Ransomware Blog News(0) -  2024  2023  2022  2021  2020  2019  2018

AI blog  APT blog  Attack blog  BigBrother blog  BotNet blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransom blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog  2024  2023

DATE

NAME

Info

CATEG.

WEB

21.12.24

THREAT ANALYSIS: Beast Ransomware

In this Threat Analysis report, Cybereason investigates the Ransomware-as-a-Service (RaaS) known as Beast and how to defend against it through the Cybereason Defense Platform.

Ransom blog

Cybereason

21.12.24

Phobos: Stealthy Ransomware That Operated Under the Radar - Until Now

On November 18th, the US Justice Department unsealed criminal charges against a Russian national for allegedly administering the sale, distribution, and operation of Phobos ransomware. Phobos is considered an evolution of Dharma Ransomware (aka CrySIS). Code similarities and ransom notes suggest that the creators are either the same or closely connected.

Ransom blog

Trelix

2.11.24

New Iranian-based Ransomware Group Charges $2000 for File RetrievalThe SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment. Ransom blogSonicWall

2.11.24

New Iranian-based Ransomware Group Charges $2000 for File RetrievalThe SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment. Ransom blogSonicWall

2.11.24

Jumpy Pisces Engages in Play RansomwareUnit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius). Ransom blogPalo Alto

2.11.24

Jumpy Pisces Engages in Play Ransomware

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius). Ransom blogPalo Alto

2.11.24

Embargo ransomware: Rock’n’RustNovice ransomware group Embargo is testing and deploying a new Rust-based toolkitRansom blog

Eset

28.9.24

2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity ChallengeSonicWall’s 2024 Healthcare Threat Brief reveals at least 14 million U.S. patients affected by malware breaches, as outdated systems leave healthcare providers vulnerable to evolving ransomware threats - underscoring the need for MSPs/MSSPs.Ransom blogSonicWall

21.9.24

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus ProtectionsTrend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.Ransom blog

Trend Micro

14.9.24

Key Group Russian Ransomware Gang Uses Extensive Multi-purpose Telegram ChannelThe SonicWall Capture Labs threat research team has been recently tracking ransomware known as Key Group. Key Group is a Russian-based malware threat group that was formed in early 2023. Ransom blog

SonicWall

14.9.24

CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony AnscombeESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own endsRansom blog

Eset

14.9.24

CosmicBeetle steps up: Probation period at RansomHubCosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliateRansom blog

Eset

31.8.24

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis.

Ransom blog

Cisco Blog

24.8.24

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware AttackUsing the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt. Ransom blogTrend Micro

24.8.24

How regulatory standards and cyber insurance inform each otherShould the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal withRansom blog

Eset

10.8.24

Ransomware Review: First Half of 2024Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed. Ransom blog

Palo Alto

27.7.24

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.

Ransom blog

Trend Micro

27.7.24

Volcano Demon Group Targets Idealease Inc. Using LukaLocker Ransomware

The SonicWall Capture Labs threats research team has recently been tracking new ransomware known as LukaLocker.

Ransom blog

SonicWall

27.7.24

From RA Group to RA World: Evolution of a Ransomware Group

The ransomware group RA Group, now known as RA World, showed a noticeable uptick in their activity since March 2024. About 37% of all posts on their dark web leak site have appeared since March, suggesting this is an emerging group to watch. This article describes the tactics, techniques and procedures (TTPs) used by RA World.

Ransom blog

Palo Alto

20.7.24

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific PumaTrend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.Ransom blogTrend Micro

20.7.24

Should ransomware payments be banned? – Week in security with Tony AnscombeBlanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective?Ransom blogEset

13.7.24

HardBit Ransomware version 4.0In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild. Ransom blogCybereason

13.7.24

Cactus Ransomware: New strain in the marketCactus is another variant in the ransomware family. It exploits VPN vulnerability(CVE-2023-38035) to enter into an internal organization network and deploys varies payloads for persistence(Scheduled Task/Job), C2 connection via RMM tools(Anydesk.exe) and encryption.Ransom blogTrelix

13.7.24

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPsBased on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers.Ransom blogCisco Blog
29.6.24Attackers in Profile: menuPass and ALPHV/BlackCatTo test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat.Ransom blogTrend Micro
15.6.24TargetCompany’s Linux Variant Targets ESXi EnvironmentsIn this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.Ransom blogTrend Micro
8.6.24INC Ransomware Behind Linux ThreatThis week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was first reported a year ago. Ransom blogSonicWall

25.5.24

Mandatory reporting for ransomware attacks? – Week in security with Tony AnscombeAs the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?Ransom blogEset
4.5.24Pay up, or else? – Week in security with Tony AnscombeOrganizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or notRansom blogEset
23.3.24The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptionsTalos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.Ransom blogCisco Blog
17.3.24Healthcare still a prime target for cybercrime gangs – Week in security with Tony AnscombeHealthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities inRansom blogEset
9.3.24GhostSec’s joint ransomware operation and evolution of their arsenalCisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.Ransom blogCisco Blog
10.2.24Ransomware Retrospective 2024: Unit 42 Leak Site AnalysisThe ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups. Ransom blogPalo Alto
10.2.24Ransomware payments hit a record high in 2023 – Week in security with Tony AnscombeCalled a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous yearRansom blogEset
4.2.24Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectorsTalos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.Ransom blogCisco Blog

14.1.24

Medusa Ransomware Turning Your Files into StoneUnit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Ransom blogPalo Alto

14.1.24

New decryptor for Babuk Tortilla ransomware variant releasedCisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.Ransom blogCisco Blog