Cyble Research Reports Significant Increase in Ransomware Attacks
Cyble, an AI-powered threat intelligence platform, has released findings in its latest report, The Cyber Express Reports, revealing a sharp increase in ransomware attacks, with a rise of more than 39%. The surge is largely attributed to criminal groups such as Qilin, Sinobi, and The Gentleman. This uptick follows the shutdown of the RansomHub Crime Group, which was previously involved in distributing file-encrypting malware.
Everest Ransomware Group Targets Sweden’s Power Grid
The Everest Ransomware gang has threatened to release sensitive data stolen from a Swedish power grid. The group claims to have taken 280 gigabytes of data from Svenska Kraftnät, a key provider of electricity transmission to over 60% of Sweden’s population. Despite the gang’s ransom demands, the utility has stated that it will not pay, even as the hackers have threatened to wipe the stolen files from the company’s servers.
Qilin Ransomware Develops New Cross-Platform Malware
The Qilin ransomware group, known for its ransomware-as-a-service operations, has introduced a new Linux-based malware targeting Windows hosts. This move allows the group to execute cross-platform attacks, potentially broadening its reach. In addition, researchers from Trend Micro discovered that the attackers were focusing on targeting Veeam backup software, aiming to neutralize the victims’ ability to recover from disaster recovery systems.
Victims Growing Reluctant to Pay Ransom: Coverware Study
A new study by Coverware, based on data from the past six years, reveals a notable trend: ransomware victims are increasingly refusing to pay ransoms. Many are heeding the advice of law enforcement to recover their data from backups and are taking proactive steps to enhance their cybersecurity. These efforts appear to be paying off, as many organizations are successfully preventing attacks or minimizing the damage caused by cyber extortion attempts.
Everest Ransomware Claims Attack on Dublin Airport Servers
The Everest Ransomware group has claimed responsibility for breaching servers at Dublin Airport, threatening to release stolen data on the dark web. The gang had previously claimed to have stolen sensitive information from AT&T Careers, affecting over 576,000 applicants and employees. In a similar move, Everest has now targeted Air Arabia, stealing data related to 18,000 employees, and is threatening to publish this information unless ransom demands are met.
As of now, no sample data has been released by the attackers.
Safepay Ransomware Attacks German CCTV Company Xortec
German surveillance company Xortec GmbH recently fell victim to an attack by the Safepay ransomware group. The hackers posted the stolen data on the dark web after the company refused to pay the ransom. The leaked data includes shipment information, blueprints for surveillance camera installations, and other confidential client details.
Qilin Ransomware Group Exploits Windows Tools for Data Theft
According to research from Cisco Talos, the Qilin ransomware group has been exploiting widely used Windows tools like MSPaint and Notepad to steal sensitive data. These applications are being used to exfiltrate data from infected systems, sending it to cloud storage locations without the user’s knowledge.
Join our LinkedIn group Information Security Community!
