[ad_1] The Embargo ransomware group, potentially a rebranded version of the notorious BlackCat (ALPHV) operation, has moved over $34 million in cryptocurrency between April and August 2024, according to analysis by TRM Labs [1]. The group has been specifically targeting U.S. healthcare providers and critical infrastructure, with ransom demands reaching as high as $1.3 million...Read More
[ad_1] Hackers responsible for a cyberattack that forced St. Paul to shut down its computer systems two weeks ago demanded a ransom from the city, the mayor’s office confirmed this weekend. But there is no evidence so far that the hackers obtained any data from the city in their attack, according to Jennifer Lor, Mayor...Read More
[ad_1] – Embargo ransomware group has moved $34M in crypto since April 2024, targeting U.S. healthcare and critical infrastructure with up to $1.3M ransom demands. – Linked to BlackCat (ALPHV) via shared tech, wallets, and tactics, suggesting a rebranded operation exploiting similar ransomware-as-a-service models. – Uses double extortion and public data leaks to pressure victims,...Read More
[ad_1] IBM X-Force has uncovered CastleBot, a nascent malware framework operating as a Malware-as-a-Service (MaaS) platform, enabling cybercriminals to deploy a spectrum of payloads ranging from infostealers to sophisticated backdoors implicated in ransomware operations. First detected in early 2025 with heightened activity since May, CastleBot facilitates the delivery of threats like NetSupport and WarmCookie, which...Read More
[ad_1] Exclusive: Belmont Christian College investigating ransomware claims Threat actors have claimed a cyber attack on a NSW Christian school, claiming to have exfiltrated student and employee data. Belmont Christian College, which is owned by Belmont Baptist Church, is a kindergarten to year 12 Christian school located in the Lake Macquarie area of NSW. In...Read More
[ad_1] The Cookville Regional Medical Center (CRMC), serving the surrounding Tennessee and Kentucky regions, is still struggling to recover from a July 13th ransomware attack claimed over the weekend by the Rhysida gang. The Rhysida ransomware group has posted the Cookeville Regional Medical Center on its dark leak site, two weeks after the inital attack....Read More
[ad_1] Since 2022, ransomware campaigns have grown increasingly adept at evading endpoint detection and response (EDR) systems. Sophisticated malware known as EDR killers, specifically ‘AVKiller’, are now routinely deployed as the first stage in multi-pronged attacks, neutralizing security software to enable ransomware execution. The emergence of AVKiller highlights a mature criminal marketplace: some tools are...Read More
[ad_1] Federal law enforcement agencies have successfully dismantled critical infrastructure belonging to BlackSuit ransomware, marking a significant victory in the ongoing fight against cybercriminal enterprises. The operation, coordinated by ICE’s Homeland Security Investigations (HSI) alongside international partners, targeted the successor group to Royal ransomware, which has terrorized organizations worldwide through sophisticated double-extortion tactics. International Operation...Read More
[ad_1] US law enforcement claims BlackSuit is completely dismantled The agencies seized servers, domains and digital assets Since 2022, the group hit 450 companies and stole millions of dollars BlackSuit, a ransomware group and a successor to the Royal gang, managed to compromise 450 organizations in the United States and steal $370 million in ransom...Read More
[ad_1] In the ever-evolving cat-and-mouse game between cybercriminals and security vendors, a new tactic has emerged that underscores the vulnerabilities inherent in even the most trusted software components. Hackers deploying the Akira ransomware have discovered a clever method to sidestep Microsoft Defender, Windows’ built-in antivirus, by exploiting a legitimate driver from an Intel CPU tuning...Read More
