DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

ALPHV/BlackCat ransomware family becoming more dangerous

Posted on September 22, 2022 by Dissent

Alex Scroxton reports:

The developer or developers behind the ransomware-as-a-service (RaaS) family known variously as ALPHV, BlackCat and Noberus, have been hard at work refining their tactics, techniques and procedures (TTPs) and today are probably more dangerous than ever before, according to intelligence from Symantec.

The ALPHV/BlackCat/Noberus operation – which Symantec tracks as Coreid (aka FIN7, Carbon Spider) – is a major and long-established player in the wider family of Russia-linked or based ransomware crews and affiliates, many of which are related through a murky and often hard-to-decipher web of alliances and interconnections.

Read more at ComputerWeekly.

Cyberwire also reports on the new report by Symantec.  They report, in part:

Target exclusions for Noberus.

Noberus was first seen in November of 2021, coded in Rust. This is the first observed professional ransomware strain used in attacks that was coded in the cross-platform language. Due to its cross-platform coding language, Coreid says that Noberus can be used on multiple different operating systems, including Windows, EXSI, Debian, ReadyNAS, and Synology. Noberus appeared shortly after BlackMatter was retired, and Coreid said in the rules that the ransomware cannot be used to attack:

  • “The Commonwealth of Independent States or neighboring countries
  • “Organizations in or related to the healthcare sector
  • “Charitable or non-profit organizations
  • “Affiliates are also advised to avoid attacking the education and government sectors.”

Read more at Cyberwire.

The advice apparently did not dissuade ALPHV from attacking Suffolk County government in New York, an attack that has knocked out the county’s 911 emergency system.

Related Posts:

  • Ransomware gangs switching to new intermittent…
  • ALPHV ransomware adds data leak API in new extortion…
  • Just snarky or dangerous? Ransomware gang cloned…
  • An ALPHV (BlackCat) representative discusses the…
  • CISA Advisory: Scattered Spider

Post navigation

← SIM Swapper Abducted, Beaten, Held for $200k Ransom
LockBit ransomware builder leaked online by “angry developer” →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
  • Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
  • CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)
  • Seeking clarification on Maine’s data breach notification statute
  • East River Medical Imaging notifies 605,809 patients of breach
  • Russian hackers exploiting Outlook bug to hijack Exchange accounts
  • Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
  • 23andMe data breach: Hackers accessed data of 6.9 million users

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net