Malware News The Week in Ransomware - May 17th 2024 - Mailbombing is back

Gandalf_The_Grey

Level 78
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,766
This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum.

However, that does not mean there was nothing of interest released this week about ransomware.

A report by CISA said that the Black Basta ransomware oepration has breached over 500 organizations worlwide since the group launched in April 2022.

After the Conti suffered a massive data breach, the ransomware operation shut down and its members splintered into different groups or launched their own ransomware operations.

One of those operations is Black Basta, which is believed to be composed of prior Conti members who operate it as a private group rather than as public ransomware-as-a-service.

It is widely believed that CISA released this report after news of massive disruption at Ascension Healthcare was caused by a Black Basta ransomware attack.

In other news, the relatively new Inc Ransomware was attempting to sell its source code for $300,000. However, it is unclear whether the group was selling older, unused code or shutting down the operation.

Ransomware phishing attacks also took front stage this week, with the Phorpiex botnet sending millions of emails that led to LockBit Black ransomware attacks, with the encryptor believed to have been created using LockBit's leaked source code.

BlackBasta was also found mailbombing employees in targeted organizations by subscribing their email addresses to various subscription services. They then contacted the target as IT support from their company to conduct a social engineering attack that let them gain access to the victim's computer.

Finally, Australian electronic prescription provider MediSecure shut down its IT systems and phones after suffering a 'large-scale' ransomware data breach.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top