp decline from the record $1.25 billion shelled out in 2023, according to researchers with Chainalysis. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/ransom-payments-fell-35-in-2024-after-lockbit-blackcat-takedowns/
-
Still-Lucrative Ransomware’s Profits Plunged 35% Last Year
Collapse of LockBit and BlackCat/ALPHV Tied to Ongoing Decline in Big-Game Hunting. Ransomware may still be raking in massive cryptocurrency profits for practitioners, but 2024 turned out to be less of a banner year than predicted, with blockchain researchers reporting that the sum total of known ransom payments to ransomware groups in 2024 plummeted by…