Sigmoid Social

Dissent Doe :cupofcoffee:<a href="https://infosec.exchange/@amvinfe" class="u-url mention" rel="nofollow noopener" target="_blank">@amvinfe</a> got Qilin on the record with a response to accusations by "hastalamuerte" and "Nova." And when Qilin didn't like his reporting and conclusions, they gave him yet another statement. <a href="https://www.suspectfile.com/qilin-responds-to-the-accusations-we-dont-scam-our-affiliates/" rel="nofollow noopener" translate="no" target="_blank">https://www.suspectfile.com/qilin-responds-to-the-accusations-we-dont-scam-our-affiliates/</a>I especially admired their description of themself, "This is an honest name!" (is there an emoji for smothering laughter?) I'm just surprised they didn't challenge Marco's statement about their "Call Lawyer" feature.<a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/RAAS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAAS</a> <a href="https://infosec.exchange/tags/qilin" class="mention hashtag" rel="nofollow noopener" target="_blank">#qilin</a>

Dissent Doe :cupofcoffee:DragonForce has been claiming that it's creating this whole cartel and they're getting a lot of responses/inquiries about it. But does anyone else think it's odd that RansomHub and BianLian just disappeared without any announcement of closing or merger? And I see Everest Team is back, but with a different leak site and without all of their previous data. Are things really like DragonForce claims or is there a less friendly explanation? <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/raas" class="mention hashtag" rel="nofollow noopener" target="_blank">#raas</a> <a href="https://infosec.exchange/tags/cartel" class="mention hashtag" rel="nofollow noopener" target="_blank">#cartel</a>

Dissent Doe :cupofcoffee:When the victimizers become the victims.... RansomHub the victim of a takeover? <a href="https://databreaches.net/2025/04/07/when-the-victimizers-become-the-victims-ransomhub-the-victim-of-a-takeover/" rel="nofollow noopener" translate="no" target="_blank">https://databreaches.net/2025/04/07/when-the-victimizers-become-the-victims-ransomhub-the-victim-of-a-takeover/</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/RaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaaS</a> <a href="https://infosec.exchange/tags/takeover" class="mention hashtag" rel="nofollow noopener" target="_blank">#takeover</a> <a href="https://infosec.exchange/tags/cartel" class="mention hashtag" rel="nofollow noopener" target="_blank">#cartel</a> <a href="https://infosec.exchange/tags/DragonForce" class="mention hashtag" rel="nofollow noopener" target="_blank">#DragonForce</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a>

ESET Research<a href="https://infosec.exchange/tags/ESETresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#ESETresearch</a> discovered previously unknown links between the <a href="https://infosec.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#RansomHub</a>, <a href="https://infosec.exchange/tags/Medusa" class="mention hashtag" rel="nofollow noopener" target="_blank">#Medusa</a>, <a href="https://infosec.exchange/tags/BianLian" class="mention hashtag" rel="nofollow noopener" target="_blank">#BianLian</a>, and <a href="https://infosec.exchange/tags/Play" class="mention hashtag" rel="nofollow noopener" target="_blank">#Play</a> ransomware gangs, and leveraged <a href="https://infosec.exchange/tags/EDRKillShifter" class="mention hashtag" rel="nofollow noopener" target="_blank">#EDRKillShifter</a> to learn more about RansomHub’s affiliates. @SCrow357 <a href="https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/" rel="nofollow noopener" translate="no" target="_blank">https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/</a> RansomHub emerged in February 2024 and in just three months reached the top of the ransomware ladder, recruiting affiliates from disrupted <a href="https://infosec.exchange/tags/LockBit" class="mention hashtag" rel="nofollow noopener" target="_blank">#LockBit</a> and <a href="https://infosec.exchange/tags/BlackCat" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlackCat</a>. Since then, it dominated the ransomware world, showing similar growth as LockBit once did. Previously linked to North Korea-aligned group <a href="https://infosec.exchange/tags/Andariel" class="mention hashtag" rel="nofollow noopener" target="_blank">#Andariel</a>, Play strictly denies operating as <a href="https://infosec.exchange/tags/RaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaaS</a>. We found its members utilized RansomHub’s EDR killer EDRKillShifter, multiple times during their intrusions, meaning some members likely became RansomHub affiliates. BianLian focuses on extortion-only attacks and does not publicly recruit new affiliates. Its access to EDRKillShifter suggests a similar approach as Play – having trusted members, who are not limited to working only with them. Medusa, same as RansomHub, is a typical RaaS gang, actively recruiting new affiliates. Since it is common knowledge that affiliates of such RaaS groups often work for multiple operators, this connection is to be expected. Our blogpost also emphasizes the growing threat of EDR killers. We observed an increase in the number of such tools, while the set of abused drivers remains quite small. Gangs such as RansomHub and <a href="https://infosec.exchange/tags/Embargo" class="mention hashtag" rel="nofollow noopener" target="_blank">#Embargo</a> offer their killers as part of the affiliate program. IoCs available on our GitHub: <a href="https://github.com/eset/malware-ioc/tree/master/ransomhub" rel="nofollow noopener" translate="no" target="_blank">https://github.com/eset/malware-ioc/tree/master/ransomhub</a>

