The Conti ransomware leaks have unveiled Conti's primary Bitcoin address. From April 21st, 2017 - February 28th, 2022 Conti has received 65,498.197 BTC That is 2,707,466,220.29 USD.

#ContiLeaks A first data analysis gives some insight into the leak and group itself. - 60690 messages leaked - 2535 unique users

STORMOUS ransomware gang has officially announced its support for the Russian governments.

For those looking into the #ContiLeaks, I've prepared a network relationship map, that shows the relationships between users, based on the leaked chat logs. bit.ly/JGEU_CLNETMAP

#Surtr #Ransomware ext:.surtr mail:[email protected] info: SURTR_README.hta SURTR_README.txt samlple:tria.ge/220302-jzmfkse… Amigo-A

New blog post detailing the unpacking of #Pandora #Ransomware and similarities with Rook Ransomware. dissectingmalwa.re/blog/pandora/

LAPSUS$ extortion group has released source code to Bing, Bing Maps, and Microsoft Cortana. They state that each release is incomplete (not the entire source code).

Last article in March #Vovabol #Ransomware, probably fake encryptor. id-ransomware.blogspot.com/2022/03/vovabo… Uses UA and LV mail accounts, but asks for a ransom on Qiwi wallet. Thank MalwareHunterTeam

#Ransom maybe this belong to phantom family? mail:[email protected] [email protected] info:README.id.hta ext:id Amigo-A

LockBit supposedly prohibits its affiliates from carrying out encryption-based attacks on nuclear power plants and other critical infrastructure, but permits them to compromise the networks to steal data. 1/3

🌐 The new website (Version 3.0) of Lockbit #Ransomware team allows anyone to extend the timer by 24 hours, destroy all data from the website, or download all data right away to maximize the ransom money for each victim 💸 Next level hacking group 🥷 #Lockbit

Cl0p ransomware group has breached critical infrastructure in England responsible for the public water supply and waste management for London, Luton, Thames Valley, Surrey, and more. They state they will not ransom it. cl0p's official statement: share.vx-underground.org/cl0p-thameswat…

#NYX #ransom ext:NYX mail:[email protected] and [email protected] info:000_NYX_READ_ME3.hta sample:virustotal.com/gui/file/b4ed2… Amigo-A

💰ThreatLabz has discovered a new #ransomware group named Money Message performing double extortion attacks. Sample hash: bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b Data leak site: blogvl7tjyjvsfthobttze52w36wwiz34hrfcmorgvdzb6hikucb7aqd[.]onion

#Ransomware Wuibei ransom ioc: mai:[email protected] info: 0a___Hello_ReadMe___.TXT notice.txt BTC Wallets: 1Abim6rh3uRkDmxriYY91EaqYXvDdtfcpN 1NYXFKZ2Cgc1765NyDxkLAqdBzyw3VYKQj md5: ca13c0b6043ae7171330c513135b8ce5 a57ce5e81cd9eb3456c8d021101cbbc0 360.cn/n/12481.html

#Qilin has added a QR code to its leak site which points to "WikiLeaksV2" - a clearnet site on which Qilin also list a selection of their victims in addition to soliciting donations. #ransomware

📌 #Akira ransomware exfiltration server. 77.247.126.158: still active and exposed by BlackBerry in the blog “Akira Ransomware Targets the LATAM Airline Industry” → blogs.blackberry.com/en/2024/07/aki…. Another possible candidate could be 190.211.252.82, unconfirmed but with very similar

Fusion Intelligence Center @ StealthMole Behind the #DragonRaaS (and the "Stormous" copy-cat's) are two Yemeni Individuals. They "redesigned" the old Logo and also came up with a "#StormCry" Ransomware back in March