Ransomware 2024
2026()
2025()
2024()
2023()
Ransomware
Jak útoèí
Klany
Techniky
Obrana
Popisky
Anti-Ramson Tool Rescue plan Anti-ransomware vaccine
Prevence
Video
Vývoj 2021
2020
2019
2018
0
1
2
|
19.11.24 |
Helldown Ransomware: an overview of this emerging threat |
RANSOMWARE |
RANSOMWARE |
|
|
30.10.24 |
Jumpy Pisces Engages in Play Ransomware | Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. | RANSOMWARE | RANSOMWARE |
|
28.10.24 | Qilin | New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion | RANSOMWARE | RANSOMWARE |
|
27.10.24 | Cicada3301 | Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service Group | RANSOMWARE | RANSOMWARE |
|
10.1.25 | FunkSec | FunkSec – Alleged Top Ransomware Group Powered by AI | RANSOMWARE | AI |
8.9.24 | Cicada3301 | Dissecting the Cicada | RANSOMWARE | RANSOMWARE |
5.9.24 | RansomHub Ransomware | #StopRansomware: RansomHub Ransomwa | RANSOMWARE | RANSOMWARE |
5.9.24 | Cicada3301 | Decoding the Puzzle: Cicada3301 Ransomware Threat Analysis | RANSOMWARE | RANSOMWARE |
24.8.24 | Qilin ransomware | Qilin ransomware caught stealing credentials stored in Google Chrome | RANSOMWARE | RANSOMWARE |
15.8.24 | RansomHub | Ransomware attackers introduce new EDR killer to their arsenal | RANSOMWARE | RANSOMWARE |
9.8.24 | StopRansomware BlackSuit (Royal) Ransomware | The advisory was updated to notify network defenders of the rebrand of “Royal” ransomware actors to “BlackSuit.” The update includes new TTPs, IOCs, and detection methods related to BlackSuit ransomware. “Royal” was updated to “BlackSuit” throughout unless referring to legacy Royal activity. Updates and new content are noted. | RANSOMWARE | RANSOMWARE |
15.7.24 | HardBit Ransomware 4.0 | In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild. | RANSOMWARE | RANSOMWARE |
8.7.24 | Eldorado | Eldorado Ransomware: The New Golden Empire of Cybercrime? | RANSOMWARE | RANSOM |
| 13.6.24 | Black Basta | Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day | RANSOMWARE | RANSOMWARE |
5.6.24 |
RansomHub: New Ransomware has Origins in Older Knight |
RANSOMWARE | RANSOMWARE |
|
24.5.24 | ESXi Ransomware Attacks: Evolution, Impact, and Defense Strategy |
RANSOMWARE | Hacking | |
11.5.24 | StopRansomware: Black Basta | Black Basta affiliates use common initial access techniques—such as phishing and exploiting known vulnerabilities—and then employ a double-extortion model, both encrypting systems and exfiltrating data. | RANSOMWARE | Ransomware |
| 19.4.24 | Akira | Akira is swiftly becoming one of the fastest-growing ransomware families thanks to its use of double extortion tactics, a ransomware-as-a-service (RaaS) distribution model, and unique payment options. | RANSOMWARE | Ransomware |
| 17.4.24 | Cerber | Cerber Ransomware: Dissecting the three heads | RANSOMWARE | Ransomware |
| 15.3.24 | Daixin Team | The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022. Since then, Daixin Team cybercrime actors have caused ransomware incidents at multiple HPH Sector organizations where they have | RANSOMWARE | Ransomware |
| 15.3.24 | Cuba | Cuba ransomware, upon compromise, installs and executes a CobaltStrike beacon as a service on the victim’s network via PowerShell. Once installed, the ransomware downloads two executable files, which include “pones.exe” for password acquisition and “krots.exe,” also known as KPOT, enabling the Cuba ransomware actors to write to the compromised system’s temporary (TMP) file. | RANSOMWARE | Ransomware |
| 15.3.24 | ESXiArgs | The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” | RANSOMWARE | Ransomware |
| 15.3.24 | Royal | Since September 2022, Royal has targeted over 350 known victims worldwide and ransomware demands have exceeded 275 million USD. Royal conducts data exfiltration and extortion prior to encryption and then publishes victim data to a leak site if a ransom is not paid. Phishing emails are among the most successful vectors for initial access by Royal threat actors. | RANSOMWARE | Ransomware |
| 15.3.24 | LockBit 3.0 | LockBit 3.0, also known as “LockBit Black,” is more modular and evasive than its previous versions and shares similarities with Blackmatter and Blackcat ransomware. LockBit 3.0 is configured upon compilation with many different options that determine the behavior of the ransomware. | RANSOMWARE | Ransomware |
| 15.3.24 | BianLian | BianLian is a ransomware developer, deployer, and data extortion cybercriminal group. FBI observed BianLian group targeting organizations in multiple U.S. critical infrastructure sectors since June 2022. In Australia, ACSC has observed BianLian group predominately targeting private enterprises, including one critical infrastructure organization. | RANSOMWARE | Ransomware |
| 15.3.24 | CL0P | Appearing in February 2019, and evolving from the CryptoMix ransomware variant, CL0P was leveraged as a Ransomware as a Service (RaaS) in large-scale spear-phishing campaigns that used a verified and digitally signed binary to bypass system defenses. | RANSOMWARE | Ransomware |
| 15.3.24 | LockBit | In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. | RANSOMWARE | Ransomware |
| 15.3.24 | Truebot | Previous Truebot malware variants were primarily delivered by cyber threat actors via malicious phishing email attachments; however, newer versions allow cyber threat actors to also gain initial access through exploiting CVE-2022-31199—(a remote code execution vulnerability in the Netwrix Auditor application), enabling deployment of the malware at scale within the compromised environment. | RANSOMWARE | Ransomware |
| 15.3.24 | QakBot | QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally. QakBot has been the precursor to a significant amount of computer intrusions, to include ransomware and the compromise of user accounts within the Financial Sector. | RANSOMWARE | Ransomware |
| 15.3.24 | Snatch | First appearing in 2018, Snatch operates a ransomware-as-a-service (RaaS) model and claimed their first U.S.-based victim in 2019. Originally, the group was referred to as Team Truniger, based on the nickname of a key group member, Truniger, who previously operated as a GandCrab affiliate. Snatch threat actors use a customized ransomware variant notable for rebooting devices into Safe Mode [T1562.009], enabling the ransomware to circumvent detection by antivirus or endpoint protection, and then encrypting files when few services are running. | RANSOMWARE | Ransomware |
| 15.3.24 | AvosLocker | The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known IOCs, TTPs, and detection methods associated with the AvosLocker variant identified through FBI investigations as recently as May 2023. | RANSOMWARE | Ransomware |
| 15.3.24 | Royal | Royal ransomware uses a unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt. | RANSOMWARE | Ransomware |
| 15.3.24 | Rhysida | Threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information technology, and government sectors | RANSOMWARE | Ransomware |
| 15.3.24 | Scattered Spider | Scattered Spider (also known as Starfraud, UNC3944, Scatter Swine, and Muddled Libra) engages in data extortion and several other criminal activities.[1] Scattered Spider threat actors are considered experts in social engineering and use multiple social engineering techniques, especially phishing, push bombing, and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA). | RANSOMWARE | Ransomware |
| 15.3.24 | BlackCat/ALPHV | This FLASH is part of a series of FBI reports to disseminate known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) associated with ransomware variants identified through FBI investigations. A | RANSOMWARE | Ransomware |
| 15.3.24 | Phobos | According to open source reporting, Phobos ransomware is likely connected to numerous variants (including Elking, Eight, Devos, Backmydata, and Faust ransomware) due to similar TTPs observed in Phobos intrusions. | RANSOMWARE | Ransomware |
| 8.3.24 | Jasmin | GoodWill Ransomware? Or Just Another Jasmin Variant? | RANSOMWARE | Ransomware |
| 7.3.24 | Abyss Locker | On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. | RANSOMWARE | Ransomware |
| 7.3.24 | BlackCat (ALPHV) Attack | Explore the thwarted cyber extortion attempt by the BlackCat ransomware group, unraveled by Sygnia’s Incident Response team in mid-2023. | RANSOMWARE | Ransomware |
| 4.3.24 | CACTUS | CACTUS: Analyzing a Coordinated Ransomware Attack on Corporate Networks | RANSOMWARE | Ransomware |
| 25.2.24 | LockBit Attempts to Stay Afloat With a New Version | This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations. | RANSOMWARE | Ransomware |
17.2.24 | Akira Ransomware and Exploitation of Cisco Anyconnect Vulnerability CVE-2020-3259 |
RANSOMWARE | Anti-Tool | |
12.2.24 | Korea Internet & Security Agency (KISA) distribuuje nastroj pro obnovu ransomwaru Rhysida. |
RANSOMWARE | Ransomware | |
30.1.24 |
NONAME | Older Leaks Re-Surfaces: LOCKBIT Imitator on Surface Web | RANSOMWARE | Ransomware |
30.1.24 |
Mimus | Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks | RANSOMWARE | Ransomware |
30.1.24 |
Kuiper | Kuiper ransomware analysis: Stairwell’s technical report | RANSOMWARE | Ransomware |
30.1.24 |
Kasseika | The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. | RANSOMWARE | Ransomware |
30.1.24 |
Albabat | On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. | RANSOMWARE | Ransomware |
30.1.24 |
Phobos | Another Phobos Ransomware Variant Launches Attack – FAUST | RANSOMWARE | Ransomware |
29.1.24 |
Kasseika | Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver | RANSOMWARE | Ransomware |
12.1.24 |
Medusa | Medusa Ransomware Turning Your Files into Stone | RANSOMWARE | Ransomware |
10.1.24 |
Babuk | Babuk is a Russian ransomware. In September 2021, the source code leaked with some of the decryption keys. Victims can decrypt their files for free. | RANSOMWARE | Anti-Tool |