Key Group: another ransomware group using leaked builders

Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released Read More …

Global Cyber Attacks to Double from 2020 to 2024

On the first day of Cybersecurity Awareness Month in the U.S., research has revealed that the number of significant global cyber attacks in 2024 will be double that of 2020. A new report from insurer QBE, Connected Business: digital dependency Read More …

China: Rast ransomware gang aiming at domestic government and enterprises

From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more Read More …

Ransomware attacks increasingly target Vietnam’s financial sector

At a recent conference on digital finance, Le Van Tuan, Director of the Department of Information Security under the Ministry of Information and Communications, said finance is a sector with a high ranking in digital transformation, but at the same Read More …

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware Read More …

From 12 to 21: How Kaspersky discovered connections between the Twelve and BlackJack groups

While analyzing attacks on Russian organizations, Kaspersky team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. Kaspersky researchers recently discovered one such overlap: similar tools and tactics between two hacktivist groups Read More …

Cyber attack on city of Wichita limited to police records, internal investigation finds

A ransomware attack that crippled the city of Wichita’s network for more than a month starting in May was limited to a Wichita Police Department records system, city officials said Wednesday. That means the Russian hacker group — LockBit — Read More …

Fortinet confirms data breach after allegedly refusing to pay ransom

In an announcement posted on Fortinet’s website, the company said that someone gained access to a “limited number of files” stored on its instance of an unnamed third-party cloud-based shared file drive. The files included “limited data related to a Read More …

Mallox ransomware: in-depth analysis and evolution

Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the Read More …

Decoding the Puzzle: Cicada3301 Ransomware Threat Analysis

Cicada3301 ransomware, written in Rust, was first reported less than two months ago. Despite its recent emergence, Morphisec threat researchers have already identified striking similarities between Cicada3301 and the infamous BlackCat ransomware. Like its namesake, the Cicada puzzle, which has Read More …