John LeonardA massive leak of internal chat logs from the notorious Black Basta ransomware-as-a-service (RaaS) group has exposed potential ties to Russian authorities, extensive use of artificial intelligence in its operations and plans for a complete rebranding.<a href="https://www.computing.co.uk/news/2025/security/black-basta-ransomware-leak-reveals-potential-kremlin-ties" rel="nofollow noopener" translate="no" target="_blank">https://www.computing.co.uk/news/2025/security/black-basta-ransomware-leak-reveals-potential-kremlin-ties</a><a href="https://mastodon.social/tags/technews" class="mention hashtag" rel="nofollow noopener" target="_blank">#technews</a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> <a href="https://mastodon.social/tags/blackbasta" class="mention hashtag" rel="nofollow noopener" target="_blank">#blackbasta</a> <a href="https://mastodon.social/tags/raas" class="mention hashtag" rel="nofollow noopener" target="_blank">#raas</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#russia</a>

Mathew Thomas<a href="https://mstdn.social/tags/VishenLakhiani" class="mention hashtag" rel="nofollow noopener" target="_blank">#VishenLakhiani</a> of <a href="https://mstdn.social/tags/Mindvalley" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mindvalley</a> Speaks about <a href="https://mstdn.social/tags/AgenticAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AgenticAI</a> From <a href="https://mstdn.social/tags/GenerativeAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#GenerativeAI</a> to <a href="https://mstdn.social/tags/RaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaaS</a> <a href="https://mstdn.social/tags/ResultsAsAService" class="mention hashtag" rel="nofollow noopener" target="_blank">#ResultsAsAService</a> Source : <a href="https://mstdn.social/tags/Vishen" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vishen</a>

Paul ShreadDespite global law enforcement actions and source code and decryption key leaks, LockBit is attempting a comeback with the release of LockBit 4.0 Ransomware-as-a-Service (RaaS). <a href="https://masto.ai/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://masto.ai/tags/LockBit" class="mention hashtag" rel="nofollow noopener" target="_blank">#LockBit</a> <a href="https://masto.ai/tags/RaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaaS</a> <a href="https://masto.ai/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://masto.ai/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://masto.ai/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntelligence</a> <a href="https://thecyberexpress.com/lockbit-ransomware-comeback-lockbit-4-0/" rel="nofollow noopener" translate="no" target="_blank">https://thecyberexpress.com/lockbit-ransomware-comeback-lockbit-4-0/</a>

BSI<a href="https://social.bund.de/tags/Lagebericht" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lagebericht</a>: 2024 haben <a href="https://social.bund.de/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> Angriffe erneut zahlreiche Unternehmen und Kommunen getroffen – mit direkten Auswirkungen auf viele Bürgerinnen und Bürger. Ransomware-as-a-Service <a href="https://social.bund.de/tags/RaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaaS</a> macht <a href="https://social.bund.de/tags/Verschl%C3%BCsselungstrojaner" class="mention hashtag" rel="nofollow noopener" target="_blank">#Verschlüsselungstrojaner</a> zum besonders lukrativen Geschäft. <a href="https://bsi.bund.de/Lagebericht" rel="nofollow noopener" translate="no" target="_blank">https://bsi.bund.de/Lagebericht</a> <a href="https://social.bund.de/tags/LageKennenResilienzSt%C3%A4rken" class="mention hashtag" rel="nofollow noopener" target="_blank">#LageKennenResilienzStärken</a> <a href="https://social.bund.de/tags/CybernationDeutschland" class="mention hashtag" rel="nofollow noopener" target="_blank">#CybernationDeutschland</a>

