Researchers have been tracking the relatively new VanHelsing ransomware-as-a-service platform and have identified it as being capable of victimizing Windows, Linux and ARM operating systems. After first appearing on a dark web forum on March 7th, the operator has already added three victims to their leak site, with an average of $500,000 demanded as a ransom payment. VanHelsing has proven to be unique in that they operate in two modes, normal and stealth, which change how the malware encrypts the victim’s files to either add the ‘.vanhelsing’ extension or avoid doing so to not trigger any system alarms.
Operation Red Card shuts down African fraud network
Over the last 4 months, multiple international law enforcement agencies have collaborated under the umbrella of Operation Red Card to identify and dismantle a massive cyber-fraud ring across 7 African countries. Hundreds of individuals have been arrested in relation to this fraud ring, along with seizures of dozens of properties and vehicles, as well as confiscating almost 2,000 devices used in these crimes. It is believed that over 5,000 individuals were defrauded by this group, with a variety of crimes including mobile banking fraud, investment scams, and other social engineering operations.
Ukrainian railway services hit with cyberattack
In the last few days, officials for Ukraine’s national railway services, Ukrzaliznytsia, have confirmed that their online services are inaccessible due to a cyberattack that occurred over the weekend. While ticket purchases have been slowed down, train operations have remained unaffected and station personnel have been increased to handle the in-person demand for purchasing tickets. Due to prior cyberattacks on Ukrzaliznytsia, several backup protocols have been implemented, reducing the overall impact of this incident.
Pennsylvania State Education Association breached
Following a data breach in July of last year, the investigation revealed that over 500,000 current and former members of the Pennsylvania State Education Association (PSEA) have had their personally identifiable information (PII) compromised. Though the threat actors behind this incident haven’t been confirmed, officials for PSEA have stated that they paid the demanded ransom to have the stolen information deleted, though this does not guarantee that the stolen data won’t be used nefariously.
US telecom infiltrated by Arkana ransomware
Masquerading as a penetration testing security group, Arkana ransomware is new on the threat landscape and has successfully compromised the internal network of the US-based telecom, WideOpenWest. On the Arkana leak site, the group claims to have exfiltrated two databases from the telecom, with sensitive details on a combined 2.6 million accounts. Unfortunately, no official statement has yet been made by WOW!, though if the information on this breach is correct, it could have devastating effects for the service provider who operates across 19 different US states.
