Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Helldown Ransomware: an overview of this emerging threat

Nov. 21, 2024, 9:53 a.m.

Description

Helldown is a new and highly active ransomware group that has claimed 31 victims in three months. It employs custom ransomware for Windows and Linux systems, engages in double extortion, and exploits vulnerabilities in Zyxel firewalls for initial access. The group exfiltrates large volumes of data, averaging 70GB per victim. Its Windows ransomware shares similarities with Darkrace and Donex variants. The Linux variant targets VMware ESX servers. While connections to other groups like Hellcat are unconfirmed, