Mikhail Matveev

January 11, 2022

Who is the Network Access Broker ‘Wazawaka?’

This post was originally published on this siteIn a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by “Wazawaka,” the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene. Wazawaka has been a highly active member of multiple cybercrime forums over the past […]
February 20, 2024

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

This post was originally published on this siteU.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn’t pay, LockBit’s victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates. Investigators used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools. Dubbed “Operation Cronos,” the law enforcement action involved the seizure […]