Saturday , March 29 2025

These ransomware attacks are actually completely fake

A cybercriminal outfit is posing as well-known ransomware gangs in order to extort money from US companies.

Since March, the group, known as Midnight, has impersonated other gangs in emails sent to US companies, instructing them to pay up or have their data leaked.

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

CIRT alert Situational Awareness for Eid Holidays

As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
CIRT alert Situational Awareness for Eid Holidays

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom

Micropatches released for Windows zero-day leaking NTLM hashes

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
IngressNightmare  Over 40% of cloud environments are vulnerable to RCE

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
(CVE-2025-29927)  Urgently Patch Your Next.js for Authorization Bypass

Oracle refutes breach after hacker claims 6 million data theft

A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Oracle refutes breach after hacker claims 6 million data theft

The threats are completely empty, though, as no malware tools are used to encrypt or steal data. At worst, the group will instigate DDoS attacks to give the impression that a more serious attack is taking place, but the companies’ endpoints remain safe throughout.

The group is hoping to leech off of the recent successes of various ransomware groups, where big firms have incurred serious data leaks at their hands, with the aim of scaring other companies into blindly coughing up for fear of becoming the latest victim.

However, in the same email, they also said they were the Surtr group – known for the Ransomware as a service (RaaS) tool of the same name, whose developers may have once belonged to the REvil ransomware group that was taken down by law enforcement last year, but has since made a comeback.

In another email to another company, Midnight claimed they had stolen 600 gigabytes (GB) worth of data and again demanded a ransom. However, they sent the email to a senior partner who had left the company over six months ago.

Investigators at risk consultants Kroll found a marked increase in the number of emails companies were receiving purportedly from SRG.

“This method is cheap and easily conducted by low-skilled attackers… The scam relies on social engineering to extort victims by placing pressure on the victim to pay before a deadline,” they said.

They added that “We expect this trend to continue indefinitely due to its cost effectiveness and ability to continue to generate revenue for cybercriminals.”

Kroll investigators noted that such fake emails have been occurring since 2019, as have the DDoS attacks that ensue when companies refuse to pay a ransom.

Incidence response firm Arete added that Midnight seemed to be gong after companies that had already suffered a real ransomware attack, and that their ransom emails contained allusions to the real attacks to bolster their authenticity.

In some cases, Arete found that Midnight targeted undisclosed victims of real attacks, potentially indicating that the group is in collusion with genuine ransomware gangs. It is also possible that they ascertained this information from illicit forums where gangs discuss and post about their attacks and victims.

The advice to businesses is to carefully analyze for their veracity any phantom incident extortion (PIE) emails received, and to dismiss them if they appear anything less than the real thing, as, in that instance, they will more than likely be phishing attempts

Check Also

Windows

11 state hackers exploit new Windows zero-day since 2017

11 nation-state groups from North Korea, China, and Russia are exploiting a vulnerability in a …

Leave a Reply

Your email address will not be published. Required fields are marked *