Latest news with #BlackBasta
Economic Times
24-05-2025
- Economic Times
$24M in crypto, 30 Bitcoins, and $700K seized as FBI takes down Russian hacker behind 700,000 computer ransomware army in Operation Endgame
Reuters FBI and international allies seize $24M in crypto from Russian hacker Rustam Gallyamov, accused of turning 700,000 computers into a global ransomware army under Qakbot malware operation For thousands of people around the world, the nightmare began the same way: a frozen screen, a blinking message, and a demand for money. Doctors, small business owners, factory workers, and even school staff found their computers suddenly hijacked. The US Department of Justice has indicted Rustam Rafailevich Gallyamov, a 48-year-old Russian national from Moscow, for leading a global cybercriminal enterprise responsible for the notorious Qakbot malware. Alongside the charges, the Justice Department announced it had seized over $24 million in cryptocurrency linked to Gallyamov's cybercrime empire. These funds are now targeted to be returned to the victims who suffered from these attacks. Victims ranged from small dental offices in Los Angeles to technology firms in Nebraska, manufacturing companies in Wisconsin, and even real estate businesses in Canada. This indictment was unsealed on Thursday, May 22, 2025, and marks a crucial moment in America's ongoing battle against ransomware attacks that have plagued organizations worldwide. Matthew R. Galeotti, Head of the Justice Department's Criminal Division, emphasized the significance of this action: "Today's announcement of the Justice Department's latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community. We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity." Gallyamov is accused of developing and deploying Qakbot since 2008, a sophisticated malware that infected over 700,000 computers globally. The malware facilitated ransomware attacks by granting access to co-conspirators who deployed various ransomware strains, including Conti, REvil, Black Basta, and Dopplepaymer. Despite a multinational operation targeting him in August 2023 that disrupted the Qakbot botnet, Gallyamov allegedly continued his cybercriminal activities.'Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,' said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field and his associates shifted tactics, employing "spam bomb" attacks to deceive employees into granting network access, leading to further ransomware deployments as recently as January a result, the FBI under its 'Operation Endgame' seized more than 30 bitcoins and $700,000 in USDT tokens from Gallyamov under a seizure warrant executed on April 25, the Department of Justice confirmed in a Justice Department also filed a civil forfeiture complaint to seize over $24 million in cryptocurrency linked to Gallyamov's illicit activities. This was done not only to prosecute cybercriminals but also to recover assets to compensate indictment is part of Operation Endgame, a coordinated international effort involving law enforcement agencies from the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada. This operation has dismantled key infrastructures of several malware strains, including Qakbot, DanaBot, Trickbot, and others, by taking down approximately 300 servers and neutralizing 650 domains worldwide.
Techday NZ
13-05-2025
- Business
- Techday NZ
Andy Frain notifies 100,000 after major ransomware breach
Andy Frain Services has notified over 100,000 individuals that their personal information was compromised in a data breach that occurred in October 2024. The security firm, which provides services to clients such as the NFL, NBA, and NASCAR, confirmed that notifications were sent to 100,964 people affected by the breach. Details of the compromised information have not been provided. In November 2024, the ransomware group Black Basta claimed responsibility for the incident, stating that it had stolen 750 GB of data from Andy Frain Services. The company has not commented on the veracity of Black Basta's claims or if the group was directly involved in the incident. Commenting on the timing of the notifications, Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, raised concerns about the delay in informing those impacted. Grimes said, "I'm not sure why it took nearly 7 months for Andy Frain Services to notify the impacted people. That's 7 months hackers could have been using the learned information to abuse potential victims. If I do business with Andy Frain Services, I would like to know how the breach happened, if they know. Was it social engineering, unpatched software or firmware, or some other cause. Because if they don't know how it happened it's much tougher to put in place the right mitigations to make sure it's less likely to happen again." Black Basta, the group that claimed responsibility, is one of several ransomware gangs active internationally. Paul Bischoff, Consumer Privacy Advocate at Comparitech, provided context about the group's operations. In a recent blog post, Bischoff wrote, "Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients pay Black Basta to use its ransomware and infrastructure to launch attacks and collect ransoms. Black Basta often extorts victims both for a key to restore infected systems and for not selling or publicly releasing stolen data. Black Basta has claimed 166 confirmed ransomware attacks since it began, compromising more than 11.7 million records. Its average ransom demand is about USD $2.9 million." The frequency and impact of ransomware attacks remain significant, according to Bischoff. He noted, "In 2025 to date, Black Basta has claimed five victims, all of which it claimed in January. None of those attacks have been confirmed yet. In 2024, Comparitech researchers logged 793 confirmed ransomware attacks on US organizations, compromising more than 268 million records. 64 of those attacks hit service-based businesses like Andy Frain and compromised 1.6 million records." Bischoff also provided figures regarding the financial aspect of these attacks. He stated, "The average ransom across all industries is just north of USD $2.3 million, and USD $787,000 for service-based businesses. In 2025 so far, we've recorded 112 confirmed ransomware attacks in total, five of which hit service-based businesses. Ransomware gangs made another 1,365 attack claims this year that haven't been acknowledged by the targeted organizations." Andy Frain Services has not provided details about how the breach occurred or commented on whether steps have been taken to address the vulnerabilities that led to the incident. The company continues to work with those affected, but specific guidance or advice to individuals whose information was compromised has not been released.
