Ransomware group innovations and a wave of arrests (Week 24)

Ransomware group BlackCat trended in cybersecurity media, Cloudflare prevented another record-breaking DDoS attack, and security forces did not slack off, with a huge wave of international arrests and seizures of illegally acquired assets.

Disclosure of stolen data

Ransomware group BlackCat is employing a new strategy – posting stolen information to publicly available/popular sites. The strategy aims to increase the pressure on victims of ransomware attacks and make them pay not only for decryption keys, but also for not disclosing stolen data (double blackmail). The group publishes the data stolen from the victim in an easily viewable form.

Operation First Light 2022

Interpol’s Operation First Light 2022, targeting email and phone fraudsters, has successfully involved 76 countries. At least 2,000 suspected fraudsters and money launderers were arrested during 1,770 raids around the world. It also succeeded in identifying another 3,000 suspects, freezing 4,000 bank accounts and seizing more than $50 million in ill-gotten funds. 

Another DDoS record

Cloudflare released the information that they successfully managed to stop a record-breaking DDoS attack on one of their customers, whom they did not name. The attack, with an intensity of 26 million requests per second (RPS), was carried out from a botnet composed of more than 5 thousand devices. These were compromised virtual machines from multiple cloud service providers.

Data of 70 000 people exposed

Kaiser Permanente, a US healthcare leader, has been the target of a cyberattack. The company admitted that attackers were able to access sensitive medical data that includes name, medical ID, dates of scans and lab test results. The potential leak may involve about 70,000 people.

Encounter to the ransomware

The US Department of Justice and the European organisation Eurojust organised a workshop in The Hague to strengthen international cooperation against ransomware attacks. Participants agreed that international cooperation and coordination is the best way to combat ransomware attacks.


  • Microsoft has issued a warning to administrators of un-updated Exchange servers. The servers are being targeted by the BlackCat ransomware group, which will map the victim’s systems and steal documents with sensitive content before encrypting the victim’s servers.
  • Security researchers at F5 labs have uncovered a new mobile malware, MaliBot, that resembles the now-defunct Flubot The malware spreads via smishing and so far is targeting users of Italian and Spanish banks,
  • the operator of several DDoS services including “org” and “” has been sentenced to 2 years imprisonment. The cybercriminal facilitated more than 200,000 attacks on various organizations, including universities and municipalities,
  • a California cybercriminal was sentenced to 9 years in prison for stealing private photos from Apple iCloud accounts. The attacker had data from more than 500 victims,
  • SafetyDetectives security researchers uncovered the open database of software solutions provider Transact Campus. The server contained credit card and transaction details in addition to student login, identification and contact details.

« Späť na zoznam