Pyrzout :vm:<p>Qilin Becomes Top Ransomware Group Amid RansomHub Uncertainty <a href="https://thecyberexpress.com/qilin-becomes-top-ransomware-group/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thecyberexpress.com/qilin-beco</span><span class="invisible">mes-top-ransomware-group/</span></a> <a href="https://social.skynetcloud.site/tags/DragonForceransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DragonForceransomware</span></a> <a href="https://social.skynetcloud.site/tags/TheCyberExpressNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheCyberExpressNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecuritynews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecuritynews</span></a> <a href="https://social.skynetcloud.site/tags/ransomwareattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomwareattack</span></a> <a href="https://social.skynetcloud.site/tags/Qilinransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Qilinransomware</span></a> <a href="https://social.skynetcloud.site/tags/TheCyberExpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheCyberExpress</span></a> <a href="https://social.skynetcloud.site/tags/FirewallDaily" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirewallDaily</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreats</span></a> <a href="https://social.skynetcloud.site/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://social.skynetcloud.site/tags/CyberNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberNews</span></a> <a href="https://social.skynetcloud.site/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
270active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#ransomhub
0 posts · 0 participants · 0 posts today
ESET Research<p><a href="https://infosec.exchange/tags/ESETresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ESETresearch</span></a> discovered previously unknown links between the <a href="https://infosec.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a>, <a href="https://infosec.exchange/tags/Medusa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Medusa</span></a>, <a href="https://infosec.exchange/tags/BianLian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BianLian</span></a>, and <a href="https://infosec.exchange/tags/Play" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Play</span></a> ransomware gangs, and leveraged <a href="https://infosec.exchange/tags/EDRKillShifter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EDRKillShifter</span></a> to learn more about RansomHub’s affiliates. @SCrow357 <a href="https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">welivesecurity.com/en/eset-res</span><span class="invisible">earch/shifting-sands-ransomhub-edrkillshifter/</span></a> <br>RansomHub emerged in February 2024 and in just three months reached the top of the ransomware ladder, recruiting affiliates from disrupted <a href="https://infosec.exchange/tags/LockBit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LockBit</span></a> and <a href="https://infosec.exchange/tags/BlackCat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackCat</span></a>. Since then, it dominated the ransomware world, showing similar growth as LockBit once did. <br>Previously linked to North Korea-aligned group <a href="https://infosec.exchange/tags/Andariel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Andariel</span></a>, Play strictly denies operating as <a href="https://infosec.exchange/tags/RaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaaS</span></a>. We found its members utilized RansomHub’s EDR killer EDRKillShifter, multiple times during their intrusions, meaning some members likely became RansomHub affiliates. <br>BianLian focuses on extortion-only attacks and does not publicly recruit new affiliates. Its access to EDRKillShifter suggests a similar approach as Play – having trusted members, who are not limited to working only with them.<br>Medusa, same as RansomHub, is a typical RaaS gang, actively recruiting new affiliates. Since it is common knowledge that affiliates of such RaaS groups often work for multiple operators, this connection is to be expected. <br>Our blogpost also emphasizes the growing threat of EDR killers. We observed an increase in the number of such tools, while the set of abused drivers remains quite small. Gangs such as RansomHub and <a href="https://infosec.exchange/tags/Embargo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Embargo</span></a> offer their killers as part of the affiliate program.<br>IoCs available on our GitHub: <a href="https://github.com/eset/malware-ioc/tree/master/ransomhub" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/eset/malware-ioc/tr</span><span class="invisible">ee/master/ransomhub</span></a></p>
Matt Willemsen<p>US agencies warn against ransomware group behind hundreds of attacks in recent months<br><a href="https://therecord.media/agencies-warn-against-ransomhub-group" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/agencies-warn-</span><span class="invisible">against-ransomhub-group</span></a> <a href="https://mastodon.social/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.social/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a> <a href="https://mastodon.social/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://mastodon.social/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> <a href="https://mastodon.social/tags/FBI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FBI</span></a></p>
Matt Willemsen<p>Frontier says 750,000 Social Security numbers accessed during April cyberattack<br><a href="https://therecord.media/frontier-provides-new-details-april-ransomware-attack" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/frontier-provi</span><span class="invisible">des-new-details-april-ransomware-attack</span></a> <a href="https://mastodon.social/tags/cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberattack</span></a> <a href="https://mastodon.social/tags/frontier" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>frontier</span></a> <a href="https://mastodon.social/tags/names" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>names</span></a> <a href="https://mastodon.social/tags/SocialSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialSecurity</span></a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://mastodon.social/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a></p>
