Malware

Cuba Ransomware Team claims credit for attack on Montenegro

When Montenegro claimed Russian hackers attacked them, most of us probably didn’t think about the Cuba ransomware team, but the Cuba group claimed credit for the attack. According to their listing, they received the files on August 19. Their wording may sound puzzling in saying that they “received” the files, but that’s consistent with...

That ‘clean’ Google Translate app is actually Windows crypto-mining malware

Jeff Burt reports: Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches. The cryptomining Trojan, known as Nitrokod, is typically disguised as a clean Windows app and works as the user expects for days or weeks before its hidden...

New Golang Ransomware Agenda Customizes Attacks

Mohamed Fahmy, Nathaniel Gregory Ragasa, Earle Maui Earnshaw, Bahaa Yamany, Jeffrey Francis Bonaobra, and Jay Yaneza write: We recently discovered a new piece of targeted ransomware that was created in the Go programming language and that explicitly targeted one of our customers. This was evidenced by the specific email addresses and credentials the ransomware used. Malware written...

EmergeOrtho notifying 75,200 patients about ransomware incident

EmergeOrtho  in North Carolina has started sending notification letters to patients whose protected health information may have been accessed during a ransomware attack in May. According to a notification template seen by DataBreaches, EmergeOrtho discovered and blocked a ransomware attack on May 18. Their letter does not specifically state whether any files were encrypted,...

New York medical practices hit by “Bl00dy Ransomware Gang”

Is “Bl00dy Ransomware Gang” a new ransomware group on the scene, a rebrand, or neither?   In July, a new channel appeared on Telegram called the “Bl00dy Ransomware Gang.” In August, information about alleged victims started to appear. So far, the gang has leaked some data allegedly from three victims in two incidents. In each...

NHS cyberattack causing ‘total chaos’ in hospitals could take a year to recover

Rebecca Thomas reports: It could take more than a year for hospitals to recover patient record systems following the recent NHS cyberattack, The Independent has learned. Hospitals impacted are likely to need two weeks to recover for every day the situation goes unresolved, according to NHS sources. While initial attention following the ransomware attack on Advantage software was its impact...

A confusing data dump from Vice Society

Attacking entities that try to save lives or provide health care seems despicable to most people—and attacking a hospice? That may seem especially vile. Vice Society recently added two victims to their dedicated leak site: BSA Hospice of the Southwest and Family Medicine Centers/FMC Clinics. Both are Texas entities. But were both actually attacked...

New ‘Donut Leaks’ extortion gang linked to recent ransomware attacks

Lawrence Abrams reports: A new data extortion group named ‘Donut Leaks’ is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Strangely, the data for these victims have now appeared on the data leak site for a previously unknown extortion...

HC3: Analyst Note: Karakurt Threat Profile

HC3: Analyst Note TLP: White Report: 202208241200 Executive Summary Karakurt ransomware group, also known as the Karakurt Team and Karakurt Lair, is a relatively new cybercrime group, with researchers reporting its first emergence in late 2021. Karakurt actors claim to steal data and then threaten to auction it off or release it to the...