What is the BlackLock ransomware? BlackLock is a relatively new ransomware group. First seen in March 2024, the ransomware operation initially operated under the name El Dorado, before rebranding as BlackLock late last year. BlackLock follows a RaaS (ransomware-as-a-service) business model, leasing its tools and infrastructure to affiliates who launch attacks, sharing a proportion of … Read more
The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). As of February 2025, the Medusa ransomware operation, which we have previously detailed on the Tripwire … Read more
Fraudsters have a novel new — errr — old tactic to scam targets into paying out ransoms.The FBI via the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert over an ongoing scam operation that targets C-suite executives in hopes of getting a ransomware payout.The threat actors claim to be affiliated with the BianLian ransomware … Read more
Mar 04, 2025Ravie LakshmananCybercrime / Threat Intelligence Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. “Once infiltrated, it grants attackers a … Read more
More than a year’s worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially … Read more
