Helldown Ransomware: an overview of this emerging threat
Nov. 21, 2024, 9:53 a.m.
Tags
External References
Description
Helldown is a new and highly active ransomware group that has claimed 31 victims in three months. It employs custom ransomware for Windows and Linux systems, engages in double extortion, and exploits vulnerabilities in Zyxel firewalls for initial access. The group exfiltrates large volumes of data, averaging 70GB per victim. Its Windows ransomware shares similarities with Darkrace and Donex variants. The Linux variant targets VMware ESX servers. While connections to other groups like Hellcat are unconfirmed, Helldown's success seems to rely on exploiting undocumented vulnerabilities rather than sophisticated malware. The group's rapid evolution and targeting of virtualized infrastructures make it a significant emerging threat.
Date
Published: Nov. 20, 2024, 3:36 p.m.
Created: Nov. 20, 2024, 3:36 p.m.
Modified: Nov. 21, 2024, 9:53 a.m.
Attack Patterns
Helldown
Helldown
T1021.001
T1490
T1497
T1070.004
T1562.001
T1005
T1489
T1486
T1016
T1082
T1083
T1570
T1140
T1027
T1560
T1190
T1133
T1078
Additional Informations
Technology
France
United States of America