Business Wire
07-05-2025
- Business
- Business Wire
Coalition 2025 Cyber Claims Report Finds Ransomware Stabilized but Remains Costly for Businesses
SAN FRANCISCO--(BUSINESS WIRE)-- Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, today published its 2025 Cyber Claims Report, which details emerging cyber trends and their impact on Coalition policyholders throughout the full year of 2024. The report found that ransomware claims stabilized in 2024 despite remaining the most costly and disruptive type of cyberattack. The majority of 2024 claims (60%) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29% of BEC events resulting in FTF. 'Over the past year, our claims data clearly demonstrates one thing: Active Insurance works,' said Robert Jones, Head of Global Claims at Coalition. 'Combining Coalition's Active Data Graph, which provides a massive amount of data insights, with security tools and incident response, helps Coalition prevent claims from happening in the first place. And, when matters were reported to Coalition, 56% were handled without any out-of-pocket payments by the policyholder. We believe that this proactive engagement is a critical aspect of reducing global cyber risk.' Ransom demands from threat actors decreased in 2024, dropping 22% year-over-year (YoY) to an average of $1.1 million. Notably, the average demand in the latter half of 2024 fell below $1 million for the first time in more than two years. Of all ransomware claims, Akira ransomware was the most prolific variant for Coalition policyholders, accounting for 13% of claims in 2024. The Black Basta variant accounted for just 3% of all ransomware claims, but was the highest in terms of demand, with an average of $4 million. 'While overall claims have stabilized, cyber attackers, and ransomware actors in particular, still pose a tremendous threat to businesses, with the average demand still in the millions of dollars. Unfortunately, ransomware is already back with a vengeance in 2025, as March held the highest volume of public ransomware cases of all time,' continued Jones. 'Coalition continues to be an active partner in the fight against bad actors. We alert our policyholders to vulnerabilities in their networks, risky security practices, and the best ways to mitigate threats to reduce the impacts of cyber attacks.' In 2024, Coalition's cooperative efforts with authorities and panel partners contributed to the successful clawback of $31 million for policyholders, with an average recovery of $278,000. Coalition has firsthand knowledge that policyholders that quickly report FTF events have a greater likelihood of recovery. Last month, Coalition introduced a new financial incentive in its Active Cyber Policy 1. Clients can receive lower retentions when they report FTF incidents within 72 hours of the initial fraudulent transfer, encouraging prompt action to improve the odds of recovery. Other key findings from the report include: As claims frequency decreased by 7% YoY, claims severity remained stable. Ransomware claims frequency decreased by 3% and severity decreased by 7% YoY. BEC claims severity increased by 23%. FTF claims frequency decreased by 2% and severity decreased by 46% YoY. The sharp decline in severity follows the all-time high in 2023. When deemed reasonable and necessary, 44% of policyholders that experienced a ransomware incident opted to pay the ransom. Coalition Incident Response (CIR) was able to negotiate ransom payments down 1 by an average of 60%. Coalition policyholders experienced 73% 2 fewer claims than the industry average. This report presents statistics, charts, and risk insights derived from data collected from Coalition policyholders in the United States, Canada, the United Kingdom, and Australia. Download the full 2025 Cyber Claims Report from Coalition to learn more: __________________ 1 Applies to all non-admitted surplus lines new business and renewal quotes in the United States on or after April 15, 2025. Exclusions and limitations apply. See disclaimers and policy as issued. 2 Ransomware negotiation data based on cases handled by Coalition Incident Response, Inc. a wholly-owned affiliate firm of Coalition, Inc. made available to all policyholders as an option via incident response firm panel selection. 3 Industry average based on data reported by US insurers to the National Association of Insurance Commissioners (NAIC). Comparison performed using 2023 claims frequency data from Coalition and NAIC. Claims frequency is calculated using the number of standalone cyber claims reported by the NAIC, divided by the average of standalone cyber policies in force at the current and prior year-ends. Expand About Coalition Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. By combining comprehensive insurance coverage with cybersecurity tools, Coalition helps businesses manage and mitigate potential cyberattacks. Leveraging its relationships with leading global insurers and capacity providers, including Coalition Insurance Company, Coalition offers Active Insurance products to businesses in the United States, the United Kingdom, Canada, Australia, Germany, Denmark, and soon in Sweden. Policyholders can receive automated cyber alerts and access expert advice, as well as global third-party risk management tools through Coalition's cyber risk management platform, Coalition Control®. Insurance products are offered by Coalition Insurance Solutions Inc. ('CIS'), a licensed insurance producer and surplus lines broker with its principal place of business in San Francisco, CA (Cal. license #0L76155), acting on behalf of a number of unaffiliated insurance companies and available on an admitted basis through Coalition Insurance Company ('CIC') a licensed insurance underwriter (NAIC # 29530). Insurance products offered through CIS and CIC may not be available in all states. Complete license and carrier information is available here. CIS may receive compensation from an insurer or other intermediary in connection with the sale of insurance. All decisions regarding any insurance products referenced herein, including approval for coverage, premium, commission, and fees, will be made solely by the insurer underwriting the insurance under the insurer's then-current criteria. All insurance products are governed by the terms, conditions, limitations, and exclusions set forth in the applicable insurance policy. Please see a copy of your policy for the full terms, conditions, and exclusions. Copyright © 2025. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. or its affiliates.
