Clop ransomware gang strikes again; new tactics being used

Ransom payments are seeing a decline which means ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims.

Both the Clop and BlackCat/ALPHV ransomware gangs began utilizing new tactics as a part of their extortion schemes. Clop started to create clearweb sites to leak data stolen during the MOVEit Transfer attacks, exposing the data of up to 11 million people.

By using a clearweb site, it’s easier to access stolen data and could possibly allow search engines to index the data so it’s available to a broader audience. This kind of tactic applies more pressure to victims to have it removed as their data can be actively searched.

At this time this article was written, Clop was only targeting the larger MOVEit victims that have a better chance of paying out, compared to individuals who are less likely to pay anything.

There was also a new extortion strategy from BlackCat, creating a new API to make it easier to grab almost realtime information listed on their sites. This new technique, like the technique from Clop, aims to quickly make public the gang’s new victims, hoping to put pressure on victims so they end up paying the ransom.

Sophos also released new details on the Nitrogen initial access malware used by BlackCat.

July 23rd 2023

Clop now leaks data stolen in MOVEit attacks on clearweb sites

The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom.

July 24th 2023

Yamaha confirms cyberattack after multiple ransomware gangs claim attacks

Yamaha’s Canadian music division confirmed that it recently dealt with a cyberattack after two different ransomware groups claimed to have attacked the company.

Akira Ransomware: What You Need to Know

Akira ransomware is a new and sophisticated threat that has been targeting organizations in recent months. The ransomware encrypts files on the victim’s system and then demands a ransom payment in order to decrypt them

July 26th 2023

New Nitrogen malware pushed via Google Ads for ransomware attacks

A new ‘Nitrogen’ initial access malware campaign uses Google and Bing search ads to promote fake software sites that infect unsuspecting users with Cobalt Strike and ransomware payloads.

ALPHV ransomware adds data leak API in new extortion strategy

The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks.

July 27th 2023

8 million people hit by data breach at US govt contractor Maximus

U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks.

July 28th 2023

Hawaii Community College pays ransomware gang to prevent data leak

The Hawaii Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people.

New Black Beserk ransomware

PCrisk found the Black Berserk ransomware, which appends the .Black extension and drops a ransom note named Black_Recover.txt.