The VanHelsing ransomware-as-a-service operation has leaked its source code, including the Windows encryptor and affiliate panel, after an attempted sale by an alleged hacker. This leak could enable cybercriminals to customize and deploy new variants, impacting multiple systems such as Windows, Linux, BSD, ARM, and ESXi. #VanHelsing #Ransomware #Cybersecurity #SourceCodeLeak
Tag: RAAS
A recent leak of the LockBit ransomware group’s internal database has exposed detailed information about their operations, affiliates, targets, and payment methods. This breach could significantly impact the group’s future activities and law enforcement efforts. Affected: LockBit ransomware group, victim organizations, cybersecurity and law enforcement agencies…
Scattered Spider is a financially motivated threat actor specializing in cloud-focused social engineering and access brokering, likely enabling DragonForce ransomware attacks against UK retail organizations. Their evolving collaboration model with ransomware groups illustrates increasing compartmentalization within cybercrime ecosystems, impacting #UKRetail #DragonForce #ScatteredSpider.
Google warns that the hacking group behind recent UK retail cyberattacks is now targeting US companies, emphasizing ongoing threats to the retail sector. The group uses sophisticated social engineering, extortion, and ransomware tactics to compromise high-profile organizations.Affected: US retailers, UK retailers…
Andrei Tarasov, a Russian-born cybercriminal, has a complex history involving exploit kits, malware development, and international law enforcement actions. Despite recent arrests and extradition issues, he remains active in the cybercrime community, operating under aliases and reflecting on his time in detention.Affected: Cybercriminal networks, law enforcement agencies, victims of malware and…
VanHelsing is a ransomware-as-a-service operation that targets multiple platforms using sophisticated encryption algorithms and a double extortion scheme. AttackIQ has developed an emulation-based attack graph to help organizations validate their security controls against VanHelsing’s tactics and techniques. #VanHelsing #AttackIQ…
Ransomware has become a highly advanced and coordinated threat, exploiting legitimate IT tools and innovative business models like RaaS to increase attack frequency and reach. Building a comprehensive backup and recovery strategy is essential for organizations to withstand and quickly recover from such attacks. Affected: Organizations, IT systems, backup infrastructure…
The DragonForce ransomware group has shifted from hacktivism to a profit-driven Ransomware-as-a-Service model, impacting major UK retail organizations. Recent attacks on M&S, Co-op, and Harrods demonstrate their growing capabilities and the serious cybersecurity risks they pose.
Affected: M&S, Co-op, Harrods…
Moldovan authorities, with support from Dutch law enforcement, arrested a suspect linked to DoppelPaymer ransomware attacks targeting organizations in the Netherlands, including a major scientific institution. The operation involved searches, seizure of electronic devices, and the suspect remains in custody awaiting extradition. Affected: Dutch Research Council (NWO), organizations in the Netherlands…
Lumma Stealer is an evolving info-stealing malware-as-a-service exploited via trusted platforms like GitHub to harvest credentials, crypto wallets, and personal data using advanced evasion, scripting,
UNC3944 is a financially-motivated threat actor targeting various sectors with tactics including social engineering, ransomware, and data theft. Their operations have broadened since 2023, affecting
In the period from April 2024 to April 2025, the financial sector has been a prime target for threat actors, notably facing ransomware attacks, APT
