Low-Drama ‘Dark Angels’ Reap Record Ransoms

Credit to Author: BrianKrebs| Date: Mon, 05 Aug 2024 19:52:35 +0000

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn’t get much press because they work alone and maintain a low profile, picking one target at a time and favoring mass data theft over disrupting the victim’s operations.

Read more

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Credit to Author: BrianKrebs| Date: Fri, 02 Aug 2024 00:15:44 +0000

Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were five convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan.

Read more

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption

Credit to Author: Microsoft Threat Intelligence| Date: Mon, 29 Jul 2024 16:00:00 +0000

Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group called “ESX Admins” in Active Directory and adding an attacker-controlled user account to this group. This manipulation of the Active Directory group takes advantage of a privilege escalation vulnerability (CVE-2024-37085) in ESXi hypervisors that grants the added user full administrative access to the ESXi hypervisor. The vulnerability was fixed by VMware in their June release and ESXi administrators should install this security update.

The post Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption appeared first on Microsoft Security Blog.

Read more

The Stark Truth Behind the Resurgence of Russia’s Fin7

Credit to Author: BrianKrebs| Date: Wed, 10 Jul 2024 16:22:59 +0000

The Russia-based cybercrime group dubbed “Fin7,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.

Read more