gang
-
Blog
Ransomware gang creates tool to automate VPN brute-force attacks
The Black Basta ransomware operation created an automated brute-forcing framework dubbed ‘BRUTED’ to breach edge networking devices like firewalls and VPNs. The framework has enabled BlackBasta to streamline initial network access and scale ransomware attacks on vulnerable internet-exposed endpoints. The discovery of BRUTED comes from EclecticIQ researcher Arda Büyükkaya following an in-depth examination of the ransomware gang’s leaked internal chat…
Read More » -
Blog
Ransomware gang says it stole 138,000 patients’ data from New York City radiologist
Ransomware group Fog today claimed responsibility for a November 2024 data breach at University Diagnostic Medical Imaging that compromised 138,080 patients’ names, addresses, dates of birth, referring physicians, medical treatments, and diagnoses. Fog says it stole 28.1 GB of data from UDMI. UDMI started notifying patients in January 2025 of the breach, but it has not verified Fog’s claim. We…
Read More » -
Blog
A ransomware gang says it stole SSNs, credit cards and more from a Christian seminary in Kentucky
The Asbury Theological Seminary in Wilmore, Kentucky yesterday confirmed it notified 888 Texans and 55 Massachusettsans of a June 2024 data breach that compromised a trove of sensitive personal and financial info. More victims will likely be reported soon as other states disclose breach figures for their own residents. The compromised data includes: Names Social Security numbers Credit and/or debit…
Read More » -
Blog
Ransomware gang encrypted network from a webcam to bypass EDR
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. Cybersecurity firm S-RM team discovered the unusual attack method during a recent incident response at one of their clients. Notably, Akira only pivoted to the webcam after attempting to…
Read More » -
Blog
Ransomware gang says it hacked a Virginia school district, stole data
Ransomware gang Fog yesterday claimed responsibility for a February 2025 data breach at Williamsburg-James City County Schools in Virginia. The group is demanding an undisclosed amount be paid in ransom in exchange for stolen data. WJCC announced it was hit by a cyber attack on February 9 and that systems were restored by February 14. An investigation of the attack…
Read More » -
Blog
North Korean hackers join Qilin ransomware gang
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks. “Since late February 2025, Microsoft has observed Moonstone Sleet, a North Korean state actor, deploying Qilin ransomware at a limited number of orgs,” the company’s threat intelligence experts said this week “Moonstone Sleet has previously exclusively deployed their…
Read More » -
Blog
Ransomware gang encrypted network from a webcam to bypass EDR
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. Cybersecurity firm S-RM team discovered the unusual attack method during a recent incident response at one of their clients. Notably, Akira only pivoted to the webcam after attempting to…
Read More » -
Blog
Ransomware gang demanded $1M from California construction company System Pavers
Santa Ana construction company System Pavers yesterday confirmed it notified an undisclosed number of people about a September 2024 data breach that compromised private information. System Pavers has not disclosed what types of data were compromised or who is affected, but the company is offering victims free credit monitoring through Experian. Such an offer usually implies that Social Security numbers…
Read More » -
Blog
Ransomware gang says it breached Wisconsin ambulance company
Ransomware group Medusa today claimed responsibility for a February 2025 cyber attack on Bell Ambulance. Bell Ambulance on February 13, 2025 sent a message to employees that said the company was “working to restore IT systems after a cybersecurity event.” “Unfortunately this disruption is greatly impacting your ability to perform your job functions,” says the message, which local reporter Dan…
Read More » -
Blog
Ransomware gang Qilin claims responsibility for cyber attack on newspaper giant Lee Enterprises
Ransomware group Qilin today claimed responsibility for a February 3, 2025 cyber attack on Lee Enterprises. The attack disrupted many of the company’s 70-plus newspapers and other publications. Lee Enterprises has not verified Qilin’s claim. In an SEC disclosure filed on February 12, the company said, “threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files.”…
Read More »