CyberSecurityBoard
Sponsor Register Login

LockBit ransomware now poaching BlackCat, NoEscape affiliates

The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams.
Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly became inaccessible without warning.
Affiliates associated with NoEscape claimed that the ransomware operators pulled an exit scam, stealing millions of dollars in ransom payments and shutting off the operation's web panels and data leak sites.
NoEscape is believed to be a rebrand of the Avaddon ransomware operation, which shut down in June 201 and released their decryption keys to BleepingComputer.
We hope that NoEscape will once again release the decryption keys for their victims now that they have shut down their operation.
The BlackCat/ALPHV ransomware operation also suffered a 5-day disruption last week, with all their infrastructure going offline, including their data leak and negotiation sites.
On Monday, the ALPHV data leak site returned, but with all data removed.
BleepingComputer heard from multiple sources that a law enforcement operation was related to the outage.
As first reported by LeMagIT, LockBitSupp, the LockBit operation's manager, has begun to recruit affiliates from the BlackCat and NoEscape ransomware operations.
In posts to a Russian-speaking hacking forum, LockBitSupp told affiliates that if they have backups of the stolen data, they could use his data leak site and negotiation panel to continue to extort victims.
In addition to affiliates, LockBitSupp is trying to recruit the coder for the ALPHV encryptor.
While it is unclear if any of the BlackCat/NoEscape affiliates have moved over to LockBit, one BlackCat's victim has already been spotted on LockBit's data leak site.
BlackCat/ALPHV is a rebrand of the DarkSide and BlackMatter ransomware operations.
After BlackMatter's shutdown in November 2021, its affiliates transitioned to LockBit.
It is too soon to tell whether affiliates and penetration testers have lost trust in BlackCat or NoEscape and are moving to other operations.
Norton Healthcare discloses data breach after May ransomware attack.
ALPHV ransomware site outage rumored to be caused by law enforcement.
HTC Global Services confirms cyberattack after data leaked online.
Tipalti investigates claims of data stolen in ransomware attack.
Healthcare giant Henry Schein hit twice by BlackCat ransomware.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 13 Dec 2023 18:25:21 +0000


Cyber News related to LockBit ransomware now poaching BlackCat, NoEscape affiliates

LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
6 months ago Bleepingcomputer.com
#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
6 months ago Cisa.gov
Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit - For all its vaunted success, the LockBit ransomware operation appears to have already been beset by problems when an international law enforcement effort led by the UK's National Crime Agency shut it down this week. Though it's likely that the dozens ...
4 months ago Darkreading.com
LockBit is Recruiting Members of ALPHV/BlackCat and NoEscape Ransomware Outfit - Recruiting affiliates and developers from the troubled BlackCat/ALPHV and NoEscape ransomware operations is one of the calculated steps being taken by the LockBit ransomware group. An ideal opportunity emerged for LockBit to expand its network due to ...
6 months ago Cysecurity.news
U.S. Joins U.K. to Seize LockBit Site, Disrupt Massive Ransomware Variant - The U.S. Department of Justice has partnered with the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group. The LockBit ransomware group is one of the most active ...
4 months ago Americansecuritytoday.com
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ...
4 months ago Krebsonsecurity.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
6 months ago Bleepingcomputer.com
BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets - The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool. BlackCat's Tor-based leak website ...
6 months ago Securityweek.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
6 months ago Krebsonsecurity.com
LockBit Ransomware Targets German Energy Agency Dena - Dena, the reputed German Energy Agency, is said to have fallen victim to the notorious LockBit ransomware group. The Dena cyberattack was revealed through a post on the threat actor's dark web platform, where they disclose data breach incidents and ...
6 months ago Heimdalsecurity.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
6 months ago Bleepingcomputer.com
BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks - The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Manchkin enables BlackCat to run on remote systems or encrypt remote Server ...
7 months ago Bleepingcomputer.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
6 months ago Bleepingcomputer.com
Law enforcement trolls LockBit, reveals massive takedown - In an act of exquisite trolling, the UK's National Crime Agency has announced further details about its disruption of the LockBit ransomware group by using the group's own dark web website. Since the demise of Conti in 2022, LockBit has been ...
4 months ago Malwarebytes.com
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
6 months ago Bleepingcomputer.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
3 months ago Bleepingcomputer.com
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
6 months ago Securityboulevard.com
Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
6 months ago Helpnetsecurity.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
LockBit targets hospitals - We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals. These attacks include ones against Yakult Australia and the Ohio Lottery by the new ...
6 months ago Bleepingcomputer.com
Cops dismantled LockBit before latest variant hit market The Register - Law enforcement's disruption of the LockBit ransomware crew comes as the criminal group was working on bringing a brand-new variant to market, research reveals. As part of the daily LockBit leaks this week, Trend Micro's report on the group, ...
4 months ago Go.theregister.com
LockBit Ransomware Gang's Website Shut Down - The U.K. National Crime Agency's Cyber Division, the FBI and international partners have cut off ransomware threat actors' access to LockBit's website, which has been used as a large ransomware-as-a-service storefront. According to CISA, LockBit was ...
4 months ago Techrepublic.com
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
6 months ago Bleepingcomputer.com
LockBit attacks continue via ConnectWise ScreenConnect flaws - Exploitation of two critical ConnectWise vulnerabilities continues to mount, with many attacks attributed to ransomware gangs such as LockBit. Last month, ConnectWise disclosed an authentication bypass vulnerability, tracked as CVE-2024-1708, that ...
3 months ago Techtarget.com
The Impact of LockBits New ContiBased Encryptor on Ransomware - The LockBit ransomware gang has recently started using a new encryptor, called LockBit Green, which is based on the source code of the now-defunct Conti ransomware gang. This follows the gang's previous iterations of their encryptor, which began with ...
1 year ago Heimdalsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)