DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Credit to Author: BrianKrebs| Date: Fri, 14 May 2021 15:44:45 +0000

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained funds from an account the group uses to pay affiliates.

Read more

A Closer Look at the DarkSide Ransomware Gang

Credit to Author: BrianKrebs| Date: Tue, 11 May 2021 16:37:30 +0000

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here’s a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue.

Read more

Three Top Russian Cybercrime Forums Hacked

Credit to Author: BrianKrebs| Date: Thu, 04 Mar 2021 15:01:59 +0000

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords.

Read more

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Credit to Author: BrianKrebs| Date: Tue, 09 Feb 2021 03:16:54 +0000

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.

Read more

Joker’s Stash Carding Market to Call it Quits

Credit to Author: BrianKrebs| Date: Mon, 18 Jan 2021 19:50:01 +0000

Joker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.

Read more

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Credit to Author: BrianKrebs| Date: Wed, 28 Oct 2020 16:58:55 +0000

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of clients globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Read more

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Credit to Author: BrianKrebs| Date: Thu, 08 Oct 2020 19:42:04 +0000

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained.

Read more

Attacks Aimed at Disrupting the Trickbot Botnet

Credit to Author: BrianKrebs| Date: Fri, 02 Oct 2020 18:20:26 +0000

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Read more