BlackCat/ALPHV Claims Responsibility for Change Healthcare Ransom

Executive Summary The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform, the largest pharmacy payment exchange platform. This declaration of responsibility, which has since been removed on the BlackCat/ALPHV’s facing site, come as the United States…

Read More

New RaaS CryptNet Advertised for Double Extortion Attacks in Dark Web Forums

Context On May 16, 2023, ZScaler threat researchers reported the technical details of a new ransomware-as-a-service (RaaS) operation they’ve observed being advertised on dark web forums. ZScaler researchers provided the following key takeaways: CryptNet is a new ransomware-as-a-service that has been advertised in underground forums since at least April 2023 The CryptNet threat group claims…

Read More

New Mimic Ransomware Abuses Everything Paid to Speed Encryption

Context On January 26, 2023, Trend Micro researchers reported the technical details of a new ransomware they dubbed “Mimic” they observed in June of 2022 targeting English and Russian-speaking users. Technical Details According to Trend Micro researchers, the campaign delivers an executable that drops multiple binaries and an archive containing the payload. Reportedly, the key…

Read More

Ongoing Trend of Ransomware Campaigns Using Copyright Claim as Theme

Context On June 24, 2022, AhnLab Security Emergency response Center (ASEC) researchers reported the technical details of an ongoing phishing campaign that uses malicious files disguised as copyright claim documents to deliver the LockBit ransomware. The use of copyright claims as a theme is an ongoing trend in ransomware phishing campaigns observed in the wild….

Read More

Conti Ransomware Shuts Down Operation, Splinters into Smaller Groups

Summary The notable ransomware gang known as Conti has, according to security firm Advanced Intel (AdvIntel), taken its infrastructure offline and shut down its ransomware operations. While public-facing ‘Conti News’ data leak and the ransom negotiation sites are still online, the Tor admin panels used by Conti members to perform negotiations, publish news, and generate…

Read More

Technical Details for Recent Hive Ransomware Activity

Context The Hive ransomware variant has been extremely active in the past year. The ransomware was originally discovered in June of 2021, and reportedly is responsible for more than 300 compromises since September 2021. The FBI released a notice warning the public of the threat in August 2021 after Hive ransomware compromised dozens of medical…

Read More