Ransomware operators arrested in Ukraine

A joint international law enforcement operation led to the arrest of two ransomware operators in Ukraine who have extorted victims with ransom demands ranging between €5 to €70 million. The operation was conducted in coordination with the FBI, the French police (Gendarmerie Nationale), and the Ukrainian National Police. The police officials performed seven property searches, […]

REvil Ransomware universal decryptor key is out

Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation which could be used by past victims to recover their files for free. The REvil gang hit the Kaseya cloud-based MSP platform on July 2nd which impacted MSPs and their customers. The gang initially compromised the Kaseya VSA’s infrastructure, then pushed out […]

LockFile ransomware targets Microsoft Exchange servers

A new ransomware gang called LockFile encrypts Windows domains after exploiting the Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. ProxyShell is the name of an attack consisting of three chained Microsoft Exchange vulnerabilities that leads to unauthenticated, remote code execution. The three vulnerabilities were discovered by Devcore Principal Security Researcher Orange Tsai, who […]

Accenture hit by LockBit Ransomware

Global IT consultancy giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 ransomware operators according to an announcement made by the gang on their leak site. The message posted on the data leak website reads as “These people are beyond privacy and security. I really hope that their services are better […]

Angry Conti ransomware affiliate leaks gang’s playbook

A disgruntled Conti affiliate has leaked the gang’s training material when conducting attacks, which also includes information about one of the ransomware’s operators. The Conti Ransomware operation does ransomware-as-a-service (RaaS), where the core team manages the malware and Tor sites, while recruited affiliates perform network breaches and encrypt devices. In this arrangement, the core team […]

DarkSide ransomware gang returns as new BlackMatter operation

Encryption algorithms found in a decryptor indicate that the notorious DarkSide ransomware gang has been rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. The DarkSide ransomware group faced increased scrutiny by international law enforcement and the US government for their role in attacks against Colonial Pipeline, the largest […]