A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names.
The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in billions from companies, hospitals, and individuals worldwide. It’s part of his “fight against an organized society of criminals known worldwide,” GangExposed told The Register via Signal chat. He claims that he’s not interested in the $10 million bounty that the Feds have put up for information about one key Conti leader that he’s already named, as well as a second that he says will soon be identified on Telegram.
Read more…
Source: The Register News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Nasty phishing scams aim to exploit coronavirus fears
March 6, 2020
Cyber criminals are aiming to take advantage of fears over coronavirus as a means of conducting phishing attacks and spreading malware, along with stealing login credentials and credit card details. Cybersecurity companies have identified a number of campaigns by hackers who are attempting to exploit concerns about the COVID-19 outbreak for their own criminal ends. Crooks often use ...
- Next-Gen Ransomware Packs a ‘Human’ Punch, Microsoft Warns
March 6, 2020
Researchers are warning that “human operated” ransomware campaigns are growing more sophisticated, adopting new infection tactics and lateral movement techniques that traditional defense teams aren’t equipped to handle. Researchers said that “auto-spreading” ransomware – like WannaCry and NotPetya – are making headlines due to the crippling downtimes that these attacks cause. However, “human operated” ransomware – like REvil, Bitpaymer, and Ryuk – ...
- Ryuk ransomware hits Fortune 500 company EMCOR
March 5, 2020
EMCOR Group (NYSE: EME), a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems. The incident took place on February 15 and was identified as an infection with the Ryuk ransomware strain. Details of the attack and the aftermath are not public, ...
- DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla
March 3, 2020
A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved the attacker accessing and stealing company data after a security ...
- GuLoader: Malspam Campaign Installing NetWire RAT
March 3, 2020
NetWire is a publicly-available RAT that has been used by criminal organizations and other malicious groups since 2012. NetWire is distributed through various campaigns, and we usually see it sent through malicious spam (malspam). GuLoader is a file downloader that was first discovered in December 2019, and it has been used to distribute a wide variety of remote ...
- TrickBot Adds ActiveX Control, Hides Dropper in Images
March 2, 2020
The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. Michael Gorelik, researcher at Morphisec Labs, said that at least two dozen documents have come to light in the last few weeks that use ActiveX—a feature in Remote Desktop Protocol (RDP) – to ...