It’s like a technological thriller come to life. Ransomware entered the global spotlight in 2021 after a number of high-profile cases caught the media’s attention. But long before the growing threat entered the public domain, a small group of individuals started quietly helping thousands of people and businesses get their information back – without paying the ransom.
BleepingComputer reports that a cybercriminal gang is sending phony ransomware threats to prior victims of ransomware attacks. The gang, which calls itself “Midnight,” claims to have stolen hundreds of gigabytes of data and threatens to leak it if the victim doesn’t pay a ransom. Security firm Kroll said the gang’s ransom notes use the names of more prolific ransomware actors.
Another supply chain attack requires an urgent response from security teams.
The Biden Administration’s 35-page National Cybersecurity Strategy released in March 2023 emphasizes the growing importance of cybersecurity for both private companies and federal agencies. The strategy specifically highlights ransomware as a significant concern, particularly in terms of its impact on private companies that collaborate with the federal government or are critical to national security.
The threat of ransomware has been ever present in 2020, especially within the high-stakes industries like healthcare and those involved in the election. According to Verizon's 2019 Data Breach Investigations Report, 24% of security incidents that involved specific malware functionality exhibited ransomware functionality.
The world of cybersecurity is a never-ending battle, with malicious actors constantly devising new ways to exploit vulnerabilities and infiltrate networks. One such threat, causing headaches for security teams for over a decade, is the Qakbot Trojan, also known as Qbot. Qakbot has been used in malicious campaigns since 2007, and despite many attempts to stamp it out, continues to evolve and adapt in an attempt to evade detection.
A joint advisory on LockBit 3.0 ransomware, CISA’s latest tool which detects hacking activity in Microsoft cloud services, and ScarCruft’s evolving arsenal.
Legitimate cloud storage services are increasingly being exploited for cyber espionage, so the discovery of a similar operation in the context of the Russian invasion of Ukraine was just a matter of time.
