Halcyon

Webinar: Halcyon Threat Insights - March 2025 March 19th, 2025 at 9:00am PDT / 12:00pm EDT: https://bit.ly/4imK9HG Key insights and intelligence from the Halcyon RISE Team (Research, Intelligence, Services, Engineering) - get the latest on the top #ransomware threats, trends and news every month. #cybersecurity #infosec #security #cyberattack #webinar

Babuk2 Ransomware: Extortion Attempts Based on False Claims Recent investigations by the Halcyon RISE Team have revealed that the #Babuk2 ransomware group is issuing extortion demands based on false attack claims: https://lnkd.in/gNmysRgz - False Claims & Recycled Data: Babuk2, also known as Babuk-Bjorka, appears to be reusing data from earlier breaches to back up its extortion claims. Many of the victims listed in their announcements were already targeted by other ransomware groups such as RansomHub, FunkSec, LockBit, and even the original Babuk team. - No Confirmed New Attacks: Despite the group’s claims of having conducted multiple attacks in early 2025, our analysis indicates there is no evidence of new, live ransomware encryption or fresh network intrusions. Instead, the data appears to be recycled from past incidents. - Key Figures & Origins: Babuk2 emerged in January 2025 and is not a direct continuation of the original Babuk ransomware, which was active in 2021. The new operation seems to use the Babuk name for credibility. Its administrator, known as Bjorka, has been active on various forums and Telegram, and has previously been associated with other data breaches and extortion attempts. At present, Babuk2’s claims of successful ransomware attacks appear to be unsubstantiated. The group seems to be leveraging previously leaked data as a tactic to boost its credibility and drive ransom payments. Organizations facing such claims should conduct thorough, independent investigations of any reported breaches. A proactive approach—verifying network integrity and checking for signs of genuine, new attacks—will help prevent unnecessary panic and financial loss. #cybersecurity #infosec #security #cyberattack #ransomware #Babuk

Last Year in Ransomware: Overview, Developments and Vulnerabilities Ransomware attacks inflict substantial, long-term damage on organizations, extending far beyond initial financial impacts. Organizations suffer significant reputational harm, leading to customer attrition and heightened regulatory oversight. This analysis examines the key developments that shaped the #ransomware ecosystem throughout 2024, from emerging attack vectors to novel malware variants... https://lnkd.in/gTAZzpgh #cybersecurity #infosec #security #cyberattack

FBI and CISA Warn Against #Ghost #Ransomware in Latest Advisory Given the rise in disruptive ransomware attacks, #CISA emphasizes the urgent need for organizations to enhance their #cybersecurity measures and has released detailed guidelines. Ghost first emerged in early 2021 and has steadily escalated its operations, targeting businesses and critical infrastructure across more than 70 countries. Known for its adaptive tactics and relentless focus on exploiting vulnerabilities in outdated systems, the group has become one of the more dangerous ransomware threats. https://lnkd.in/gQh2pw2y #cyberattack #infosec #security #FBI

Straight-up data extortion... Get the report: https://lnkd.in/gp2YxPeY #infosec #security #cybersecurity #cyberattack #ransomware

BlackBasta Ransomware Group's Internal Chat Logs Leaked The leak has shed light on the inner workings of BlackBasta, revealing their tactics, targets as well as personal dynamics and discord within the group. #BlackBasta has reportedly collected over $100 million in ransom payments from more than 90 victims, including several high-profile attacks. Despite their success, BlackBasta has recently experienced a decline in activity... https://lnkd.in/gWyhj_NH cybersecurity, infosec, security, cyberattack, ransomware

Patch Now: Ransomware Operators Exploiting Two Fortinet Vulnerabilities Researchers observed that between late January and March 2025, intrusions exploiting two #vulnerabilities led to the deployment of a new #ransomware strain. This strain closely resembles #LockBit 3.0 but features modifications such as a customized ransom note and a unique data #exfiltration tool. Despite Fortinet's release of patches addressing these vulnerabilities, some organizations remain unpatched, leaving them susceptible to attacks. https://lnkd.in/gjRQdyS8 #cybersecurity #infosec #security #cyberattack, #vulnerability, #exploit #patching

RansomHub Targets Patchable Bugs in Microsoft Active Directory and Netlogon #RansomHub has been #exploiting patchable #vulnerabilities in #Microsoft Active Directory and #Netlogon to escalate privileges and gain access to domain controllers. These vulnerabilities, identified as CVE-2021-42278 (#noPac) and CVE-2020-1472 (#ZeroLogon), allow attackers to impersonate domain controllers and achieve full privileged access, facilitating lateral movement across compromised networks. https://lnkd.in/gZcsYUTa #cybersecurity #infosec #security #cyberattack #ransomware #patching

via Forbes... FBI Warning—Gmail, Outlook And VPN Users Need To Act Now: “Ransomware operators like #Medusa focus on gaining leverage to extort organizations, making critical infrastructure entities prime targets due to their heightened motivation to maintain uninterrupted services..." Jon Miller, CEO and co-founder of Halcyon.

Last Month in Security 010: Richard Stiennon on the EO and Cyberwarfare In this edition of the Last Month in Security #podcast, we are joined by Richard Stiennon, Chief Research Analyst at IT-Harvest, to discuss Presidential EOs, #cyberwarfare and more. https://lnkd.in/gy8nAJ7k Throughout his career, Stiennon has held significant positions, including VP of Research at Gartner, CMO at Fortinet, VP of Threat Research at Webroot Software, Chief Strategy Officer at Blancco Technology Group, and more.  #cybersecurity #infosec #security #cybersecurity #cyberattack #ransomware