Evil Corp's recent actions against a range of US corporations in the recent WastedLocker campaign are said, by BleepingComputer and others, to have affected a large number of newspaper sites run by a single parent corporation. The reports are based on a tweeted update to research Symantec published last week; neither the news outlets nor their corporate parent are named.
A CISA official and an IBM researcher have given CyberScoop an appreciation of ransomware gangs' growing sophistication. It's been common knowledge for the better part of a year that a ransomware attack should also be treated as a data breach: the gangs have for months adopted data theft as a core tactic, both for additional leverage against the victim and as an additional revenue stream. What's relatively new is the amount of effort expended in reconnaissance of the victims' networks.
KrebsOnSecurity warns that some news organizations have been overly willing to retail ransomware gangs' claims. He thinks simply transmitting the criminals' woofing only aids their marketing, and who wants that?
Zscaler describes an information stealer, "Taurus," currently sold in criminal-to-criminal souks. Offered by "Predator the Thief" and carefully coded not to execute in twelve former Soviet Republics (accommodation to the Organs being the better part of criminal valor), Taurus concentrates on system information, passwords, cookies, browser history, autofill values, and cryptocurrency wallets.