Techday NZ
23-04-2025
- Business
- Techday NZ
Proofpoint launches unified cybersecurity solution to cut costs
Proofpoint has announced the global launch of Proofpoint Prime Threat Protection, a unified cybersecurity solution aimed at reducing operational costs and cyber risk for organisations across an expanding digital workspace. The company stated that Proofpoint Prime Threat Protection is the first solution to merge multiple critical threat defence capabilities, including multistage attack protection across various digital channels, impersonation protection, and risk-based employee education, into a single integrated offering. According to Proofpoint, as organisations increasingly contend with a proliferation of disconnected security tools, the new solution offers a unified approach by integrating threat defence and human risk management. This approach centralises workflows across the full attack chain, offering real-time threat detection, response, and behavioural guidance for communication and collaboration tools, file sharing, email, browsers, and social media. The expanding use of digital channels in modern workspaces has exposed organisations to evolving threats, with Proofpoint citing research indicating that 90 percent of security breaches involve human factors. Attacks are increasingly multichannel and multistage, utilising methods such as social engineering, impersonation, malicious links, and compromised accounts to evade traditional security measures. One cited example involved the ransomware group Black Basta, which executed subscription bombing via email and followed up through Microsoft Teams messages, impersonating IT support to infiltrate organisations. Proofpoint highlighted that enterprises are currently deploying an average of 45 different cybersecurity tools, creating complexity and increasing the burden on security teams. Many rely on standalone security awareness platforms unconnected to actual threat activity, which, according to the company, leads to minimal behavioural change and inefficient operations. The resulting operational overhead, delays in incident response, and missed risk mitigation tasks reportedly cost organisations millions. The company noted that Proofpoint Prime offers an alternative by integrating threat analysis and human behaviour insights within a single workflow. Proofpoint stated that clients who consolidated their security with a unified, human-centric approach saved an average of USD $2.7 million in reduced risk exposure and avoided USD $390,000 in operational costs. "The most damaging attacks continue to target people, and security teams are overwhelmed by siloed software, scattered threat signals, and rising costs," said Darren Lee, Executive Vice President and General Manager, Threat Protection Group at Proofpoint. "Today's collaboration landscape demands an adaptive approach. With Proofpoint Prime, organizations no longer need to stitch together dozens of disconnected detection and response tools and employee education. It integrates protection across multiple channels and attack stages, providing organizations a level of protection and peace of mind that is unmatched in the industry." Proofpoint Prime Threat Protection consolidates four primary features: multichannel defence using Nexus AI, multistage attack detection and response, human risk-based guidance, and comprehensive impersonation protection. Nexus AI, according to the company, applies consistent threat detection across all channels to address gaps in digital security coverage. The solution aims to give security operations teams enhanced visibility and faster response times by integrating detection and remediation of account takeovers, lateral movement, and supply chain attacks into a single workflow. Real-time, behaviour-based guidance is provided to employees, while adaptive insights are made available to security teams for dynamic policy enforcement and coaching of at-risk personnel. Impersonation protection combines email authentication, brand safeguarding, and takedown services to defend against both domain spoofing and lookalike threats. Proofpoint Prime is described as being designed to address current cyber threats while preparing organisations for future automation driven by artificial intelligence. The solution's architecture is described as "ready to support agentic AI
Zawya
22-04-2025
- Business
- Zawya
Proofpoint unveils industry's first and only unified solution to reduce costs and cyber risk across the expanding workspace
Dubai, UAE – Proofpoint, Inc., a leading cybersecurity and compliance company, today announced the global availability of Proofpoint Prime Threat Protection, the industry's first and only comprehensive human-centric cybersecurity solution that brings together previously disparate critical threat defense capabilities—protection against multistage attacks across digital channels, impersonation protection, and risk-based employee guidance and education—in a single integrated solution. Built to protect people wherever and however they work, Proofpoint Prime helps foster long-term resilience against today's emerging attacks while reducing cyber risk and operational costs for organizations. As organizations face an overwhelming array of fragmented, siloed and reactive cybersecurity tools, Proofpoint Prime is the industry's only integrated solution that unifies threat defense and human risk management into seamless workflows that span the full attack chain. Proofpoint Prime consolidates real-time threat detection, response, and behavior-based guidance across communication and digital channels to lower operational overhead and costs, accelerate time to response, and equip security teams for a future powered by AI-driven security automation. In today's expanding digital workspace, where 90% of breaches involve the human element, threat actors exploit people however they work—via email, cloud apps, messaging, browsers, file sharing, collaboration tools, and social media. In addition to targeting multiple channels, they also use a variety of techniques spanning social engineering, malicious links, impersonation, and compromised accounts to bypass traditional, fragmented defenses as part of their multistage attacks. For example, the ransomware group Black Basta has used email-based subscription bombing followed by Microsoft Teams messages to impersonate IT support and compromise organizations. To defend against these multistage, multichannel attacks, enterprises today use 45 or more disconnected cybersecurity tools on average [1], each with separate workflows, interfaces, and integrations. Most also rely on standalone security awareness platforms that are disconnected from real threat activity, resulting in minimal behavior change and poor operational efficiency for security teams. Organizations spend millions managing these siloes while critical tasks like incident triage, takedown, and user remediation are often delayed or overlooked due to complexity and staffing gaps. Unlike disparate tools that treat threats and human behaviors as separate challenges, Proofpoint Prime changes this dynamic by bringing them together in intelligent workflows—transforming signals into actionable risk insights, streamlining operations, and delivering scalable protection. The result: stronger threat prevention, reduced costs, faster response times, and lasting human resilience. Organizations that unify their defenses with a single human-centric security solution have saved $2.7M on average in reduced risk exposure and avoided $390K in operational costs. Proofpoint Prime simplifies deployment with pre-built integrations and licensing efficiencies, offering an unmatched economic model for modern security teams. "The most damaging attacks continue to target people, and security teams are overwhelmed by siloed software, scattered threat signals, and rising costs,' said Darren Lee, executive vice president and general manager, Threat Protection Group at Proofpoint. 'Today's collaboration landscape demands an adaptive approach. With Proofpoint Prime, organizations no longer need to stitch together dozens of disconnected detection and response tools and employee education. It integrates protection across multiple channels and attack stages, providing organizations a level of protection and peace of mind that is unmatched in the industry." Proofpoint Prime Threat Protection: A Unified Answer to Fractured Defenses To simplify threat defense for organizations, Proofpoint Prime brings together four critical capabilities in a single, integrated solution: Multichannel Defense with Nexus AI: Defends against threats across email, cloud apps, collaboration tools, messaging, browsers, and social platforms. Nexus AI applies consistent threat detection across all digital channels to eliminate blind spots and ensure full-surface protection. Multistage Attack Protection: Identifies and remediates account takeovers, lateral movement, and supply chain attacks through a unified detection and response workflow. Proofpoint Prime gives SecOps teams full visibility and the ability to investigate and act faster. Human Risk-Based Guidance and Insights: Provides employees real-time, risk-based guidance and education tailored to their behavior, while equipping security teams with adaptive insights to enforce dynamic policy and coach at-risk employees. Comprehensive Impersonation Protection: Combines email authentication, brand protection, and takedown services into a single system that protects trusted domains against domain spoofing and malicious lookalikes. Built for Today. Ready for Agentic AI Tomorrow. Proofpoint Prime Threat Protection is designed for today's most urgent cyber risks and tomorrow's intelligent automation. Its architecture is ready to support agentic AI, enabling organizations to automate tasks like threat investigation, abuse mailbox triage, and collaboration tool forensics. Proofpoint will continue to enhance its features and capabilities. Availability Proofpoint Prime Threat Protection is available globally today, with additional capabilities rolling out through Q2 2025. For more information, visit: Join us at RSAC 2025 and visit booth #6345 to learn more about Proofpoint Prime Threat Protection. About Proofpoint, Inc. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations' greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at Connect with Proofpoint on LinkedIn. Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners. PROOFPOINT MEDIA CONTACT: Sara Seggari Proofpoint@ [1] Gartner, Top Trends in Cybersecurity 2025
