emsisoft – Computer Security Articles

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

March 5, 2024 admin A Little Sunshine, alphv ransomware, blackcat ransomware, change healthcare, data breaches, dmitry smilyanets, emsisoft, fabian wosar, FBI, lockbit, NCA, optum, ramp, ransomware, Recorded Future, wired.com

Credit to Author: BrianKrebs| Date: Wed, 06 Mar 2024 00:22:56 +0000

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV”) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data that Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears to have prompted BlackCat to cease operations entirely.

Independent Krebs

Fulton County, Security Experts Call LockBit’s Bluff

February 29, 2024 admin A Little Sunshine, brett callow, data breaches, emsisoft, FBI, fulton county hack, lockbit, lockbitsupp, NCA, ransomware, redsense, robb pitts

Credit to Author: BrianKrebs| Date: Thu, 29 Feb 2024 22:18:54 +0000

The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. Instead, LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming county officials had paid. But county officials said they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely bluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. and U.K. law enforcement.

Independent Krebs

New Ransom Payment Schemes Target Executives, Telemedicine

December 8, 2022 admin alex holden, cl0p, clop ransomware, emsisoft, fabian wosar, Hold Security, ransomware, ta505, The Coming Storm, Tripwire, venus ransomware, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 08 Dec 2022 18:25:04 +0000

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.

Independent Krebs

Ransomware Group Debuts Searchable Victim Data

June 14, 2022 admin A Little Sunshine, alphv ransomware, blackcat ransomware, brett callow, emsisoft, ransomware, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 14 Jun 2022 19:53:12 +0000

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form.

Independent Krebs

Conti’s Ransomware Toll on the Healthcare Industry

April 18, 2022 admin A Little Sunshine, conti, emotet, emsisoft, errol weiss, FBI, h-isac, health information sharing & analysis center, healthcare information and management systems society, microsoft, Ne'er-Do-Well News, proofpoint, ransomware, ryuk, Sophos, u.s. cybersecurity & infrastructure security agency, Zloader

Credit to Author: BrianKrebs| Date: Mon, 18 Apr 2022 20:41:08 +0000

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name “Ryuk.”