Cicada3301, a ransomware-as-a-service group, had its affiliate program infiltrated by Group-IB researchers, who subsequently publicized details about the gang’s operations and inner workings. Active since June 2024, the group has attacked 30 victims, primarily in the U.S and U.K. The ransomware shares similarities with the defunct ALPHV/BlackCat ransomware group. Group-IB’s report also highlights Cicada3301’s sophisticated affiliate program, including detailed attack customization and support services.
Navigating cyber insurance coverage as threats evolve
Cyber insurance offers protection from financial losses due to cyberattacks and data breaches. However, it is challenging for healthcare organizations to maintain policies and keep