BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

Credit to Author: BrianKrebs| Date: Wed, 06 Mar 2024 00:22:56 +0000

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV”) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data that Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears to have prompted BlackCat to cease operations entirely. 

Read more

Fulton County, Security Experts Call LockBit’s Bluff

Credit to Author: BrianKrebs| Date: Thu, 29 Feb 2024 22:18:54 +0000

The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. Instead, LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming county officials had paid. But county officials said they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely bluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. and U.K. law enforcement.

Read more

New Leak Shows Business Side of China’s APT Menace

Credit to Author: BrianKrebs| Date: Thu, 22 Feb 2024 13:27:47 +0000

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry.

Read more

U.S. Internet Leaked Years of Internal, Customer Emails

Credit to Author: BrianKrebs| Date: Wed, 14 Feb 2024 16:45:46 +0000

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser.

Read more

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Credit to Author: BrianKrebs| Date: Thu, 01 Feb 2024 18:41:37 +0000

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day.

Read more

Okta: Breach Affected All Customer Support Users

Credit to Author: BrianKrebs| Date: Wed, 29 Nov 2023 19:41:14 +0000

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.

Read more

ID Theft Service Resold Access to USInfoSearch Data

Credit to Author: BrianKrebs| Date: Tue, 28 Nov 2023 15:57:38 +0000

One of the cybercrime underground’s more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned.

Read more