27 Sep 2022

Preventing Cryptocurrency Cyber Extortion

To solve crime, the old saying still holds: “Follow the money.” But how do you do that for cybercrimes when the money itself is decentralized and anonymous—as is the case with cryptocurrency? In today’s threat environment, it’s becoming increasingly crucial for enterprises to boost their cybersecurity maturity. Over a decade ago,

Read More
07 Sep 2022

TeslaGun Primed to Blast a New Wave of Backdoor Cyberattacks

A newly discovered cyberattack panel dubbed TeslaGun has been discovered, used by Evil Corp to run ServHelper backdoor campaigns. Data gleaned from an analysis by the Prodraft Threat Intelligence (PTI) team shows the Evil Corp ransomware gang (aka TA505 or UNC2165, along with half a dozen other colorful tracking names) has

Read More
05 Sep 2022

Unraveling How Cybercriminals Extort Businesses Worldwide

The paper, “An Anatomy of Crypto-Enabled Cybercrimes,” takes a detailed look at how highly sophisticated criminal organizations, mainly based in Russia and North Korea, extort money from corporations worldwide. The majority of these victimized firms are in the United States. “This was actually a difficult decision to do this paper because

Read More
19 Jul 2022

US disrupts North Korean hackers that targeted hospitals

The FBI and Justice Department recently disrupted the activities of a hacking group that was sponsored by the North Korean government and that targeted U.S. hospitals with ransomware. The FBI and Justice Department recently disrupted the activities of a hacking group that was sponsored by the North Korean government and that

Read More
18 May 2022

5 Years That Altered the Ransomware Landscape

The ransomware landscape has evolved considerably since WannaCry dramatically drove home the potential severity of the threat five years ago on May 12. What has changed somewhat less over the same period is enterprise preparedness in the face of ransomware attacks. Ransomware emerged and has remained entrenched as one of the

Read More
17 Nov 2021

Joint Cybersecurity Advisory Released by CISA, FBI, AUS CSC and UK NCSC Regarding Iranian Government-Sponsored APT

An advanced persistent threat (APT) group since March of 2021, has been exploiting Fortinet vulnerabilities and, since October 2021, a Microsoft Exchange ProxyShell vulnerability “to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.” This joint cybersecurity advisory is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC).

The Joint Cybersecurity Advisory was released this morning at approx. 11 AM EST.

Read More
15 May 2020

Law firm hackers double ransom and claim to have material on President Trump

The cybercrime group REvil has doubled the extortion ransom against compromised law firm Grubman, Shire, Meiselas and Sacks.  The law firm represents clients such as Lady Gaga, Drake, Elton John, Madonna, Robert De Niro, LeBron James, The Weeknd, and Priyanka Chopra. Despite the fact that President Trump was not a

Read More
31 Oct 2019

Hackers who extorted Uber and LinkedIn plead guilty

In 2016, one American citizen and one Canadian national teamed up to compromise the systems of Uber and LinkedIn in order to steal user information, which they subsequently used in order to extort the two companies, the two admitted in court this week. The threat actors used a custom tool

Read More
25 Oct 2019

A DDoS gang is extorting businesses posing as Russian government hackers

Threat actors are impersonating the notorious state-backed Russian hacking group Fancy Bear (aka Sofacy, APT28 and Sednit) as part of a distributed denial-of-service (DDoS) extortion campaign targeting organizations in the financial sector. According to Daniel Smith of Radware, the threat actors launch “large scale, multi-vector demo DDoS attacks” against a

Read More
05 Aug 2019

Ransom Note Replaces 2.1M Customer Records on Open MongoDB

Threat actors are holding 1.2 million sensitive files belonging to Mexican bookseller Librería Porrúa for ransom. On July 15, a security researcher discovered the records in an unprotected MongoDB database. Three days later, threat actors also stumbled upon the unsecured server and proceeded to replace all records in it with

Read More