exit scam | Breaking Cybersecurity News | The Hacker News

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims' data for financial gain. It's operational across multiple platforms, including Windows, Linux, macOS, ESXi, and Android. Advertised and sold on the RAMP cybercrime forum, attacks involving the ransomware have been found to leverage phishing and spear-phishing campaigns as a distribution vector in the form of malicious attachments. The ransomware-as-a-service (RaaS) operation has since shut down as of late February 2024, when its source code was put up for sale , raising the possibility that it may have changed hands to a different actor, who subsequently decided to update and relaunch it under the RansomHub brand. RansomHub, which posted its first v

Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to another Cyber Extortion operation with the same victim) or stolen data that has been travelling and re-(mis-)used. Either way, for the victims neither is good news.  But first thing's first, let's explore the current threat landscape, dive into one of our most recent research focuses on the dynamics of this ecosystem; and then explore our dataset on Law Enforcement activities in this space. Might the re-occurrence that we observe be foul play by threat actors and thus show how desperately they are trying to regain the trust of their co-offenders after disruption efforts by Law Enforcement? Or are th

Want to know what's the latest and greatest in SecOps for 2024? Gartner's recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year's report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial Exposure Validation (AEV). These category definitions are aimed at providing some structure to the evolving landscape of exposure management technologies. Pentera, listed as a sample vendor in the newly defined AEV category, is playing a pivotal role in increasing the adoption of CTEM, with a focus on security validation. Following is our take on the CTEM related product categories and what they mean for enterprise security leaders. The Industry is Maturing CTEM, coined by Gartner in 2022, presents a structural approach for continuously assessing, prioritizing, validating, and remediating expo

The threat actors behind the  BlackCat ransomware  have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar  said . "It is blatantly obvious when you check the source code of the new takedown notice." "There is absolutely zero reason why law enforcement would just put a saved version of the takedown notice up during a seizure instead of the original takedown notice." The U.K.'s National Crime Agency (NCA)  told  Reuters that it had no connection to any disruptions to the BlackCat infrastructure. Recorded Future security researcher Dmitry Smilyanets  posted  screenshots on the social media platform X in which the BlackCat actors claimed that the "feds screwed us over" and that they intended to sell the ransomware's source code for $5 million. The disappearing

QuadrigaCX, the largest bitcoin exchange in Canada, has claimed to have lost CAD 190 million (nearly USD 145 million) worth of cryptocurrency after the exchange lost access to its cold (offline) storage wallets. Reason? Unfortunately, the only person with access to the company's offline wallet, founder of the cryptocurrency exchange, is dead. Following the sudden death of Gerry Cotten , founder and chief executive officer QuadrigaCX, the Canadian exchange this week filed for legal protection from creditors in the Nova Scotia Supreme Court until it locates and secures access to the lost funds. In a sworn affidavit filed by Cotten's widow Jennifer Robertson and obtained by Coindesk , Robertson said QuadrigaCX owes its customers some CAD 260 million (USD 198 Million) in both cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin, and Ethereum, as well as fiat money. However, Robertson said the cryptocurrency exchange only has smaller amount in a 'hot wallet' (U