Hacker in Snowflake Extortions May Be a U.S. Soldier
Krebs on Security » Ransomware
by BrianKrebs
4d ago
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea ..read more
Visit website
Low-Drama ‘Dark Angels’ Reap Record Ransoms
Krebs on Security » Ransomware
by BrianKrebs
4M ago
A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn't get much press because they work alone and maintain a low profile, picking one target at a time and favoring mass data theft over disrupting the victim's operations ..read more
Visit website
U.S. Trades Cybercriminals to Russia in Prisoner Swap
Krebs on Security » Ransomware
by BrianKrebs
4M ago
Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were five convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan ..read more
Visit website
The Stark Truth Behind the Resurgence of Russia’s Fin7
Krebs on Security » Ransomware
by BrianKrebs
5M ago
The Russia-based cybercrime group dubbed “Fin7,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions, a sprawling hosting provider that is a persistent source of cyberattacks against enemies of Russia. In May 2023, the U.S. attorney for Washington state declared “Fin7 is an entity no more,” aft ..read more
Visit website
‘Operation Endgame’ Hits Malware Delivery Platforms
Krebs on Security » Ransomware
by BrianKrebs
6M ago
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot. A frame from one of three animated videos released today in connection with Operation Endgame. Operation Endgame targets the cybercrime ecosystem ..read more
Visit website
How Did Authorities Identify the Alleged Lockbit Boss?
Krebs on Security » Ransomware
by BrianKrebs
7M ago
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. Dmitry Yuryevich Khoroshev. Image: treasury.gov. On May 7, the U.S ..read more
Visit website
BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare
Krebs on Security » Ransomware
by BrianKrebs
9M ago
There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears t ..read more
Visit website
Fulton County, Security Experts Call LockBit’s Bluff
Krebs on Security » Ransomware
by BrianKrebs
9M ago
The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely bluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. and U.K. law enforcement. The LockBit website included a countdown ..read more
Visit website
FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.
Krebs on Security » Ransomware
by BrianKrebs
10M ago
The FBI’s takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom. LockBit claims the cache includes documents tied to the county’s ongoing criminal prosecution of former President Trump, but court watchers say teaser documents published by the crime gang suggest a total leak of the Fulton County data could put lives at risk and jeopardize a number of other ..read more
Visit website
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
Krebs on Security » Ransomware
by BrianKrebs
10M ago
U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn’t pay, LockBit’s victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates. Investigators used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools. Dubbed “Operation Cronos,” the law enfo ..read more
Visit website

Follow Krebs on Security » Ransomware on FeedSpot

Continue with Google
Continue with Apple
OR