Scripter :verified_flashing:<p>Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide<br><a href="https://thehackernews.com/2024/06/rebranded-knight-ransomware-targeting.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2024/06/rebr</span><span class="invisible">anded-knight-ransomware-targeting.html</span></a> <a href="https://social.tchncs.de/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.tchncs.de/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.tchncs.de/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://social.tchncs.de/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a></p>
Matt Willemsen<p>Cyberattack on telecom giant Frontier claimed by RansomHub<br><a href="https://therecord.media/frontier-communications-cyberattack-ransomhub" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/frontier-commu</span><span class="invisible">nications-cyberattack-ransomhub</span></a> <a href="https://mastodon.social/tags/cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberattack</span></a> <a href="https://mastodon.social/tags/FrontierCommunications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FrontierCommunications</span></a> <a href="https://mastodon.social/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a> <a href="https://mastodon.social/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://mastodon.social/tags/texas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>texas</span></a></p>
Dark Web Informer - Cyber Threat Intelligence :verified_paw: :verified_dragon:<p>🚨<a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a>🚨Allegedly, <a href="https://infosec.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a> has named a new victim.</p><p>Country: <a href="https://infosec.exchange/tags/Taiwan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Taiwan</span></a>🇹🇼<br>Threat Actor: RansomHub<br>Company: CLEVO<br>Industry: Computer Equipment & Peripherals<br>Revenue: $782.8 Million<br>Data Amount: 200GB<br>Ransom Price: Unknown<br>Date: 2024-06-03</p><p>More: Clevo computer manufacturing company is a Taiwanese OEM/ODM computer manufacturer that produces laptop computers. They sell barebones laptop chassis to value-added resellers who build customized laptops for individual customers.</p><p>Some of their partners:</p><p>- MSI<br>-Gigabyte<br>-Asus<br>-And the list goes on</p><p>Their main partners are:</p><p>-AMD<br>-Intel<br>-Nvidia<br>-Micron</p><p>All network and backups are fully encrypted. We took care of it. The company has no chance to recover. Only our decryptor will help them to get back to work, nothing else will help them.</p><p>We have been in the company’s network for a long time. We have done an analysis of their products, clients and partners. And of course we downloaded the most important and sensitive data with file formats such as:</p><p>pdf,pptx,ppt,dwg,dxf,prt,sldprt,asm,sldasm,slddrw,sdcc,sdac,sdcc,sdwc,doc,dwt,dws,prt,sdp.</p><p>The publication of these documents may cause the termination of contracts with their partners due to violation of non disclosure agreements.</p><p>We tried to find a peaceful solution to solve this problem. They visited the landing page, read message and were also informed by calls.</p><p>A certain employee whose name is “SEN” (SEN_SHU@CLEVO.COM.TW) took calls as a joke and began to laugh at words that the clients’ data would go public.</p><p>Congratulations Sen, you are the star, because of clowns like you companies are being destroyed.</p><p><a href="https://x.com/DarkWebInformer/status/1797616164471705699" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">x.com/DarkWebInformer/status/1</span><span class="invisible">797616164471705699</span></a></p>
Brett Callow<p><a href="https://infosec.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a> has listed the City of <a href="https://infosec.exchange/tags/Neodesha" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Neodesha</span></a>. </p><p>At least 42 state and local governments in the US have been impacted by <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> this year. Stats for 2023 in the link.</p><p><a href="https://www.emsisoft.com/en/blog/44987/the-state-of-ransomware-in-the-u-s-report-and-statistics-2023/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">emsisoft.com/en/blog/44987/the</span><span class="invisible">-state-of-ransomware-in-the-u-s-report-and-statistics-2023/</span></a></p>
Brett Callow<p><a href="https://infosec.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a> has delisted <a href="https://infosec.exchange/tags/UnitedHealth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnitedHealth</span></a>/Change Healthcare <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a></p>
Brett Callow<p><a href="https://infosec.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a> claim that the <a href="https://infosec.exchange/tags/UnitedHealth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnitedHealth</span></a>/#ChangeHealthcare is now for sale. <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a></p>
Brett Callow<p>Change Healthcare Faces Another Ransomware Threat—and It Looks Credible </p><p><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/ransomhub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomhub</span></a></p><p><a href="https://www.wired.com/story/change-healthcare-ransomhub-threat/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wired.com/story/change-healthc</span><span class="invisible">are-ransomhub-threat/</span></a></p>
Brett Callow<p>Data supposedly stolen during the <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> attack on Change Healthcare will supposedly be leaked on <a href="https://infosec.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a>'s site unless Change pays for a supposedly second time because <a href="https://infosec.exchange/tags/Alphv" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Alphv</span></a> supposedly scammed the affiliate responsible for the attack.</p>
Brett Callow<p><a href="https://infosec.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a> has listed Woodsboro Independent School District <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/wisd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wisd</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@PogoWasRight" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>PogoWasRight</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload