Share this page!

BleepingComputer Profile picture
Twitter logo
25 Mar, 6 tweets, 2 min read
Scoop: Cyberattack on insurance giant CNA was caused by a new ransomware group known as 'Phoenix Cryptolocker'
bleepingcomputer.com/news/security/…
During CNA's ransomware attack, thousands of devices, including remote devices over VPN, were encrypted and files had the .phoenix extension appended to them.

The folllowing ransom note named PHOENIX-HELP.txt was created on devices. Image
We have been told that the Phoenix Cryptolocker ransomware has many code similarities with Hades, which has been attributed to the Evil Corp.
bleepingcomputer.com/news/security/…
Hades was previously used in an attack against the leading trucking company, Forward Air.
bleepingcomputer.com/news/security/…
It is believed that Evil Corp is spinning off one-time use ransomware infections to more easily bypass US sanctions and receive ransom payments.
When we reached out CNA about the possible connection, they replied that there is no known nexus between Evil Corp and the new Phoenix group. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with BleepingComputer

BleepingComputer Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @BleepinComputer

BleepingComputer Profile picture
14 May
DarkSide ransomware servers reportedly seized, REvil restricts targets - @LawrenceAbrams
bleepingcomputer.com/news/security/…
As discovered by @ddd1ms, REvil's 'UNKN' posted a message allegedly from DarkSide who claims their servers and cryptocurrency were seized.
Starting yesterday, DarkSide's data leak site became inaccessible leading to thoughts that it was seized by law enforcement.
Read 8 tweets
BleepingComputer Profile picture
12 May
Tor Project auctions off the first Onion URL ever created as an NFT - @LawrenceAbrams
bleepingcomputer.com/news/technolog…
Tor is auctioning off the first Onion service ever created known as Dusk.
duskgytldkxiuqc6.onion Image
The winning bid will receive the Onion service's RSA1024 private key as well as one-of-a-kind digital artwork named 'Dreaming of Dusk' created from the key by @IxShellS.
Read 4 tweets
BleepingComputer Profile picture
8 Apr
Tech support scammers lure victims with fake antivirus billing emails - @LawrenceAbrams
bleepingcomputer.com/news/security/…
A new tech support scam is targeting people with fake McAfee, Microsoft, and Norton Lifelock billing notices via email, rather then using your typical shady website advertisements.
According to @VadeSecure, they have filtered over 1 million emails so far in this campaign, with it peaking at over 200K emails in a single day.
Read 7 tweets
BleepingComputer Profile picture
5 Apr
Adult content from hundreds of OnlyFans creators leaked online - @LawrenceAbrams
bleepingcomputer.com/news/security/…
Sharing private OnlyFans content is nothing new.

However, last month @backchannelre learned of a Google Drive folder shared online that contained private adult-themed OnlyFans content from 279 different content creators.
It is not known how much content has been shared without downloading it all but we have been told that at least one of the folders has 10 GBs of videos and images.
Read 5 tweets
BleepingComputer Profile picture
27 Jan
Europol: Emotet malware will uninstall itself on March 25th - @LawrenceAbrams
bleepingcomputer.com/news/security/…
After today's disruption of the Emotet malware, security research milkream discovered that a new module was being pushed to infected PCs.

This module will automatically uninstall Emotet from infected devices on March 25th, 2021.
In a phone call, Europol's press office confirmed that the German Bundeskriminalamt (BKA) federal police was in charge of this uninstall operation.
Read 9 tweets
BleepingComputer Profile picture
11 Aug 20
SANS infosec training org suffers data breach after phishing attack - @LawrenceAbrams
bleepingcomputer.com/news/security/…
In a 'Data Incident' incident notification, SANS states they discovered that one of their employees' email accounts was compromised during a phishing attack.
As part of this attack, a malicous Office 365 addon (most likely an Oauth app) was installed and a rule was created to forward incoming mail to an unknown external email address.

For more information about malicious Office 365 Oauth apps:
bleepingcomputer.com/news/security/…
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @BleepinComputer has new unrolls!

Check out other threads from @BleepinComputer!

Read all threads by @BleepinComputer

:(