External media & blog articles
Trusted by leading media outlets globally, our solution enables reporters to delve deep into the intricate workings of ransomware attacks, uncovering the motives, impact, and potential solutions. With eCrime.ch, journalists have the means to shed light on this critical issue, empowering readers with knowledge and raising awareness about the evolving landscape of cybersecurity threats.
Unleash the full potential of your reporting with eCrime.ch data and revolutionize the way ransomware attacks are covered in the media.
RTF Year Two: New Map; New Data: Same Mission
It’s hard to believe over a year has passed since the founding of IST’s Ransomware Task Force and launch of the inaugural “Combating Ransomware” report, which provides a comprehensive framework for action.
Read onlineFOR528: Ransomware for Incident Responders
Ransomware attackers have become more sophisticated, and their techniques constantly evolve. It is a threat that requires an immediate response, especially in the enterprise. FOR528: Ransomware for Incident Responders covers the entire life cycle of an incident, from initial detection to incident response and postmortem analysis.
Read onlineOnline-Erpresserbande ausser Rand und Band: 169 Firmen in zwei Monaten erwischt
Die Cybercrime-Bande Lockbit will allein im September und Oktober fast 170 Unternehmen gehackt und erpresst haben. Betroffen soll auch der Schweizer Industriekonzern Saurer sein. Doch ob die Erpresser so erfolgreich sind, wie sie vorgeben, ist unklar.
Read onlineAustralian Ransomware Threat Landscape 2022
I thought to write about our beloved topic, Ransomware, and this time will focus on Australia. In this blog, I will not be diving into the workings of actual ransomware or doing a technical deep dive on actual samples. However, with some statistics, I will write about victimology and its capabilities and notable TTPs at a higher level.
Read onlineAloha hit by ransomware attack
NCR has been hit by a ransomware attack afflicting its Aloha POS system for the hospitality industry.
Read onlineRansomware group behind Oakland attack strengthens capabilities with new tools, researchers say
The PLAY ransomware group — responsible for a recent attack on the city of Oakland, California, that forced a state of emergency — has developed two new custom data-gathering tools that allow it to more effectively carry out already crippling digital extortion campaigns, researchers said Wednesday.
Read onlineRansomware: Every internet-connected network is at risk. Be prepared!
Cyber criminals are targeting every type of organization, from small businesses to large enterprises. Many people tend to believe that ransomware actors only target large enterprises and/or critical systems; unfortunately, the opposite is true. If you have internet-connected devices, you are at risk of a ransomware attack.
Read onlineThe Most Prolific Ransomware Families: 2023 Edition
The PLAY ransomware group — responsible for a recent attack on the city of Oakland, California, that forced a state of emergency — has developed two new custom data-gathering tools that allow it to more effectively carry out already crippling digital extortion campaigns, researchers said Wednesday.
Read onlineCl0p Starts Naming Victims
Yesterday, ransomware gang Cl0p began listing organizations affected by its exploit of file transfer software MOVEit. The gang used the exploit to steal data from potentially hundreds of companies around the world at the end of May.
Read onlineTwo Energy Department entities breached as part of massive MOVEit compromise
Multiple federal agencies, including two Department of Energy entities, were victims of a cyberattack that resulted from a widespread vulnerability in MOVEit file transfer software, federal officials said Thursday.
Read online"Classifying ransomware victims’ nationalities based on leak page entries
Ransomware is a type of malware that prevents a user from accessing their files by encrypting them. This is done to extort the victim. Some malware strains go beyond this and post the victim’s personal information and file online to add extra pressure to pay. Pages dedicated to the posting of such information are called leak pages.
Read online"Hacker-Angriffe auf Kliniken nehmen zu" – obwohl sie Leben kosten
So zählte das BKA mittels des Dienstleisters eCrime.ch im Jahr 2022 weltweit insgesamt 173 Geschädigte aus dem Gesundheitssektor. In der ersten Jahreshälfte 2023 beläuft sich die Anzahl der festgestellten Geschädigten bereits auf 163. Die Zahlen des BKA liegen WELT exklusiv vor.
Online lesenDie Eskalation der Ransomware-Angriffe
Die Welt erlebt seit Anfang 2023 einen alarmierenden Anstieg von Ransomware-Angriffen. Nach einem Rückgang im Jahr 2022 demonstrieren Cyberkriminelle ihre Hartnäckigkeit, indem sie Sicherheitslücken konsequent ausnutzen und Organisationen wieder erpressen.
Online lesenBanning Ransomware Payments Brings New Challenges
Kikta tried to figure out just how many waiver requests federal officials would need to evaluate. Using data from threat and risk intelligence services company eCrime.ch, he considered the number of unique organizations in the U.S. known to have been victimized by data extortion or ransomware so far this year. What he found is that it comes out to an average of slightly more than eight organizations per day of the work week.
Read onlinePreventing Ransomware: Top Trends from the 2023 Spycloud Ransomware Report
This year, we combined the survey results with an analysis conducted using original research from our own database and ransomware victim data from ecrime.ch to paint the full picture of the ransomware challenge teams face today.
Read onlineQ3 Ransomware Report: Global Ransomware Attacks Up More Than 95% Over 2022
Global ransomware frequency continues to climb. Corvus observed an 11.22% QoQ increase in Q3 and a 95.41% increase YoY on leak sites.
Read online2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
Data compiled by ecrime.ch provides an important snapshot of the total ransomware activity worldwide; however, it is biased towards ransomware attacks that use a traditional double-extortion approach.
