Ransomware

Ransomware groups often recycle tools, techniques, and procedures. Even some of them also provide playbooks for affiliates as well. Numerous use Cobalt Strike for remote access, employ RDP brute force, and target Domain Controller servers to control network machines. Cybersecurity researchers at Sophos X-Ops recently reported their investigation on ransomware attacks from Jan 2023 publicly, […]

The TargetCompany ransomware (aka Mallox, Fargo, and Tohnichi) is actively targeting the organizations that are using or running vulnerable SQL servers. Apart from this, recently, the TargetCompany ransomware unveiled a new variant of malware along with several malicious tools for persistence and covert operations that are gaining traction rapidly. Cybersecurity researchers at Trend Micro discovered […]

A new ransomware group known as ‘Rhysida’ has been operating since May 2023, posing a huge danger to the healthcare industry. Rhysida ransomware gang has been connected to several significant attacks, including an assault on the Chilean Army. Recently, the organization was also implicated in an attack on Prospect Medical Holdings that had an impact on […]

An unidentified threat actor has deployed the Yashma ransomware variant since June 4, 2023, actively targeting English-speaking countries like:- Bulgaria China Vietnam While this new variant of Yashma ransomware has reemerged after being fixed last year since the release of a decryptor. This operation was recently identified by the cybersecurity researchers at Cisco Talos, who […]

Magniber Ransomware was first detected in late 2017; it targeted South Korean users through malvertising attacks using the Magnitude Exploit Kit. It had been distributed earlier through Internet Explorer(IE) vulnerabilities. Since Microsoft announced IE’s end of support, it is now being distributed by changing its name to Windows security update package (ex_ERROR.Center.Security.msi) in Edge and Chrome […]

High-profile ransomware attacks on corporations like Kaseya, Colonial Pipeline, and MOVEit may lead to the misconception that only large organizations are targeted. However, the fact is that underestimating the risk due to focusing on large organizations may increase your vulnerability to ransomware attacks. Cybersecurity researchers at Trellix recently asserted that organizations with 51-200 employees, which […]

According to recent sources, threat actors have been working on a new variant of cross-platform ransomware that is named “Akira”. Akira was introduced to the cybersecurity sector in March 2023, which targets several financial institutions and organizations for stealing sensitive data. Akira has been using a Tor website for their communications with perpetrators and for […]

The rapid rise and sophistication of ransomware enable threat actors to launch attacks more frequently and disrupt businesses and organizations that are lacking adequate preparation. The researchers at Microsoft Incident Response recently investigated an intrusion in which it’s been the threat actor’s rapid attack progression, caused major disruptions for the victim organization in just five […]

The sudden surge in the activity of 8base ransomware in June 2023 shows it is a well-established organization to execute attacks that alarms security professionals and industries. The group utilizes encryption paired with “name-and-shame” techniques to compel their victims to pay their ransoms in Bitcoin. They target small business services, manufacturing, and construction sectors and […]

Akira ransomware appeared in 2017 when it encrypted video folders without leaving any ransom notes. The file encrypted by Akira ransomware has an extension of .akira. — Karsten Hahn (@struppigel) August 29, 2017 Researchers have been working on decrypting the files affected by the ransomware and finally got a breakthrough. Researchers at Avast have found […]

A new variant of Mallox ransomware, also known as “Target company” ransomware, adopts a unique method of appending the name of the targeted company as a file extension to encrypt the files and launch the ransomware attack. The Mallox threat actor distributes ransomware via a downloader attached to spam emails by targeting unsecured internet-facing Microsoft […]

LockBit was one of the most widely used ransomware in 2022, targeting both small and large organizations irrespective of their size or net worth. The threat actor group deploying this LockBit ransomware was working as a RaaS (Ransomware-as-a-service) based group with affiliates working anonymously worldwide. The group is also said to have recruited affiliates for […]

The ‘RA Group’ is a recently emerged ransomware organization that is actively attacking the following companies in the United States and South Korea:- Pharmaceutical companies Insurance companies Wealth management companies Manufacturing companies Cybersecurity researchers at Cisco Talos observed them employing the common ‘double-extortion’ technique by establishing a data leak website on the dark web to […]

In March 2023, Group-IB’s Threat Intelligence team accessed the Qilin ransomware (Agenda ransomware) group and discovered that it is a Ransomware-as-a-Service affiliate program using Rust-based ransomware to target victims. Qilin ransomware employs personalized attack strategies, including modifying file extensions and terminating targeted processes, to optimize the impact of their attacks on individual victims. The Rust […]

A new ransomware variant called “Akira” has emerged, targeting multiple organizations and employing a double-extortion technique by exfiltrating and encrypting sensitive data, with the threat of selling or leaking it on the dark web unless the ransom is paid for decryption. Ransomware, a significant cybersecurity threat, poses severe consequences such as financial and data loss […]

The FBI has reportedly shut down 9 Virtual Currency Exchange services belonging to organizations to prevent cyber criminals from laundering their money. These exchange services were used by threat actors who received ransom payments through criminal activities. These organizations were knowingly supporting cybercrime activities and were supporting all kinds of threat actors. The domain names […]

NCR, a major player in the US payments industry, admitted it was a target of a ransomware attack for which the BlackCat/Alphv group claimed responsibility. On April 12, NCR revealed that it was looking into an “issue” with its Aloha restaurant point-of-sale (PoS) system.  The business announced an outage at a single data center had […]

A new ALPHV (aka BlackCat Ransomware) has been found and tracked under the ID UNC4466. This ransomware affiliate uses Veritas Backup Exec Installations, which are vulnerable to CVE-2021-27876, CVE-2021-27877, and CVE-2021-2787878. However, these CVEs are used for the initial access only. A commercial internet scanning tool found a massive 8500 installations of Veritas Backup Exec […]

The ransomware gang responsible for the February attack on the City of Oakland, California, released a second data dump. The dump consisted of nearly 600 gigabytes of files that contained stolen municipal data, exposing critical information on thousands of employees in the city. Play, the threat group responsible for the ransomware attack, posted the second […]

Researchers from Checkpoint found a new and previously unknown ransomware variant dubbed “Rorschach” with highly sophisticated features that target U.S. companies. Rorschach ransomware carries technically unique and customized features and one of the fastest ransomware observed by the speed of encryption that was never found in ransomware history. Interestingly, Threat actors behind the ransomware implemented […]

Ferrari’s woes seem to be continuing from F1 tracks to their data. And surprisingly, ransomware today encrypts files as fast as a Ferrari V8 goes from 0 to 60 mph. The current ransomware attack means cybercriminals now have access to confidential client data. Remarkably, this isn’t the first time Ferrari has been the victim of […]