Okay, we deleted the previous tweet because now we're giving away 4 one year subscriptions to MULLVAD. Hahaha.
It on Twitter:)
https://twitter.com/vxunderground/status/1702720582293311896
It on Twitter:)
https://twitter.com/vxunderground/status/1702720582293311896
X (formerly Twitter)
vx-underground on X
We're doing another giveaway
We're giving away 4 one year subscriptions to MULLVAD VPN for 5 devices. They will be delivered in the form of giftcards. No PII is required from any potential winner.
Winners will be selected September 17th.
Comment belowβ¦
We're giving away 4 one year subscriptions to MULLVAD VPN for 5 devices. They will be delivered in the form of giftcards. No PII is required from any potential winner.
Winners will be selected September 17th.
Comment belowβ¦
β€32π7π₯5π€£4π«‘1
While everyone is focusing on the catastrophe of the MGM breach, it should be noted that it is business as usual for other ransomware groups.
Note: Publicly listed victims on ransomware websites indicate the victim did not pay and/or negotiations are still on-going.
- Cactus ransomware group was the most active this month (so far), with 30 new victims publicly displayed. Their victims are primarily agricultural and industrial organizations.
- ALPHV ransomware group claims 19 new victims in September. Besides MGM, they have claimed law firms, architecture and design companies, real estate companies, physicians offices, investment companies, and media analysis companies.
- Lockbit ransomware group claims 19 new victims as well. Lockbit ransomware group most notably targeted a non-profit hospital, a Behavioral health center for the mentally ill, 2 school distracts located within the United States, and law firm which represents American Veterans who need legal assistance.
- CryptBB, a new and emerging group, claimed 8 victims, most notably a school district in the United States.
- NoEscape claims to have compromised US-Canada water organization, the International Joint Commission, and threatens to leak sensitive government data.
- BianLain attacks Save the Children International, a 104 year old non-profit which aided children who were victims of WW2 nazi concentration camps (among many other incredible deeds).
- RansomedVC claims 30 new victims this month, primarily leveraging web exploitation and intimidation tactics.
Other active ransomware group activity this month: RagnarLocker, Threeam, CiphBit, Trigona, Knight, Akira, Monti, Stormous, Blacksuit, Play, RansomHouse, IncRansom, Lorenz, BlackByte, Qilin, RaGroup, Everest, Mallox, Medusa, Rhysida, 8base, Abyss.
In the month of September, 2023, there have been over 200 newly documented ransomware attacks. Again, this does not include victims who have paid.
The most notorious groups still remain on top: ALPHV and Lockbit. Both have existed (in some manner) since at least 2019.
Note: Publicly listed victims on ransomware websites indicate the victim did not pay and/or negotiations are still on-going.
- Cactus ransomware group was the most active this month (so far), with 30 new victims publicly displayed. Their victims are primarily agricultural and industrial organizations.
- ALPHV ransomware group claims 19 new victims in September. Besides MGM, they have claimed law firms, architecture and design companies, real estate companies, physicians offices, investment companies, and media analysis companies.
- Lockbit ransomware group claims 19 new victims as well. Lockbit ransomware group most notably targeted a non-profit hospital, a Behavioral health center for the mentally ill, 2 school distracts located within the United States, and law firm which represents American Veterans who need legal assistance.
- CryptBB, a new and emerging group, claimed 8 victims, most notably a school district in the United States.
- NoEscape claims to have compromised US-Canada water organization, the International Joint Commission, and threatens to leak sensitive government data.
- BianLain attacks Save the Children International, a 104 year old non-profit which aided children who were victims of WW2 nazi concentration camps (among many other incredible deeds).
- RansomedVC claims 30 new victims this month, primarily leveraging web exploitation and intimidation tactics.
Other active ransomware group activity this month: RagnarLocker, Threeam, CiphBit, Trigona, Knight, Akira, Monti, Stormous, Blacksuit, Play, RansomHouse, IncRansom, Lorenz, BlackByte, Qilin, RaGroup, Everest, Mallox, Medusa, Rhysida, 8base, Abyss.
In the month of September, 2023, there have been over 200 newly documented ransomware attacks. Again, this does not include victims who have paid.
The most notorious groups still remain on top: ALPHV and Lockbit. Both have existed (in some manner) since at least 2019.
π22π«‘10π’9β€6π₯5π€£5π4π€―3π―3π€1
For Black Mass Volume II we spent an extra shiny penny, from our own pockets, to hire an artist who is an illustrator for Magic: The Gathering, Mythgard Tcg, Hit PointPress, Adi Shankar/Netflix, Legendary Games, and more.
Thanks to Wero Gallo Arias for the amazing work.
Thanks to Wero Gallo Arias for the amazing work.
π₯100β€20π6π«‘5π2π±2β€βπ₯1π€£1
We have passed 23,000 subscribers on Telegram.
Thank you for the love and support. β€οΈ
We look forward for continually serving you all with malware source code, samples, papers and our dumb memes.
Thanks,
Thank you for the love and support. β€οΈ
We look forward for continually serving you all with malware source code, samples, papers and our dumb memes.
