FBI seized $2.2M from affiliate of REvil, Gandcrab ransomware gangs

Lawrence Abrams reports: The FBI seized $2.2 million in August from a well-known REvil and GandCrab ransomware affiliate, according to court documents seen by BleepingComputer. In a complaint unsealed today, the FBI seized 39.89138522 bitcoins worth approximately $2.2 million from an Exodus wallet on August 3rd, 2021. Read more on BleepingComputer.

Seventh months after initial discovery, Broward Public Schools discloses Conti attack also impacted employees’ health insurance data

In March, 2021, Broward County Public Schools disclosed a breach that captured the public’s attention when Conti threat actors subsequently released a copy of their negotiation chat logs.  When negotiations failed to result in an agreement, the threat actors dumped nearly 26,000 files on their dark web and clearnet leak sites. Now, seven months...

Recovering from ransomware: One organization’s inside story

Yann Serra reports: On Sunday 21 February 2021, Manutan, a large office equipment distributor, discovered that two-thirds of its 1,200 servers had succumbed to a cyber attack by the DoppelPaymer ransomware crew. Commercial activity at the France-headquartered company – which has 25 subsidiaries spread across Europe – would be frozen for 10 days and did not resume fully...

Ransomware group continually rebrands to slip under the radar

Lindsey O’Donnell-Welch writes: A ransomware operator has continually rebranded itself over the past year in order to evade detection, while launching cyberattacks on critical infrastructure across several industries. Researchers with Mandiant detailed a threat group called UNC2190, which is an operator behind an affiliate ransomware program. Since June, researchers said they have observed the group...

Yanluowang ransomware operation matures with experienced affiliates

Ionut Ilascu reports: An affiliate of the recently discovered Yanluowang ransomware operation is focusing its attacks on U.S. organizations in the financial sector using BazarLoader malware in the reconnaissance stage. Based on observed tactics, techniques, and procedures, the threat actor is experienced with ransomware-as-a-service (RaaS) operations and may be linked with the Fivehands group. Read more...

Kentucky Energy and Environment Cabinet announces data security breach

Seth Austin reports: The Kentucky Energy and Environment Cabinet (EEC) announced they discovered a data security breach on September 8, 2021. According to EEC, unredacted mining permit applications containing some mine owners’ and controllers’ personal information was available for public inspection at Department of Natural Resources’ field offices and on an EEC hosted website....