We're excited to announce that we've enhanced and redesigned our
#CTI
intelligence system to be more user-friendly and efficient, offering deep insights into the cyber threat landscape.
With real-time monitoring of
#ransomware
groups and cyber attack trends, our platform
🌐Lockbit
#Ransomware
paid the first $50K Bug bounty 💸
It was possible to decrypt any VMDK/VHDX file that was encrypted by Lockbit. So they got inside information related to some FBI agents, they were able to find out about the weakness in encryption and fixed it
#Lockbit
🇮🇱 Even though our team is in a war zone, we are doing our best to continue providing our customers with quality cyber intelligence 👷♂️
Thanks to everyone who asked and was interested in the safety of our team 🙏
🌐 A new
#ransomware
attack is spreading like crazy 🚨
Many VMware ESXi servers got encrypted in the last hours with this ransom note 🧐
What's interesting is that the bitcoin wallet is different in every ransom note. No website for the group, only TOX id 👀
🌐 RansomEXX
#ransomware
team added Ferrari To the victim's list 🚨
RansomEXX claims to have stolen over 7G of data from the Ferrari company, The attack is published only 4 days after the announcement of the partnership between Ferrari
#formula1
and Bitdefender 🏎️
#RansomEXX
🌐
#Lockbit
team gives the decryptor for free to Canadian hospital 🚨
"We formally apologize for the attack on SickKids and give the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program"👁️
#Ransomware
🌐 You should be careful with your Cobalt Strike 👀
a critical
#XSS
vulnerability that allows an attacker to set a malformed username in the Beacon configuration, allowing them to remotely execute code 🥷
(CVE-2022-39197)
#RCE
🌐 Lockbit
#ransomware
team added a huge sandwich chain with $19.3 Billion in revenue from the United States 🚨
Lockbit claims to have managed to steal thousands of documents and classified information by hacking into the company's network. Lockbit gives about 12 days for
🌐 In the interview that
@vxunderground
did with a ransomware operator they talk about money, fear, and life itself showing the story of the people behind the
#ransomware
groups 🧐
"I don't fear the FBI, I fear Mandiant"
(RWO-09-26)
🌐 Yanluowang
#Ransomware
team add CISCO to the victim's list 🚨
The group shares a TXT file with all the stolen files, a Total of 82G of data, looks bad 🧐
#Yanluowang
🌐 DarkBit
#Ransomware
team hit the Israel Institute of Technology (
@TechnionLive
) and probably encrypted the entire computer network 🚨
This is the note at the entrance today morning:
"We are under cyber attack Please unplug all computers" 📢
#DarkBit
🌐 5 Hours ago unknown threat actor updated one of
@pypi
packages with CIA
#Ransomware
🚨
the package "requdsts 2.28.1" contain request[.]py that is updated to download and execute a payload from the IP 35.235.126.33 (⛔️) 👀
IOCs and More Info ➡️
#CIA
🌐 DarkFeed project is going to be active soon, but with some changes:
From now on, DarkFeed only tracks the group's victims website, the system does not collect information from infrastructure and support chat pages.
#Ransomware
🌐 Lockbit
#Ransomware
team go crazy again 🚨
In the last 24 hours, Lockbit added 28 new victims.
Small companies, large organizations, government organizations and more are just some of Lockbit's latest wave of
#cyber
attacks 👁️
➡️ More Info:
#Lockbit
🌐 Lockbit
#Ransomware
team added Continental to the victims list 🚨
Continental offers technologies and engineering solutions for vehicles, machines, traffic, and transportation with $36 Billion in revenue
from Germany 🇩🇪
#Lockbit
🌐 BlackCat
#Ransomware
team claims to hack into an Indian 🇮🇳 company that is manufacturing ammunition for military applications 🚨
BlackCat also published photos from the company's security cameras on their website 🎦
"MORE THAN 2TB SECRET MILITARY DATA LEAKED"
#BlackCat
🌐 ESXiArgs
#Ransomware
continues to spread.