Thanks,
β€βπ₯97β€30π7π―6π₯5π«‘4π3π€ͺ3π±1
Today Lockbit ransomware group issued a poll to all of their affiliates
Lockbit is considering implementing new rules for Lockbit affiliates due to their frustration with ransomware negotiators. Currently, Lockbit ransomware group has no rules in place for how much (or how little) affiliates can ransom a company for. They are considering "regulating" ransom demands
They state newer affiliates are giving large discounts to victim companies out of desperation for money, whereas more experienced affiliates do not cave to negotiator's proposed payment from the victims
National Hazard Agency, a subdivision of Lockbit ransomware group, has stated they will no longer accept payments below 3% of the companies annual revenue. They will immediately retaliate against any negotiator who approaches them with an offer of less than 3% of the companies revenue. The retaliation will be complete destruction of company data
Image 1. Original Lockbit poll
Image 2. Translated poll
Image 3. Message from National Hazard Agency
Lockbit is considering implementing new rules for Lockbit affiliates due to their frustration with ransomware negotiators. Currently, Lockbit ransomware group has no rules in place for how much (or how little) affiliates can ransom a company for. They are considering "regulating" ransom demands
They state newer affiliates are giving large discounts to victim companies out of desperation for money, whereas more experienced affiliates do not cave to negotiator's proposed payment from the victims
National Hazard Agency, a subdivision of Lockbit ransomware group, has stated they will no longer accept payments below 3% of the companies annual revenue. They will immediately retaliate against any negotiator who approaches them with an offer of less than 3% of the companies revenue. The retaliation will be complete destruction of company data
Image 1. Original Lockbit poll
Image 2. Translated poll
Image 3. Message from National Hazard Agency
π₯42π€£14π«‘8β€1π1π1π1
Thank you to the person who sent us a lovely poem... from Greece's... Hellenic Army?
Image 1. Lovely poem
Image 2. Email headers
Image 1. Lovely poem
Image 2. Email headers
β€42π3π«‘3π₯°1
Today it was reported an unidentified Threat Actor(s) compromised Mark Cuban - an American Billionaire, Investor and owner of the Dallas Mavericks. The Threat Actors stole approx. $870,000 worth of cryptocurrency.
More information here: https://www.dlnews.com/articles/people-culture/mark-cuban-loses-870k-to-a-crypto-scam/
More information here: https://www.dlnews.com/articles/people-culture/mark-cuban-loses-870k-to-a-crypto-scam/
DL News
Mark Cuban on how he lost $870,000 to crypto scam β βThey must have been watchingβ
Cuban confirmed the hack to DL News after crypto sleuths first noticed unusual activity late on Friday.
π€£82π5π«‘4β€3π’1
In celebration of Black Mass Volume II's soon release, everything on the vx-underground merch store is 20% off.
Go to https://vx-underwear.org and use code BLACKMASS. The discount ends September 20th, 2023.
Go to https://vx-underwear.org and use code BLACKMASS. The discount ends September 20th, 2023.
β€29π3π«‘3
After we complete our data migration vx-underground will have a new look again. Sponsors will be listed on top as soon as you view the website.
If any of you nerds complain, we will send you the monthly bills and ask you to pay staff member salaries.
So shut up, it's all free.
If any of you nerds complain, we will send you the monthly bills and ask you to pay staff member salaries.
So shut up, it's all free.
β€70π9π8β€βπ₯6π€ͺ5π«‘4π€2π±2π2π1
We have received our first Twitter payout. We received $285.63. We donated the full amount to WiCyS (Women in CyberSecurity).
We will continue to donate our monthly Twitter revenue to non-profits.
Have a nice day.
We will continue to donate our monthly Twitter revenue to non-profits.
Have a nice day.
π€£136π₯57β€48π€ͺ20π19π’11π6π4π€2π1
If you have any recommendations for non-profits, please send us an e-mail at staff@vx-underground.org.
We will be donating our Twitter revenue every 2 weeks.
We will be donating our Twitter revenue every 2 weeks.
β€45π«‘22π€£10β€βπ₯1π€1π±1π’1
Today a Threat Actor named "USDoD" leaked sensitive data from TransUnion. This won't be the last of "USDoD" today though. He also compromised NATO. We'll discuss that later. But first, TransUnion.
The leaked database, over 3GB in size, contains highly sensitive PII on 58,505 people. The database appears to be compromised March 2nd, 2022. This leaked database has information on individuals all across the globe including the Americas (North and South), as well as Europe.
Leaked data includes:
- First name
- Last name
- Internal TransUnion identifiers
- Sex
- Passport information
- Place of Birth
- Date of Birth
- Civil Status (?)
- Age
- Their current employer
- Information on their employer
- Summary of financial transactions
- Credit Score
- Loans in their name
- Remaining balances on the loans
- Where they got the loan from,
- When TransUnion first began monitoring their information
The leaked database, over 3GB in size, contains highly sensitive PII on 58,505 people. The database appears to be compromised March 2nd, 2022. This leaked database has information on individuals all across the globe including the Americas (North and South), as well as Europe.
Leaked data includes:
- First name
- Last name
- Internal TransUnion identifiers
- Sex
- Passport information
- Place of Birth
- Date of Birth
- Civil Status (?)
- Age
- Their current employer
- Information on their employer
- Summary of financial transactions
- Credit Score
- Loans in their name
- Remaining balances on the loans
- Where they got the loan from,
- When TransUnion first began monitoring their information
π±60π₯°11π8π€£7π«‘3β€2
For those wondering: Yes, this is the same "USDoD" listed on the Pompompurin indictment. They are believed to be behind many other high profile breaches.
π32β€8π«‘1