#NSA warns “fast flux” threatens national #security. What is fast flux anyway?

A technique that hostile nation-states & financially motivated #ransomware groups are using to hide their operations poses a threat to critical #infrastructure & national security, the NSA has warned.

The technique is known as #FastFlux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed
#privacy

https://arstechnica.com/security/2025/04/nsa-warns-that-overlooked-botnet-technique-threatens-national-security/

#HuntersInternational shifts from #ransomware to pure data extortion

https://www.bleepingcomputer.com/news/security/hunters-international-rebrands-as-world-leaks-in-shift-to-data-extortion/

#Ransomware

rheinmetall[.]com (#Rheinmetall #Defence)

Group Name: #babuk2
https://m.ransomware.live/id/cmhlaW5tZXRhbGwuY29tIChSaGVpbm1ldGFsbCBEZWZlbmNlKUBiYWJ1azI=

Cyble: Ransomware Attack Levels Remain High as Major Change Looms https://cyble.com/blog/ransomware-attack-levels-remain-high-as-major-change-looms/ #cybersecurity #infosec #ransomware

#Texas #StateBar warns of data breach after #INC #ransomware claims attack

https://www.bleepingcomputer.com/news/security/texas-state-bar-warns-of-data-breach-after-inc-ransomware-claims-attack/

16 months after they experienced a ransomware attack, Dameron Hospital notifies those affected:

https://databreaches.net/2025/04/04/16-months-after-they-experienced-a-ransomware-attack-dameron-hospital-notifies-those-affected/

RansomHub ransomware group targets Minnesota's Lower Sioux Indian community
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/ransomhub-ransomware-group-targets-minnesota-s-lower-sioux-indian-community-e-j-t-v-6/gD2P6Ple2L

Halcyon: Hunters International Moving to Straight Data Extortion Attacks https://www.halcyon.ai/blog/hunters-international-moving-to-straight-data-extortion-attacks

Halcyon Threat Insights 015: April 2025 Ransomware Report https://www.halcyon.ai/blog/halcyon-threat-insights-015-april-2025-ransomware-report #cybersecurity #infosec #ransomware

Infosecurity-Magazine: Sensitive Data Breached in Highline Schools Ransomware Incident https://www.infosecurity-magazine.com/news/sensitive-data-highline-ransomware/ #cybersecurity #infosec #ransomware

HellCat ransomware: what you need to know - HellCat - the ransomware gang that has been known to demand payment... in baguettes!

A... https://www.tripwire.com/state-of-security/hellcat-ransomware-what-you-need-know #ransomware #guestblog #malware

HellCat - the ransomware gang that has been known to demand payment... in baguettes!

Are they rolling in the dough? Bread all about it in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/hellcat-ransomware-what-you-need-know

Ransomware-Angriff: Regionale Verkehrsbetriebe Baden-Wettingen (RVBW) #Ransomware #Einbruch #Datendiebstahl #TeamInfoSec #cyberangriff https://www.security-incidents.de/sicherheitsvorfaelle/ransomware_angriff_regionale-verkehrsbetriebe-8982.php

The 3-2-1 backup rule is a great way to ensure your data is safe from corruption, ransomware, and loss. It can make it easy to create a reliable solution to all your data security needs. Here's how to set it up.

#data #backup #security #ransomware
https://www.xda-developers.com/how-to-quickly-set-up-the-3-2-1-backup-rule/

Daixin published some leak files titled "A little gift of exclusive data for everyone." They claim 17k PII PHI records. It looks like 17 sections of a database download. The attribute names look like it might be a pediatric hospital or something since most of them revolve around birth, peds, parents, etc. Also, at least the first several records appear to be UK based. If that sounds like it might be in your AO, you might want to look into it since the post wasn't titled anything obvious.

Grupo Socarpor alvo de ransomware
#ransomware #portugal

Meine Datenschutz und Privatsphäre Übersicht 2025, für die Allgemeinheit

Teilen er­be­ten

als PDF:

https://cryptpad.digitalcourage.de/file/#/2/file/NdmBgSYkRCto8B+JmJkE9mQ4/

 #DSGVO #TDDDG ( #unplugtrump )
#Datenschutz #Privatsphäre #sicherheit #Verschlüsselung
#encryption #WEtell #SoloKey #NitroKey #Email #Cybersecurity #Pixelfed #Massenűberwachung
#Google #Metadaten #WhatsApp #Threema #Cryptpad #Signal
#Hateaid #Cyberstalking #Messenger #Browser #Youtube #NewPipe #Chatkontrolle #nichtszuverbergen #ÜberwachungsKapitalismus #Microsoft #Apple #Windows #Linux #Matrix #Mastodon #Friendica #Fediverse #Mastodir #Loops #2FA #Ransomware #Foss #VeraCrypt #HateAid #Coreboot #Volksverpetzer #Netzpolitik #Digitalisierung #FragdenStaat #Shiftphone  #OpenSource #GrapheneOS #CCC #Mail #Mullvad #PGP #GnuPG #DNS #Gaming #linuxgaming #Lutris #Protondb #eOS #Enshittification
#Bloatware #TPM #Murena  #LiberaPay #GnuTaler #Taler #PreppingforFuture
#FediLZ #BlueLZ #InstaLZ #ThreatModel
#FLOSS #UEFI #Medienkompetenz

Halcyon: Open-Source Builder for Prince Ransomware Discovered Available on GitHub https://www.halcyon.ai/blog/open-source-builder-for-prince-ransomware-discovered-available-on-github #cybersecurity #infosec #GitHub #ransomware #opensource

DragonForce Claims to Be Taking Over RansomHub Ransomware Infrastructure https://thecyberexpress.com/dragonforce-claims-to-be-taking-over-ransomhub/ #DragonForceransomware #TheCyberExpressNews #TheCyberExpress #FirewallDaily #Ransomware #CyberNews #RansomHub

DragonForce appears to be taking over the infrastructure of RansomHub, the largest ransomware group. A huge scoop courtesy of the Cyble threat intelligence research team. #Ransomware #Cybersecurity #ThreatIntelligence

https://thecyberexpress.com/dragonforce-claims-to-be-taking-over-ransomhub/

Rapid7 posted a good write-up on Babuk 2, which has been used against some interesting targets lately.

A sample named babuk.exe SHA-256 3facc153ed82a72695ee2718084db91f85e2560407899e1c7f6938fd4ea011e9 was initially shared on the Telegram channel “Babuk 2.0 Ransomware Affiliates”, before being forwarded to another operational account. Upon analysis, it turned out not to be Babuk Locker at all, but rather LockBit 3.0 also known as LockBit Black. This case is yet another example of the well-established trend: threat actors rebranding ransomware strains, whether to confuse researchers, lure affiliates, or just keep the marketing fresh. Either way, babuk.exe is just LockBit 3.0/Black wearing a fake name.

Babuk Locker 2.0 is not a true revival of the original Babuk group—it’s just LockBit 3.0 with a new label. Our analysis strongly suggests that Skywave and Bjorka are behind this operation, either as collaborators or opportunistic actors riding the same wave.

https://www.rapid7.com/blog/post/2025/04/02/a-rebirth-of-a-cursed-existence-the-babuk-locker-2-0/