Read onlineRansomware Cases Increased by 58% in 2023 showing our actions have not been enough to thwart the threat
In this article, we at SANS have gathered and reviewed information from a prominent threat intelligence group, "eCrime.ch: Threat and Risk Intelligence Services" (https://ecrime.ch/). All stats in this article come from the eCrime site, which is our preferred source for these numbers and provides solid telemetry for ransomware cases.
Read onlineRansomware Goes Political And Other Extortion Activity Of 2023
Double-extortion tactics employed by ransomware actors involve threatening to leak claimed stolen data to pressure the victim into paying a ransom. This report uncovers insights into the extortion activity in 2023, incorporating data observed across Data Leak Sites (DLS) and human-driven techniques used by actors.
Read onlineQ1 Ransomware Report: Ransomware Groups Don’t Die, They Multiply
Despite a record-breaking and tumultuous 2023, the early months of 2024 have not brought respite. With 1,075 leak site victims reported in Q1, this quarter has seen a 21% increase over the same period last year and is the most active first quarter ever recorded on ransomware leak sites.
Read onlineData Breach: Direzione Generale Educazione e Ricerca del Ministero della Cultura (MiC)
Insieme allo staff di Ransomfeed.it, che come di consueto ha prontamente segnalato il data breach, e a eCrime Threat and Risk Intelligence Services per la collaborazione e la celerità nel fornire questi dati, si è potuto determinare un dimensionamento preliminare dell’incidente.
Read online2024 Crypto Crime Mid-year Update Part 1: Cybercrime Climbs as Exchange Thieves and Ransomware Attackers Grow Bolder
Another trend for ransomware is that attacks are also becoming more frequent with at least 10% more attacks so far this year, according to data leak site statistics from eCrime.ch. Remarkably, despite being on track for a record year in terms of total ransom volumes and already seeing a record-setting maximum ransom size and a worsening attack landscape, there may be a glimmer of good news. Amidst all these headwinds, victims are still paying ransoms less often.
Read onlineRansomware in focus: Meet BlackSuit
BlackSuit is believed to be a sophisticated and financially-motivated cybercriminal group. First identified in May 2023, though not a prolific group, BlackSuit is believed to be comprised of highly skilled ransomware operators due to claimed associations to the Royal and Conti ransomware groups - historically highly organised and skilled ransomware groups.
Read onlineRansomware Landscape H1/2024
Ransomware tracker ecrime.ch collects and enriches detailed ransomware leak data and has provided WithSecure statistics on organizational sizes by employee count with a view to track whether there was any themes or patterns over time that suggested a change in the size demographic of victims.
Read onlineFeds arrest Latvian man accused of extorting Karakurt victims
Karakurt was a data encryption and extortion spinoff from Conti, a once-prolific ransomware operation that wound down in May 2022 after internal materials were leaked in the wake of the group’s administrators’ support for the Russian invasion of Ukraine. Karakurt’s most recent post to its dark web dates to September 2023, according to eCrime.ch, an online cybercrime research platform.
Read online2023 RTF Global Ransomware Incident Map: Attacks Increase by 73%, Big Game Hunting Appears to Surge
The 2023 RTF Global Ransomware Incident Map presents the task force’s annual map of ransomware incidents and identifies ransomware trends worldwide. We noted in last year’s map that the decline in ransomware incidents in 2022 was likely temporary due to several factors, most notably law enforcement action and the invasion of Ukraine. Indeed, starting in January 2023, we began to see the number of incidents increase, a trend that our data indicates ultimately resulted in a 73% year-over-year increase in attacks from 2022 to 2023. This piece examines data from eCrime.ch, a site that compiles messages on data leak sites as its primary source of ransomware incident tracking. We explore in greater detail in the Data and Methodology section the benefits and limitations of this approach.
Read onlineランサムウェア国内動向、2024年上期はVPN経由の感染が統計以来初めて50%を下回る。
警察庁の被害報告件数とリークサイトデータベースであるeCrime.chで確認できた国内企業のリークサイト掲載数を基に、リークサイトへ掲載される割合を推測すると平均は21%になることがわかった。
Read onlineRansomware Readiness: 10 Steps Every Organization Must Take
Recent research compiled by Trustwave SpiderLabs from several sources was the basis for the chart below that graphically displays which ransomware threat groups are most active. The team’s work revealed Clop, Lockbits 2.0 and 3.0, Conti, and ALPHV are the most active when it comes to spreading ransomware.
Read onlineRansomware Essentials: A Guide for Financial Services Firm Defense
Ransomware events in the financial sector over the last 12 months. Source: eCrime Threat and Risk Intelligence Services
Read onlineReading between the lies: using leak sites to analyse ransomware trends
This type of data can be tempting to use due to its tantalising accessibility and broadness – it can even be obtained in bulk from scraping websites like ecrime.ch. However, manipulation by ransomware groups, selection biases, and inaccuracy necessitate a cautious approach – one that too often is not taken.
Read onlineAre you a journalist seeking access to cutting-edge data on ransomware and data leak attacks? eCrime.ch is your gateway to unparalleled insights into the world of cyber threats. We invite you to reach out to us today and join our network of esteemed journalists who have leveraged our data to craft compelling stories that captivate audiences worldwide. Don't miss out on this opportunity to take your reporting to new heights. Contact eCrime.ch now to gain access to our invaluable resources and become a leading voice in covering ransomware attacks. Together, let's uncover the truth and empower readers with the knowledge they need to navigate the digital landscape securely.