DarkPath scam group loses 134 domains impersonating the WHO
therecord.media/darkpath-scam-group-loses-134-domains-impersonating-the-who/ United Nations security experts and security firm Group-IB said they worked together to take down 134 websites operated by a cybercrime group known as DarkPath. Group-IB told The Record that after notifying the UN’s International Computing Centre, they worked with “a wide network of regulators and service suppliers domain name registrars, hosting providers, associations, including FIRST, TRUSTED Introducer, APWG, Scamadviser and many others” to take down the 134 sites.
Brazil’s Rio Grande do Sul court system hit by REvil ransomware
www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/ Brazil’s Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee’s files and forced the courts to shut down their network. BleepingComputer was told that the REVil ransomware operation demanded a $5, 000, 000 ransom to decrypt files and not leak data.
Babuk ransomware readies ‘shut down’ post, plans to open source malware
www.bleepingcomputer.com/news/security/babuk-ransomware-readies-shut-down-post-plans-to-open-source-malware/ Whenever the Babuk ransomware gang decides to call it quits, at least under the Babuk name, they would “do something like Open Source Ransomware-as-a-Service (RaaS), everyone can make their own product based on our product and finish with the rest of the RaaS.”
Ransomware is now a national security risk. This group thinks it knows how to defeat it
www.zdnet.com/article/ransomware-is-now-a-national-security-risk-this-group-thinks-it-knows-how-to-defeat-it/ A paper by the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, academic institutions and others has 48 recommendations to help curb the threat of ransomware and the risk it poses to businesses, and society as a whole, across the globe. Some solutions focus on more direct action, such as taking the fight to ransomware gangs by disrupting their infrastructure, or even regulating Bitcoin and other cryptocurrencies that cyber criminals use to anonymously demand ransom payments from victims.
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the deployment of ransomware, which has not been previously reported publicly.