BleepingComputer has confirmed that the seized sites include the dark web data leak blogs and negotiation sites used to extort victims into paying a ransom demand.
BlackSuit ransomware extortion sites seized in Operation Checkmate
Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years.
- The U.S. Department of Justice confirmed the takedown in an email earlier today, saying the authorities involved in the action executed a court-authorized seizure of the BlackSuit domains.
Other law enforcement authorities that joined this joint operation include the U.S. Secret Service, the Dutch National Police, the German State Criminal Police Office, the U.K. National Crime Agency, the Frankfurt General Prosecutor's Office, the Justice Department, the Ukrainian Cyber Police, Europol, and others.
Romanian cybersecurity company Bitdefender was also involved in the action, but a spokesperson has yet to reply after BleepingComputer reached out for more details earlier today.
Chaos ransomware rebrand
On Thursday, the Cisco Talos threat intelligence research group reported that it had found evidence suggesting the BlackSuit ransomware gang is likely to rebrand itself once again as Chaos ransomware.
"Talos assesses with moderate confidence that the new Chaos ransomware group is either a rebranding of the BlackSuit (Royal) ransomware or operated by some of its former members," the researchers said.
"This assessment is based on the similarities in TTPs, including encryption commands, the theme and structure of the ransom note, and the use of LOLbins and RMM tools in their attacks."
BlackSuit started as Quantum ransomware in January 2022 and is believed to be a direct successor to the notorious Conti cybercrime syndicate. While they initially used encryptors from other gangs (such as ALPHV/BlackCat), they deployed their own Zeon encryptor soon after and rebranded as Royal ransomware in September 2022. ...CISA and the FBI first revealed in a November 2023 joint advisory that Royal and BlackSuit share similar tactics, while their encryptors exhibit obvious coding overlaps. The same advisory linked the Royal ransomware gang to attacks targeting over 350 organizations worldwide since September 2022, resulting in ransom demands exceeding $275 million.
The two agencies confirmed in August 2024 that the Royal ransomware had rebranded as BlackSuit and had demanded over $500 million from victims since surfacing more than two years prior.
Update 7/24/25: Updated article to include that negotiation sites were seized as well.
Brave blocks Windows Recall from screenshotting your browsing activity
Brave Software says its privacy-focused browser will block Microsoft's Windows Recall from capturing screenshots of Brave windows by default to protect users' privacy.
Windows Recall is an opt-in Windows feature that takes screenshots of active windows every few seconds, analyzes them, and enables Windows 11 users to search for text within the snapshots using natural language. The goal is to make it easy for users to quickly find information about past activities in Windows.
However, the feature has sparked widespread criticism for potentially exposing sensitive data of Windows users, including passwords, emails, health records, and financial information.
Microsoft later increased security by providing methods for software providers to opt out of Windows Recall and by securing data with Windows Hello Enhanced Sign-in Security (ESS).
Brave has now decided to proactively enable a technical feature that prevents Recall from capturing the contents of its windows.
"Given Brave's focus on privacy-maximizing defaults and what is at stake here (your entire browsing history), we have proactively disabled Recall for all Brave tabs," reads a new Brave announcement.
"We think it's vital that your browsing activity on Brave does not accidentally end up in a persistent database, which is especially ripe for abuse in highly-privacy-sensitive cases such as intimate partner violence."
A Brave GitHub issue explains that developers have utilized Microsoft's SetInputScope API and set the input scope to IS_PRIVATE for all browser windows. This tells Windows that the content should not be captured or indexed by Recall.
"Microsoft says that a Web browser can use SetInputScope to set the scope to be IS_PRIVATE to make sure that Recall doesn't save the user's browsing history," reads the Brave GitHub issue.
"We can force that to be true for all windows in renderer_widget_host_view."
The change is already live in Brave Nightly builds and will roll out to stable releases in the coming weeks. For those who wish to use Recall, you can enable it through Brave's settings.
In May, encrypted messenger Signal also blocked Windows Recall by enabling the DRM management flag in the program, which prevents Microsoft's software from taking screenshots of the program.
However, this method could cause issues with accessibility software, such as screen readers, so Signal also provides a way to turn off this setting.
New Koske Linux malware hides in cute panda images
A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory.
- July 24, 2025
- 04:54 PM
1
Ditch subscriptions: Get SwifDoo PDF Pro for life at just $30 in this deal
Powerful PDF editors are usually expensive or buried behind monthly subscriptions. That's what makes this deal on SwifDoo PDF Pro such a standout. For a limited time, you can get a perpetual lifetime license for just $29.97 (reg. $129).
- July 24, 2025
- 02:10 PM
- 0
Hacker sneaks infostealer malware into early access Steam game
A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title.
- July 24, 2025
- 12:49 PM
- 1
Mitel warns of critical MiVoice MX-ONE authentication bypass flaw
Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform.
- July 24, 2025
- 11:17 AM
- 0
Hackers breach Toptal GitHub account, publish malicious npm packages
Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index.
- July 24, 2025
- 09:26 AM
- 1
SonicWall urges admins to patch critical RCE flaw in SMA 100 devices
SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution.
- July 24, 2025
- 07:17 AM
- 0
Prep for Microsoft Azure certifications at home for $30 in this course deal
The 2025 Microsoft Azure Architect & Administrator Exam Certification Prep Bundle gives you the flexibility to learn everything you need to pass Microsoft Azure exams — from the comfort of your home. And lifetime access is on sale for just $29.97.
- July 24, 2025
- 07:09 AM
- 0
Microsoft: SharePoint flaws exploited in Warlock ransomware attacks
A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain.
- July 24, 2025
- 05:53 AM
- 0
This Lenovo 100e Chromebook handles drops, video calls, and more
This Lenovo 100e Chromebook 2nd Gen (2019) delivers a durable, portable, and efficient computer for school, remote work, or everyday use. Priced at just $54.99 (reg. $328.99) in refurbished grade "A" condition, this is a great deal while supplies last.
- July 23, 2025
- 02:05 PM
- 0
Proton launches privacy-respecting encrypted AI assistant Lumo
Proton has launched a new tool called Lumo, offering a privacy-first AI assistant that does not log user conversations and doesn't use their prompts for training.
- July 23, 2025
- 01:41 PM
- 1
Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit
Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee's password for a hacker without first verifying their identity.
- July 23, 2025
- 01:20 PM
- 4
No comments:
Post a Comment