Friday , July 11 2025

These ransomware attacks are actually completely fake

A cybercriminal outfit is posing as well-known ransomware gangs in order to extort money from US companies.

Since March, the group, known as Midnight, has impersonated other gangs in emails sent to US companies, instructing them to pay up or have their data leaked.

AMD discloses 4 new CPU flaws Affecting Many CPUs

AMD has revealed four new vulnerabilities that could enable attackers to access sensitive data via timing-based side-channel attacks. These vulnerabilities,...
Read More
AMD discloses 4 new CPU flaws Affecting Many CPUs

GitLab patched XSS and Authorization Bypass Flaws

GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE) to fix vulnerabilities that could enable...
Read More
GitLab patched XSS and Authorization Bypass Flaws

CVE-2025-7206
Critical D-Link DIR-825 Router Flaw Remote Crash Via Buffer Overflow

A newly found vulnerability (CVE-2025-7206) in the D-Link DIR-825 router firmware version 2.10 poses a significant risk to home and...
Read More
CVE-2025-7206  Critical D-Link DIR-825 Router Flaw Remote Crash Via Buffer Overflow

Urgently patch now: Zoom Patches 6 Flaws

Zoom released a security update addressing six newly discovered vulnerabilities in its Workplace, Rooms, and SDK products for Windows, macOS,...
Read More
Urgently patch now: Zoom Patches 6 Flaws

Whatsapp rival ‘Bitchat’, message without internet

Jack Dorsey, co-founder of Twitter and Block Head, launched a new peer-to-peer messaging app called Bitchat, which operates solely over...
Read More
Whatsapp rival ‘Bitchat’, message without internet

Splunk Addresses Third-Party Package Vulns in SOAR Versions

Splunk has issued critical security updates for SOAR versions 6.4.0 and 6.4 to fix several vulnerabilities in third-party packages. The...
Read More
Splunk Addresses Third-Party Package Vulns in SOAR Versions

Texas-based Tax Credit Consultancy agency exposed PII, ID Numbers, & SSNs

Cybersecurity researcher Jeremiah Fowler found an unsecured database with 245,949 records, reported to vpnMentor. It likely belonged to a tax...
Read More
Texas-based Tax Credit Consultancy agency exposed PII, ID Numbers, & SSNs

CVE-2025-25257
Fortinet Addresses Major SQL Injection Flaw in FortiWeb

Fortinet has issued a critical patch for a critical vulnerability in its FortiWeb product, a web application firewall commonly used...
Read More
CVE-2025-25257  Fortinet Addresses Major SQL Injection Flaw in FortiWeb

Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws

Microsoft's Patch Tuesday in July 2025 is critical, featuring updates for 137 vulnerabilities, including a zero-day in Microsoft SQL Server....
Read More
Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws

Android malware Anatsa infiltrates Google Play targeting banks worldwide

ThreatFabric researchers have discovered a new sophisticated campaign by the Anatsa banking trojan targeting mobile banking users in the U.S....
Read More
Android malware Anatsa infiltrates Google Play targeting banks worldwide

The threats are completely empty, though, as no malware tools are used to encrypt or steal data. At worst, the group will instigate DDoS attacks to give the impression that a more serious attack is taking place, but the companies’ endpoints remain safe throughout.

The group is hoping to leech off of the recent successes of various ransomware groups, where big firms have incurred serious data leaks at their hands, with the aim of scaring other companies into blindly coughing up for fear of becoming the latest victim.

However, in the same email, they also said they were the Surtr group – known for the Ransomware as a service (RaaS) tool of the same name, whose developers may have once belonged to the REvil ransomware group that was taken down by law enforcement last year, but has since made a comeback.

In another email to another company, Midnight claimed they had stolen 600 gigabytes (GB) worth of data and again demanded a ransom. However, they sent the email to a senior partner who had left the company over six months ago.

Investigators at risk consultants Kroll found a marked increase in the number of emails companies were receiving purportedly from SRG.

“This method is cheap and easily conducted by low-skilled attackers… The scam relies on social engineering to extort victims by placing pressure on the victim to pay before a deadline,” they said.

They added that “We expect this trend to continue indefinitely due to its cost effectiveness and ability to continue to generate revenue for cybercriminals.”

Kroll investigators noted that such fake emails have been occurring since 2019, as have the DDoS attacks that ensue when companies refuse to pay a ransom.

Incidence response firm Arete added that Midnight seemed to be gong after companies that had already suffered a real ransomware attack, and that their ransom emails contained allusions to the real attacks to bolster their authenticity.

In some cases, Arete found that Midnight targeted undisclosed victims of real attacks, potentially indicating that the group is in collusion with genuine ransomware gangs. It is also possible that they ascertained this information from illicit forums where gangs discuss and post about their attacks and victims.

The advice to businesses is to carefully analyze for their veracity any phantom incident extortion (PIE) emails received, and to dismiss them if they appear anything less than the real thing, as, in that instance, they will more than likely be phishing attempts

Check Also

Bomb

Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

A 30-year-old robotics engineer from Chennai set off alarm bells in 11 states by allegedly …

Leave a Reply

Your email address will not be published. Required fields are marked *