Cybercrime

Pierluigi Paganini August 27, 2020
REvil ransomware operators breached healthcare org Valley Health Systems

REvil ransomware operators claimed to have breached another healthcare organization, the victim is Valley Health Systems. During ordinary monitoring activity of data leaks, the Cyble Research Team identified a leak disclosure post published by the REvil ransomware operators claiming to have breached a healthcare organization, the Valley Health Systems.  Healthcare organizations are a privileged target of […]

Pierluigi Paganini August 24, 2020
Canadian delivery company Canpar Express suffered a ransomware attack

A ransomware attack hit TFI International’s four Canadian courier divisions last week, Canpar Express, ICS Courier, Loomis Express and TForce Integrated Solutions. A couple of days after the transportation and logistics TFI International company raised millions of dollars in a share offering, the news of a ransomware attack against its four Canadian courier divisions (Canpar Express, […]

Pierluigi Paganini August 24, 2020
Cybercriminal greeners from Iran attack companies worldwide for financial gain

Group-IB has detected financially motivated attacks carried out in June by newbie threat actors from Iran. The attackers used Dharma ransomware and a mix of publicly available tools to target companies in Russia, Japan, China, and India. All the affected organizations had hosts with Internet-facing RDP and weak credentials. The hackers typically demanded a ransom between 1-5 […]

Pierluigi Paganini August 24, 2020
Grandoreiro campaign impersonates Spanish Agencia Tributaria

Operators of Grandoreiro Latin American banking trojan have launched a new campaign using emails posing as the Agencia Tributaria in order to infect new victims. Operators behind the Grandoreiro banking trojan, which is popular in Latin America, have been using emails posing as the Agencia Tributaria to trick victims into installing the malware. The campaign began […]

Pierluigi Paganini August 21, 2020
University of Utah pays a $457,000 ransom to ransomware gang

The University of Utah admitted to have paid a $457,059 ransom in order to avoid having ransomware operators leak student information online. The University of Utah admitted having paid a $457,059 ransom after the ransomware attack that took place on July 19, 2020, that infected systems on the network of the university’s College of Social […]

Pierluigi Paganini August 16, 2020
Texas man sentenced to 57 months for the hacking of a major tech firm in New York

A 31-year-old man from Dallas, Texas, was sentenced last week to 57 months in prison for crimes related to the hacking of a major tech firm in New York. Tyler C. King (31), from Dallas, Texas, was sentenced to 57 months in prison for crimes related to the hacking of an unnamed major tech company […]

Pierluigi Paganini August 14, 2020
Threat Report Portugal: Q2 2020

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution […]

Pierluigi Paganini August 14, 2020
Threat actor leaked data for U.S. gun exchange site on hacking forum

A threat actor has released the databases of Utah-based gun exchange and hunting sites for free on a cybercrime forum. On August 10th, a hacker has leaked online the databases of Utah-based gun exchange for free on a cybercrime forum. He claims the databases contain 195,000 user records for the utahgunexchange.com, 45,000 records for their video […]

Pierluigi Paganini August 12, 2020
City of Lafayette (Colorado) paid $45,000 ransom after ransowmare attack

The City of Lafayette, Colorado, USA, has been forced to pay $45,000 because they were unable to restore necessary files from backup. On July 27th, the systems at the City of Lafayette, Colorado, were infected with ransomware, the malicious code impacted phone services, email, and online payment reservation systems. The City did not immediately disclose […]

Pierluigi Paganini August 11, 2020
Avaddon ransomware operators have launched their data leak site

Avaddon ransomware operators, like other cybercrime groups, decided to launch a data leak site where publish data of victims who refuse to pay a ransom demand. Avaddon ransomware operators announced the launch of their data leak site where they will publish the data stolen from the victims who do not pay a ransom demand. The […]