ransomware

How ALPHV destroyed Henry Schein’s business

How ALPHV destroyed Henry Schein's business: shocking details of three encryptions and hopeless negotiations 💬 The ALPHV/BlackCat group announced its plans to encrypt Henry Schein systems for the third time. The group's efforts are part of pressure on the company to end negotiations following a massive cyberattack in October. Ongoing negotiations with the hackers are deteriorating, and the group is accusing the company of lack of professionalism. Henry Schein, one of the world's leaders in…

Read More

Chat simulator with ransomware

In May, I wrote about the site Ransomchats , with which you can read correspondence between ransomware groups (Conti, REvil, BlackBasta, etc.) and victims. Some of the correspondences are short, while others are quite long and even successful - primarily for attackers. It turns out that one enthusiast used this data (correspondence between victims and extortionists) to train the chatbot RansomChatGPT . Now this is a simulator of negotiations with ransomware. It is proposed to…

Read More

Ransomchats

Here, you'll find ransomware negotiations normalised as JSON files. Ransomware negotiations are usually not shared widely, limiting the understanding of the process. This project aims at changing that, in a respectful manner for the victims of cyberattacks: chats are anonymized as long as the victim hasn't been publicly disclosed, either by the attackers or in the media. https://github.com/Casualtek/Ransomchats Black BastaWe are Black Basta Group. We are here to inform that your company local network has…

Read More

LostTrust Ransomware – Trust nothing — ShadowStackRE

LostTrust RansomwareNOV. 26Trust nothingOverview The LostTrust ransomware family has a fairly small victim pool and has compromised victims earlier this year. The encryptor has similar characteristcs to the MetaEncryptor ransomware family including code flow and strings which indicates that the encryptor is a variant from the original MetaEncryptor source. https://www.shadowstackre.com/analysis/losttrust

Read More

Trigona is Gone!

The servers of the Trigona ransomware gang have been exfiltrated and wiped out. Welcome to the world you created for othersHacked by theUkrainian Cyber Alliance. Disrupting russian criminal enterprises (both public and private) since 2014 http://3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion

Read More

Sourcecode: HelloKitty Ransomware

The HelloKitty ransomware group, like other ransomware gangs, implements a double extortion model, stealing sensitive documents from victims before encrypting them. Then, the threat actors threaten to leak the stolen data to force the victim into paying the ransom. The ransomware samples seem to evolve quickly and frequently, with different versions making use of the .crypted or .kitty file extensions for encrypted files. Some newer samples make use of a Golang packer that ensures the…

Read More

Arvin Club Leak Site

Arvin Club Leak Site 2 October 2023 Target Introduction Name:Pasouk biological company Official Website:https://pasouk.ir Samples Download Address Download URL:http://anonissfireenterfdks2u53jqevumbu6hjm35ioorsa7eq5bsjlucad.onion/do.php?filename=5e5dcbbd73337ec3a3e8811.rar Other:contact us by tox:D6164C90642CD93D9D3F353511B4BDBD1428309C90CDE13D3D7088AA5BE3010A52E485834E84 1october Target Introduction Name:Shirin Travel Agency Files Samples Download Address Download Samples:http://anonissfireenterfdks2u53jqevumbu6hjm35ioorsa7eq5bsjlucad.onion/do.php?filename=bd413d1583d4b7dc9901121.rar Other:contact us by tox:D6164C90642CD93D9D3F353511B4BDBD1428309C90CDE13D3D7088AA5BE3010A52E485834E84 23August Target Introduction Name:sti company Official Website:https://sticompany.co Files Download Address Download URL:https://www.sendspace.com/file/t6dx3v Other:contact us by tox:D6164C90642CD93D9D3F353511B4BDBD1428309C90CDE13D3D7088AA5BE3010A52E485834E84 8August Target Introduction Name:Sabalan Azmayesh Official Website:https://www.sabalanmedical.ir Files Download Address Download URL:https://www.sendspace.com/file/zrfso0 Other:contact us by tox:D6164C90642CD93D9D3F353511B4BDBD1428309C90CDE13D3D7088AA5BE3010A52E485834E84 7August Target Introduction Name:Parsian…

Read More

ALPHV Statement on MGM Resorts International: Setting the record straight

9/14/2023, 7:46:49 PM We have made multiple attempts to reach out to MGM Resorts International, "MGM". As reported, MGM shutdown computers inside their network as a response to us. We intend to set the record straight. No ransomware was deployed prior to the initial take down of their infrastructure by their internal teams. MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had…

Read More