Hack Group Bl00Dy Is Already Using Leaked LockBit Builder

Researchers have discovered that the young ransomware group Bl00Dy is already using in its attacks the LockBit builder, which leaked to the network last week. Let me remind you that the builder of the well-known encryptor LockBit was published in the public domain about a week ago. It is assumed that the LockBit 3.0 builder… Continue reading Hack Group Bl00Dy Is Already Using Leaked LockBit Builder

LockBit 3.0 Builder leaked to the public

LockBit 3.0 Builder is now available to the public. What is the story behind it?

On September 21, 2022, a new Twitter user Ali Qushji published what is supposed to be a LockBit Ransomware builder. According to what the user says, this application is for LockBit 3.0 ransomware – the latest version of malware used by these cybercriminals. The exact user pretends to be an anonymous hacker who breached LockBit… Continue reading LockBit 3.0 Builder leaked to the public

Lorenz Ransomware Penetrates Company Networks through Mitel VoIP Products

Security firm Arctic Wolf has warned that Lorenz ransomware is exploiting a critical vulnerability in Mitel MiVoice VoIP devices to infiltrate corporate networks. Let me remind you that we also wrote that Ransomware publishes data stolen from Cisco. Lorenz has been active since at least 2021 and is engaged in the usual double extortion: not… Continue reading Lorenz Ransomware Penetrates Company Networks through Mitel VoIP Products

Ransomware publishes data stolen from Cisco

The Yanluowang hack group published data stolen from Cisco back in May 2022. Cisco representatives acknowledged that the data leak took place, but still insist that the incident did not affect the company’s business in any way. Let me remind you that last month, Cisco representatives confirmed that back in May, the company’s corporate network… Continue reading Ransomware publishes data stolen from Cisco

Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses

Trend Micro experts have discovered that hackers are abusing the system anti-cheat driver of the popular game Genshin Impact to disable anti-virus software during ransomware attacks. Mhypro2.sys gives access to the memory of any process and kernel, and is also able to terminate processes with the highest privileges. Let me remind you that we also… Continue reading Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses

Cuba Ransomware Operators Use Previously Unknown ROMCOM RAT

Palo Alto Networks reports that the Cuba ransomware operators have begun to use new tactics in their attacks, including the use of a previously unknown remote access trojan (RAT) called ROMCOM RAT. Let me remind you that we reported that New Cuba Ransomware Variant Involves Double-Extortion Scheme. In their report, the researchers talk about the… Continue reading Cuba Ransomware Operators Use Previously Unknown ROMCOM RAT

Auto Parts Manufacturer Attacked by Three Different Ransomware in Two weeks

Sophos experts told about an interesting case when an unnamed auto parts manufacturer was attacked by three different ransomware in a row, in just two weeks. Let me remind you that we also wrote that New RedAlert Ransomware Targets Windows and Linux VMware ESXi Servers, and also that Hackers Launched LockBit 3.0 and Bug Bounty… Continue reading Auto Parts Manufacturer Attacked by Three Different Ransomware in Two weeks

BlackCat Says It Attacked Creos Luxembourg, European Gas Pipeline Operator

The operators of the BlackCat ransomware (aka ALPHV) claimed responsibility for hacking Creos Luxembourg, which operates a gas pipeline and electricity grid in central Europe. Encevo, which owns Creos Luxembourg and is an energy supplier to five EU countries, announced last week that it was hacked between July 22 and 23. As a result of… Continue reading BlackCat Says It Attacked Creos Luxembourg, European Gas Pipeline Operator

STOP Ransomware Spreads through Discord, Carrying RedLine Stealer

STOP/Djvu ransomware gang chose a new malware spreading place - Discord

An infamous STOP/Djvu ransomware adopted a new spreading tactic. According to the report of Avast Threat Labs, a malware intelligence group, ransomware distributors opted for Discord as a place to spread their malware. STOP/Djvu spreads in Discord, features RedStealer According to the latest notifications, STOP/Djvu ransomware is getting spread through the malicious spam messages in… Continue reading STOP Ransomware Spreads through Discord, Carrying RedLine Stealer

Experts Find Similarities Between LockBit and BlackMatter

Cybersecurity researchers have confirmed similarities between the latest iteration of LockBit ransomware and BlackMatter. A new version of LockBit 3.0 (LockBit Black) was released in June 2022, along with a new leak site and the first Bug Bounty program on the dark web. You may also be interested in reading: Conti vs. LockBit 2.0 –… Continue reading Experts Find Similarities Between LockBit and BlackMatter