Dissent Doe :cupofcoffee:Analysts had understandably described DISPOSSESSOR as a data broker rather than a ransomware group, but it seems that they have recently teamed up with RADAR and have shifted to a R-a-a-S model while still doing some sales for others. <a href="https://databreaches.net/2024/07/30/radar-and-dispossesor-shift-to-r-a-a-s-model/" rel="nofollow noopener" translate="no" target="_blank">https://databreaches.net/2024/07/30/radar-and-dispossesor-shift-to-r-a-a-s-model/</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/RaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaaS</a> <a href="https://infosec.exchange/tags/dispossessor" class="mention hashtag" rel="nofollow noopener" target="_blank">#dispossessor</a> <a href="https://infosec.exchange/tags/radar" class="mention hashtag" rel="nofollow noopener" target="_blank">#radar</a>

Mario Raciti 🧐🛡️:verified:🔒🔍Thrilled to announce that our paper titled "Supporting Criminal Investigations on the Blockchain: A Temporal Logic-based Approach" accepted at <a href="https://infosec.exchange/tags/ITASEC24" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITASEC24</a> is now available online!🔗<a href="https://researchgate.net/publication/379927973_Supporting_Criminal_Investigations_on_the_Blockchain_A_Temporal_Logic-based_Approach" rel="nofollow noopener" translate="no" target="_blank">https://researchgate.net/publication/379927973_Supporting_Criminal_Investigations_on_the_Blockchain_A_Temporal_Logic-based_Approach</a><a href="https://infosec.exchange/tags/Blockchain" class="mention hashtag" rel="nofollow noopener" target="_blank">#Blockchain</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/CriminalInvestigations" class="mention hashtag" rel="nofollow noopener" target="_blank">#CriminalInvestigations</a> <a href="https://infosec.exchange/tags/RaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaaS</a> <a href="https://infosec.exchange/tags/CTI" class="mention hashtag" rel="nofollow noopener" target="_blank">#CTI</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/research" class="mention hashtag" rel="nofollow noopener" target="_blank">#research</a>

SophosA recent Sophos X-Ops investigation into underground cybercrime forums discovered multiple examples of independently produced, inexpensive, and crudely-constructed ransomware, mostly sold as a one-time purchase rather than typical affiliate-based <a href="https://infosec.exchange/tags/RaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaaS</a> models.At first glance, the prospect of individuals making and selling cheap <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> doesn’t seem to pose a significant threat — it’s a far cry from the notorious, well-organized ransomware groups we typically investigate. But as we dug deeper, we uncovered intelligence that raises concern. Some individuals claimed this type of ransomware enabled them to carry out real-world attacks and complete the entire attack chain by themselves. Others use it to attack small businesses and individuals – targets that wouldn’t be worthwhile to top-tier <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybercrime</a> groups like Cl0p and ALPHV/BlackCat, but can generate significant profit for an individual threat actor.Why might bad actors strike out on their own? As is the case for any freelancer, there’s greater control and profits to be had when you don’t have to report to a larger organization. This form of ransomware allows cybercriminals to step away from the complex RaaS structure and get in on the action cheaply, easily, and independently. They can target small companies and individuals, who are unlikely to have the resources to defend themselves or respond effectively, without giving anyone else a cut. Even though this rudimentary technology or their lack of experience could blow up in an adversary’s face, to them it’s worth the risk.Read the report to discover what this means for organizations, communities, and the security industry. Get insights: <a href="https://bit.ly/3UklWIq" rel="nofollow noopener" translate="no" target="_blank">https://bit.ly/3UklWIq</a>

Recent searches

Search options

Administered by:

Server stats:

#raas