Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
TM RedHotCyber 320x100 042514
Banner Ransomfeed 970x120 1

Tag: RaaS

Hellcat Claims an Alleged Breach Against Schneider Electric

Pietro Melillo 04/11/2024

In recent hours, the ransomware group known as Hellcat has claimed responsibility for an alleged attack against Schneider Electric, a global leader in energy management and automation. This supposed breach was reported on Hellcat’s data leak site, where information was published suggesting unauthorized access to the company’s infrastructure. At this time, we cannot confirm the authenticity of this news, as the organization has not yet released an official press statement on its website regarding the incident. Therefore, this article should be considered as an ‘intelligence source.’ Details of the Possible Breach According to the Hellcat group, access was allegedly obtained through Schneider

The Story Of Conti Ransomware – Origins and Evolution of the RaaS Model (Episode 1)

Alessio Stefan 30/09/2024

Ransomware, a malware designed to encrypt data making them restorable only with the use of a private key. Relatively simple math is all that threat actors out there needs to disrupt networks around the globe, once lock out you can get your plain data back just in one way : cripto payment. The real first Ransomware ever discovered was made by Joseph L. Popp Jr. with his malware called AIDS. Isolated in 1989, the program was stored inside a Floppy Disk with the label “AIDS Information Introductory”, sent in the email of 20,000 of WHO conference in Stockholm. Once opened the C:

RHC Interviews Lynx Ransomware. The cyber-gang offering Pentest services ensuring privacy

RHC Dark Lab 23/09/2024

In July 2024, the Lynx group burst into the RaaS world, which from the outset demonstrated above-average aggressiveness and success in attacks with a total of 22 victims featured on their Data Leak Site (also available in the clearnet). Lynx’s victim categories are mainly Construction (ex:/ Miller Boskus Lack Architects and True Blue Environmental), Finance (ex:/ Pyle Group) and Hotel (ex:/ Warwick Hotels & Resorts andRiverside Resort Hotel & Casino). Lynx performs double extortion techniques and a high frequency of attacks in the U.S. but also in the UK, Canada, and Australia. The group describes their activities as exclusively “financially motivated” and

RHC interviews Qilin Ransomware! “Let’s play fair and wait for a worthy opponent on the field”

RHC Dark Lab 19/09/2024

Qilin (from Chinese :麒麟) is a legendary creature that appears in Chinese mythology and is said to appear with the imminent arrival or demise of a sage or illustrious ruler. The Qilin ransomware is a prime example of the growing complexity of cyber threats. Discovered in 2022, Qilin immediately attracted attention for its ability to target critical sectors such as healthcare and education, particularly in the regions of Africa and Asia. Written in Rust and C, Qilin offers an unprecedented level of customisation that sets it apart from most other ransomware. The operators behind this threat can change the extension of encrypted

A Threat Actors Posts Update on Luxottica’s 2021 Data Breach

Redazione RHC 25/07/2024

Recently, a threat actor in a clandestine forum posted an update on the 2021 data breach concerning the giant Luxottica, one of the world’s largest eyewear companies. According to the post, the breach allegedly exposed extensive personal information of millions of individuals. This article explores the details of the alleged breach based on information provided by the threat actor. At this time, we cannot confirm the veracity of the news, as the organization has not yet issued any official press release on its website regarding the incident. Therefore, this article should be considered an ‘intelligence source.’ Details of the Alleged Breach According

RHC interviews RADAR and DISPOSSESSOR: “When it comes to security, the best defense is a good offense.”

RHC Dark Lab 25/07/2024

In our usual underground analysis activities, we came into contact with the cyber gang DISPOSSESSOR, which came to attention in February 2024 in the cyber threat landscape. Accessing their Data Leak Site (DLS) one immediately realizes a strong resemblance to that of the well-known cyber-gang LockBit, and even the number of views of individual posts, taking into account that it is a blog in the onion network, has nothing to envy the elite cyber-gang. This profound similarity suggests a possible reorganization by affiliates of the world’s longest-running cybergang, LockBit, in part because of the two Cronos operations, which saw law enforcement break

RHC interviews Ransomcortex, the gang targeting Hospitals. “pay the ransom, we won’t even spare the CEO’s family.”

RHC Dark Lab 15/07/2024

Ransomcortex is a new cyber ransomware gang that resonates menacingly in the healthcare sector. This group has quickly attracted attention for its specialization in attacks on healthcare facilities, striking four institutions in a matter of days, including three in Brazil and one in Canada. This group demonstrated extraordinary efficiency and a clear “on target” strategy, highlighting the vulnerability of a sector already under tremendous pressure. Ransomcortex’s targeted focus on healthcare organizations raises crucial questions: why this sector and what are the real targets of these criminals? Extremely sensitive and valuable health information is a tempting target for financial fraud, extortion, and black

Hospitals tremble! Ransomcortex arrives. ransomware gang targeting healthcare facilities

RHC Dark Lab 12/07/2024

Recently, the landscape of cyber threats has been enriched by the emergence of a new ransomware group named “Ransomcortex”. This group is distinguished by its specialization in attacking healthcare facilities, having already collected four victims within a few days of its first appearance. Among these, three are Brazilian healthcare facilities and one is Canadian. The preference for attacks on the healthcare sector is not new, but Ransomcortex represents a significant evolution of this trend. Historical Context The interest of cybercriminals in healthcare organizations dates back several years, but recently there has been a significant increase in these attacks. One of the first

RHC interviews Vanir Group. Former affiliates of LockBit, Karakurt and Knight united to extort money: ‘Hire professionals, don’t be cheap’

RHC Dark Lab 12/07/2024

New threat actors often emerge every day to destabilize the digital foundations of organizations around the world. One of the most recent and disturbing cybergangs uncovered by Darklab of Red Hot Cyber team is the VANIR group, a collective known for its ruthless ransomware operations. This exclusive interview, conducted by Dark Lab group, sheds light on an enemy as mysterious as it is dangerous. “You have to know the demons to learn how to counter them.” This phrase, frequently quoted by Red Hot Cyber in conferences and articles, underscores the importance of understanding the modus operandi of cyber criminals. Knowing the “demons”

Medusa Ransomware claims responsibility for the attack on Harry Perkins Institute

Alessio Stefan 05/07/2024

On July 3, 2024, the Australian research institute Harry Perkins was the victim of a ransomware attack claimed by MEDUSA on their official DLS. More than 4.6 Terabytes of CCTV recordings inside the main building are the data being held hostage. A payment of $500,000 is demanded for the deletion of the data and the same amount to be able to download it. Additionally, for $10,000 the victim can add 24 hours to the countdown that started 9 days ago. The nature of the data attacked (video recordings) is unusual compared to other ransomware attacks, the privacy of the 172 employees and

Category