So far over 600 infected servers have been located all over the world 👁🗨
Updated Targeted Countries:
🇫🇷 France: 188
🇩🇪 Germany: 91
🇺🇸 USA: 69
🇨🇦 Canada: 61
🇳🇱 Netherland: 34
🇬🇧 UK: 28
🇫🇮 Finland: 21
🇵🇱 Poland: 18
#ESXiArgs
🌐 A quick search in
@shodanhq
shows that the spread is extensive, a total of 327, but we are sure there is more 🧐
The most targeted system is from France 🇫🇷 on OVHcloud and Hetzner hosting. But they have
hit other hosting and cloud companies
around the world🌎
#Ransomware
🌐 REvil
#Ransomware
team website right now, All the victims have disappeared and the blog is empty 🧐
This comes just a few days after REvil leaked the data of the Medibank hack 🧭
#REvil
🌐 What happened to Lockbit?
Lockbit attack rate dropped by more than half in October. Last month, on the same day of the month, they had more than 80 victims, currently, they have a little more than 30 🧭
#Lockbit
🌐 A quick search in
@shodanhq
shows that the spread is extensive, a total of 327, but we are sure there is more 🧐
The most targeted system is from France 🇫🇷 on OVHcloud and Hetzner hosting. But they have
hit other hosting and cloud companies
around the world🌎
#Ransomware
🌐 A new
#ransomware
attack is spreading like crazy 🚨
Many VMware ESXi servers got encrypted in the last hours with this ransom note 🧐
What's interesting is that the bitcoin wallet is different in every ransom note. No website for the group, only TOX id 👀
🌐BlackCat
#Ransomware
team added UNISYS to the victim's list 🚨
Unisys is an IT company that builds secure, modern digital platforms. The company's services provided include cybersecurity and digital government with $2 billion in revenue from The United States 🇺🇸
#ALPHV
🌐 Everest
#Ransomware
team just added The Brazil Government to the victim's list 🚨
Everest selling access to Gov Brazil network, "more than 3 TB of data" 🇧🇷
#Everest
🇮🇱 Another
#Cyberattack
hit big Israeli target 🚨
RotterNet (
@RotterNet
) website was hacked and defaced by ALTOUFAN TEAM, Rotter is a large Israeli website for current affairs and politics
#ALTOUFANTEAM
🌐 it is not a bug,
#Lockbit
go crazy and added 10 new victims 🚨
One of the victims is a huge food company with $253 million in revenue from Romania 🇷🇴 Lockbit also added another victim from Israel 🇮🇱
#Lockbit
with a total of 1364 victims 🧮
🌐 In the last 12 hours, Fourteen new victims were added by serval
#ransomware
teams 🚨
One of the victims is a huge Indian 🇮🇳 bank with $5.5 billion in revenue 💰
Another victim is a Canadian 🇨🇦 corporation with $514 million in revenue 💸
Hit Map:
🌐 Crazy,
#Lockbit
is the first group to reach 1500 victims 🧮
Lockbit team was added in June 2021, and since then they have been breaking all the records 👀
#Ransomware
🌐 It seems that Lockbit
#ransomware
team hacked into the network of a vast manufacturer from Taiwan (🇹🇼), encrypting the corporate network, stealing Five terabytes of data, and defacing the corporate site 🚨
➡️ More information on our
#CTI
Page
🌐 Lockbit
#Ransomware
team with a new version, new style 👀 and even a bug bounty 🤔
"We've been working since September 3, 2019
2 years 297 days 8 hours" ⏳
#Lockbit
🌐
#BlackCat
(ALPHV)
#Ransomware
team changing the rules of the game 🎲
After they updated about a new victim they registered a similar domain (.xyz instead .com) and uploaded all the leaked data, now it is easy and quick to look at the vast information that has been leaked 🧭
🌐 There is a ransomware website inside a ransomware website? 😕
Vis Vendetta
#Ransomware
team website suddenly appeared on Cuba ransomware team domain
(test. ❓) 🤔
One victim from France 🇫🇷 on Vis Vendetta List
#VisVendetta
#Cuba
🌐 From now on everyone can access our free dashboard!
