A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names.
The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in billions from companies, hospitals, and individuals worldwide. It’s part of his “fight against an organized society of criminals known worldwide,” GangExposed told The Register via Signal chat. He claims that he’s not interested in the $10 million bounty that the Feds have put up for information about one key Conti leader that he’s already named, as well as a second that he says will soon be identified on Telegram.
Read more…
Source: The Register News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Details of 10.6 million MGM hotel guests posted on a hacking forum
February 19, 2020
The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s ...
- Assessment of Ransomware Event at U.S. Pipeline Operator
February 19, 2020
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on 18 February 2020 on a ransomware incident impacting a natural gas compression facility at an unidentified U.S. pipeline operator. The ransomware event impacted both IT and ICS assets by causing loss of view and control impacts that caused the facility to implement controlled shutdown processes ...
- Threat Spotlight: Nuke Ransomware
February 19, 2020
Nuke ransomware, first identified in 2016, encrypts files with an AES 256-bit encryption key that is protected by asymmetrically encrypting it using 2048-bit RSA. Once a file is encrypted, Nuke changes the file name to a combination of random characters followed by a .nuclear55 extension. For example, an infected file name might be “ab0a+afbamcdEcmf.nuclear55”. Once Nuke executes it ...
- SMS Attack Spreads Emotet, Steals Bank Credentials
February 19, 2020
Attackers are sending SMS messages purporting to be from victims’ banks – but once they click on the links in the text messages, they are asked to hand over their banking credentials and download a file that infects their systems with the Emotet malware. Emotet has continued to evolve since its return in September, including a new, ...
- LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File
February 14, 2020
LokiBot, which has the ability to harvest sensitive data such as passwords as well as cryptocurrency information, proves that the actors behind it is invested in evolving the threat. In the past, we have seen a campaign that exploits a remote code execution vulnerability to deliver LokiBot using the Windows Installer service, a Lokibot variant that uses ISO ...
- Wireshark Tutorial: Examining Qakbot Infections
February 13, 2020
Qakbot is an information stealer also known as Qbot. This family of malware has been active for years, and Qakbot generates distinct traffic patterns. This Wireshark tutorial reviews a recent packet capture (pcap) from a Qakbot infection. Understanding these traffic patterns can be critical for security professionals when detecting and investigating Qakbot infections. Note: This tutorial assumes you have ...