They have also employed ClickFix, a social engineering method that tricks victims into running a malicious payload under the pretense of resolving a system issue. Once inside, the actors then deploy various methods for discovery, credential access, and lateral movement to spread to other systems on the network. Interlock actors employ a double extortion model...Read More
In the ever-evolving world of cyber threats, the recent dismantling of the BlackSuit ransomware operation by international law enforcement has barely caused a ripple before a new player stepped in to fill the void. Just days after authorities seized BlackSuit’s dark web extortion sites, a group dubbing itself Chaos has surfaced, launching aggressive attacks that...Read More
Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, said the findings are based on an “expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603.” The threat actor...Read More
Chinese hackers are exploiting a new vulnerability in Microsoft SharePoint products to deploy ransomware, increasing the pressure on governments around the world as they race to assess any damage done to their systems. In an update on Wednesday night, Microsoft said a China-based actor it identifies as Storm-2603 is now deploying Warlock ransomware after exploiting...Read More
A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. Non-profit security organization Shadowserver is currently tracking over 420 SharePoint servers that are exposed online and remain vulnerable to these ongoing attacks. “Although Microsoft has observed this threat actor deploying Warlock and Lockbit ransomware in...Read More
Four major U.S. agencies have issued a joint cybersecurity alert warning about the escalating threat posed by the Interlock ransomware operation, which has increasingly targeted businesses, healthcare providers, and critical infrastructure entities across North America and Europe. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services...Read More
With the help of Bitdefender and more than a dozen law enforcement agencies, the U.S. Department of Homeland Security Investigations seized the extortion site belonging to the BlackSuit ransomware group. The group, including previous versions of its operations, has claimed hundreds of victims worldwide with ransom demands totaling more than $500 million in the last few...Read More
In the shadow of a global ransomware crisis, a quiet revolution is unfolding in boardrooms and IT departments. The cost of inaction has never been higher: enterprises now spend $2.73 million on average to recover from a single ransomware attack, with downtime alone costing $53,000 per hour. As the threat evolves—from AI-generated phishing schemes to...Read More
Microsoft has warned that hackers are making use of the zero-day SharePoint flaw to distribute ransomware, adding an extra risk to the serious vulnerability. The SharePoint flaw, known as “ToolShell”, was spotted over the weekend, sparking an immediate patch from Microsoft — though initially only for some versions of the server software, all supported versions...Read More