➡️ Real-time Statistics 🧮
➡️ Last Seven days victims Search 🔍
➡️ Last Ten
#ransomware
attacks👁🗨
➡️ Total attacks per month ⌛️
➡️ Top active groups ☢️
➡️ Join the ride
🌐
#Ransomware
Groups Statistics November 2022:
- Royal: 44 🔺
- Lockbit: 33 🔻
- Medusa Locker: 21
- LV: 16 🔺
- Bian Lian: 15 🔺
- Vice: 11
- BlackCat: 10 🔻
- Play: 9
Total Victims: 244🔺(Oct 231)
For the first time, Lockbit is knocked out of first place by
#Royal
Team 🥇
🌐 Recently, several
#ransomware
groups have started to publish, in addition to the stolen information, also the negotiations chat between them and the victims 🚨
The conversation that Lorenz published is edited, and only the victim's side appears in them 👁️
#Lorenz
#Lockbit
🌐 This Is CLOP day. CLOP
#ransomware
team added 54 new victims related to the MoveIt hack 🚨
Banks, huge consulting and manufacturing companies, and much more. This is the highest record of victims for one day, the record is still with PYSA 💥
#CLOP
🌐 We are happy to announce that we are expanding 🙏
Very soon, we will start cooperating with other cyber companies to provide our users a better service 📢
Stay tuned 👀
Top Active
#Ransomware
Groups February 2024🎯
-Lockbit: 101 🔺
-Hunters: 30 🔺
-BlackCat: 26 🔺
-Black Basta: 24 🔺
-8Base: 24 🔻
-Play: 23 🔺
-BianLian: 20 🔺
-Akira: 15 🔻
-Medusa Blog: 14 🔺
-Qilin: 10 🔺
Total Victims: 372 🔥
➡️ February 2024 has the highest number of
🌐Everest
#Ransomware
team added
@ATT
- AT&T to the victim list 🚨
Everest claims it hacked into the AT&T network and is now selling direct access to the company's network 🧭
#Everest
🌐 Black Magic the Iranian 🇮🇷 hacking team uses
#Ransomware
to target Israeli companies 🚨
The group claims to hack and encrypt two large logistics companies in Israel
#BlackMagic
🌐 Lockbit
#ransomware
team claims that they obtained data about SpaceX after they hacked into another US Company 🚨
"Elon Musk we will help you sell your drawings to other manufacturers - build the ship faster and fly away"
#Lockbit
🌐 Another supply chain attack by Lockbit
#Ransomware
team 🚨
Lockbit claims to hack into MercuryIT, an IT company from New Zealand 🇳🇿
Apparently,
#Lockbit
managed to steal sensitive documents of other companies through the breach of MercuryIT and added them as new victims 👀
🌐 Lockbit
#ransomware
team publishes another negotiation chat 🚨
"why your director at 82 years old hundreds of millions of dollars? he will not have time to spend them the rest of his life anyway"
#Lockbit
demanded $7 million 💰
Full chat on our threat intelligence page 👁️
🌐 In the last 24 hours, 16 new victims were added by serval
#ransomware
teams.
The total revenue of all the victims just for today is more than $4.6 Billion 💰 11 victims are from the United States 🇺🇸
➡️Top Groups:
- Lockbit: 9
- BlackCat: 5
- Ragnar Locker: 1
- RansomExx: 1
🌐 The Israeli power plant "Orot Yosef" was exploded🚨
Earlier today, ALtahrea the Iranian 🇮🇷 hacking team claimed to hacked into the remote energy management of the power plant and shared the IP address of the EMpro system on their TG channel 🧐
#ALtahrea
🌐 In the last 12 hours, Ten new victims were added by serval
#ransomware
teams.
The total revenue of all victims combined is more than $15.5 Billion 💰
🇨🇳 China: $11.5B
🇰🇷 South Korea: $2.9B
🇦🇹 Austria: $1B
🇺🇸 USA: $70M + 1 Government Office
🇦🇺 Australia: $19.2M
Hit Map:
🌐 REvil (Sodinokibi)
#Ransomware
team added Medibank to the victims list 🚨
Medibank is an integrated healthcare provider of private health insurance and health solutions with $5 billion in revenue from Australia 🇦🇺
#REvil
#Sodinokibi
🌐 Last Week
#Ransomware
Statistics🎯
TOP TARGETED COUNTRIES:
🇺🇸 USA: 52
🇬🇧 UK: 11
🇫🇷 France: 5
🇩🇪 Germany: 4
🇨🇦 Canada: 4
TOP ACTIVE GROUPS:
-Play: 24
-CLOP: 23
-Akira: 12
-BlackCat: 9
-8Base: 8
Total Victims: 118
The first week that
#Lockbit
is not on this list 👁🗨
Hits Map:
🌐 IceFire
#Ransomware
