In 2024, a total of 5,414 ransomware attacks occurred worldwide, representing an 11% increase compared to 2023. Following a gradual start, ransomware incidents surged in the second quarter and peaked in the fourth, accounting for 1,827 incidents—approximately 33% of the total for the year. Notably, law enforcement actions against prominent…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
CISA Alerts Businesses to Five Critical Security Vulnerabilities: Immediate Response Needed On April 10, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory concerning five newly identified security vulnerabilities now included in its Known Exploited Vulnerabilities (KEV) catalog. This addition is backed by evidence indicating active…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations
September 27, 2024
Ransomware / Cloud Security
Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.
Microsoft Flags Storm-0501 as Significant Threat in Hybrid Cloud Ransomware Incidents On September 27, 2024, Microsoft announced a notable increase in ransomware attacks orchestrated by the threat actor known as Storm-0501, which has predominantly targeted integral sectors such as government, manufacturing, transportation, and law enforcement across the United States. This…
Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations
September 27, 2024
Ransomware / Cloud Security
Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.
Cybercrime, Fraud Management & Cybercrime, Geo Focus: The United Kingdom Arrests Made in Connection with April Ransomware Strikes Against M&S, Co-Op, and Harrods Mathew J. Schwartz (euroinfosec) • July 10, 2025 Image: Andy Sutherland/Shutterstock British authorities have apprehended four individuals linked to a series of high-profile cybersecurity incidents affecting top-tier…
Data Breach Notification, Data Privacy, Data Security Ransomware Attack Reveals Critical Vulnerabilities in Healthcare Resilience and Vendor Dependency Marianne Kolbasuk McGee (HealthInfoSec) • February 21, 2025 The February 2024 ransomware attack on Change Healthcare disrupted operations for numerous healthcare providers and affected sensitive health data of 190 million individuals. (Image:…
The emergence of RansomHub in 2024 marks a significant evolution in ransomware threats, impacting over 600 organizations following recent disruptions faced by established groups ALPHV and LockBit, as reported by Group-IB. Group-IB’s latest analysis, exclusively presented to Hackread.com, sheds light on the alarming ascent of ransomware-as-a-service models, with RansomHub identified…
In recent developments surrounding ransomware operations, evidence suggests that two prominent groups, AlphV and Lockbit, experienced significant setbacks amid heightened law enforcement scrutiny. AlphV, which reportedly extracted a staggering $22 million ransom from Change Healthcare, executed an “exit scam” shortly thereafter, pocketing the funds and vanishing without compensating the hackers…
Cyber Attacks Strike Healthcare Sector in Multiple States Recent cyber incidents have targeted healthcare organizations across the United States, compromising sensitive data for over 1.2 million patients. Notable victims include a California hospital system, an Alabama cardiology practice, and a community health network in Colorado. These breaches highlight the escalating…
Data Breach Notification, Data Security, Fraud Management & Cybercrime Experts Discuss the Complexity of UnitedHealth Group’s Recent Data Breach Assessment Marianne Kolbasuk McGee (HealthInfoSec) • January 28, 2025 UnitedHealth Group has announced the data breach has affected approximately 190 million individuals due to the ransomware attack on Change Healthcare in…
