Ransomware

Our lives are now enriched by the availability of LLMs that are easily accessible on the internet, so we have tools such as the ChatGPT that can help us breathe life into even the most abstract ideas. As a result, the experts from Malwarebytes Labs decided to ask ChatGPT if they could help them with […]

Recently, security analysts at SentinelOne got to know about an infamous IceFire ransomware that has been found attacking both Windows and Linux enterprise networks. An IceFire ransomware attack encrypts the files of the victim and demands payment in exchange for the key to decrypt them. This malware has been responsible for a great deal of […]

As of October 2022, The HardBit ransomware attack was first detected as a threat extorting cryptocurrency payments to decrypt data from organizations. Recently, version 2.0 of HardBit ransomware has been released by its operators.  It is believed that the operators of this ransomware are endeavoring to negotiate with the victim’s insurance company to extort the […]

CERT-FR, the French Computer Emergency Response Team (CERT-FR), as well as administrators and hosting providers, have issued a warning concerning new ransomware, called ESXiArgs, that has been discovered. This vulnerability makes it possible for the attackers to deploy the ESXiArgs ransomware, which can have serious consequences for the affected servers and the data stored on […]

As a result of an international law enforcement operation, the sites utilized by the Hive ransomware operation for both payments and data leaks on the Tor network were successfully taken over, following the FBI’s infiltration of the group’s infrastructure in July. An international law enforcement operation, led by the US Department of Justice and Europol, […]

Ransomware strikes businesses every 11 seconds. The ransomware attack volume is already at record levels, but we’re hearing it’s only getting worse.   As some victims managed to take precautions and refused to pay the ransom, attackers began to add more layers to their attacks.  Double extortion ransomware became a common tactic in 2021. But in […]

According to a joint Cybersecurity Advisory (CSA) from the FBI, CISA, and MS-ISAC published in September 2022, Vice Society actors have recently been primarily targeting the education sector with ransomware assaults. As the 2022–23 school gets started and malicious ransomware groups see prospects for successful operations, the CSA continued to predict an increase in attacks. […]

Research carried out by security analysts at CRIL (Cyble Research and Intelligence Labs) recently identified several ransomware groups that are actively targeting open RDP ports in an attempt to deploy ransomware. There could be major security issues that could occur if an RDP port is left open on the internet without being protected. Systems with […]

There has recently been a discovery made by IBM Security X-Force Threat Researchers regarding a new variant of ransomware known as RansomExx that is dubbed RansomExx2 which was written in Rust language. While threat actor behind this malware is known as Hive0091 (aka DefrayX). Apart from this, the RansomExx is also known by following these […]

Security researchers at Cyble recently identified that the authors of ransomware now have access to a brand new malicious tool – AXLocker – which has the ability to encrypt and make the multitude of file types unusable. As one of the most profitable and important malware families for threat Actors, ransomware has rapidly become one […]

The distribution of QAKBOT malware is resurrected once again by operators of the Black Basta ransomware group on September 8, 2022, after a short leisure break. While the latest distribution mechanism and campaign were identified by cybersecurity researchers at Trend Micro and the attackers using Penetration Testing tools to infiltrate the targeted networks. In this […]

Recently, the security researchers at HP’s threat intelligence team have discovered a malicious campaign in which the threat actors are delivering Magniber ransomware and with the help of fraudulent security updates targeted Windows Home users. A number of fake websites were created by threat actors in September 2022. On those fake websites, fraudulent antivirus and […]

Recent reports indicate that in late May Cisco’s corporate network was infected with ransomware from the Yanluowang group.  Under the threat of leaking stolen files to the online world, the threat actor attempted to intimidate the victims into making a financial sacrifice; in short, ransom. An employee’s Box folder linked to a compromised account was […]

A ransomware operation called H0lyGh0st is being run by North Korean hackers for more than a year now, attacking small businesses across different countries with ransomware. There has been quite a bit of activity on the part of the group for quite some time. The gang, however, was not able to obtain the same level […]

In a recent Microsoft advisory, the company warned that the operators of BlackCat ransomware (aka ALPHV) is using exploits to gain access to target networks by exploiting unpatched Exchange server vulnerabilities. Threat actors can exploit the compromised Exchange servers in order to perform the following actions:- Access the target networks Conduct internal reconnaissance Lateral movement […]

At the request of the United States, the Federal Security Service (FSB) has recently arrested all the hackers behind the REvil ransomware group and claimed to have completely shut down all operations of the group. The closure of the REvil ransomware gang comes after a Ukrainian citizen was arrested in Poland last November for using […]

In an ongoing campaign, the threat actors are distributing Magniber ransomware as an update through modern web browsers. Cybersecurity researchers at ASEC have closely monitored Magniber and reported that to deploy this ransomware the operators behind it are actively exploiting the Internet Explorer (IE) vulnerabilities for the last couple of years.   But, now apart from […]