team just added to DarkFeed groups page 🚨
Nine active victims on the group website, weird, most companies are from unusual countries like:
Turkey 🇹🇷 Pakistan 🇵🇰 Morocco 🇲🇦
🧐
➡️
#IceFire
🌐 Top
#Ransomware
Groups of 2024: The Most Active Threat Actors So Far, with two groups currently battling for the second spot on the leaderboard 🧮
➡️ Lockbit: 533 🥇
➡️ Ransomhub: 257 🥈
➡️ Play: 226 🥉
➡️ Akira: 155
➡️ Hunters: 151
➡️ Medusa Blog: 140 🔺
➡️ Black
🌐Black Reward hacking team claim that they hacked into
@PressTV
🚨
'PressTV is an Iranian state-owned news network that broadcasts the Islamic Republic's propaganda and spreads dis/misinformation" 🇮🇷
Black Reward published more than 5K emails from their internal network 🧭
🌐 The new website (Version 3.0) of Lockbit
#Ransomware
team allows anyone to extend the timer by 24 hours, destroy all data from the website, or download all data right away to maximize the ransom money for each victim 💸
Next level hacking group 🥷
#Lockbit
🌐 I didn't think it was possible but Lockbit is increasing the attack rate 🚨
Sixteen victims were added by Lockbit in the last 24 hours. most of the victims are from the United States 🇺🇸 two are from Netherlands 🇳🇱
#Lockbit
🌐 Crazy weekend in the
#Ransomware
world 🚨
➡️ BlackCat releases statement regarding the MGM attack and fake news 🐈⬛
➡️ Ragnar Locker updated about a very high-volume target 🇮🇱
➡️ Clone of the 8Base team site was found on darknet called CryptBB👀
➡️
🌐 Europol, NCA, and FBI strike again, claiming they have taken down key members of the LockBit
#ransomware
group and even disrupted parts of their infrastructure 🚨
Law enforcement is playing their own game and continuing with Operation Cronos 🥷
More info on our CTI page
🌐
#Ransomware
Groups Statistics January 2023:
- Lockbit: 51
- Vice: 21
- BlackCat: 20
- Royal: 20
- Play: 10
- Avos: 7
-Mallox: 7
- BlackByte: 6
- HiveLeaks: 3
Total Victims: 170🔻(Dec 257)
Maybe the last time for Hive team under this name?
Hive ended up with 220 victims 🧮
🌐 From now on, the weekly
#Ransomware
live statistics are open to everyone: 🎯
➡️TOP TARGETED COUNTRIES:
🇺🇸 USA: 19
🇸🇬 Singapore: 1
🇦🇺 Australia: 1
🇬🇧 UK: 1
🇧🇷 Brazil: 1
🇸🇦 Saudi Arabia: 1
🇫🇷 France: 1
➡️TOP TARGETED SECTORS:
Business Services: 9
🌐
#Lockbit
ransomware group strikes again with a massive blitz, announcing over 50 victims in just the last hour 🚨
The victims list includes NASDAQ-listed firms, major corporations, financial institutions, and tech companies. Notably, some victims had been previously targeted
🌐 BlackCat
#Ransomware
team added the Central Bank of The Gambia 🚨
"Central Bank of The Gambia has an extremely low degree of data protection. Because of this, we received more than 2TB of sensitive data"
#Blackcat
🌐 As they promised, Today CLOP
#ransomware
team uploaded an insane amount of stolen data of
#MoveIt
victims to their leak site 🚨
➡️ More info on our
#CTI
page 👀
#CLOP
🌐 Monti
#Ransomware
team just added the first victim 🚨
The victim is a transit agency charged with regional financial oversight, funding, and transit planning for Chicago 🇺🇸
#Monti
🌐 CLOP
#Ransomware
team just added Seven new victims 🚨
One of the victims is a huge company with $72.1 billion in revenue from the United Kingdom 🇬🇧
None of the companies announced a
#cyber
attack👀
Top Targeted Countries:
🇺🇸 USA: 4
🇨🇦 Canada: 2
🇬🇧 UK: 1
#CLOPLEAKS
🌐 We have added a statistics page to present
#Ransomware
incidents calculated by time, countries and year 🧮
➡️ Ransomware Incident by months
➡️ Top targeted countries by months
➡️ Top active groups over time
➡️ Top active groups in real-time
* Registered users only ❕
🌐 Ransomware Team Status:
➡️ Online:
-Handala (🇮🇷)
-Denoex
-Blackout
-Trisec
-Ransomhub
-nSafe (🔄)
-MyData
-Slug
➡️ Offline:
-BlackCat
-Knight
-Bloody
-Insane
Until now, In March 2024,
#Ransomware
attacks hit their lowest numbers compared to the same month in the last three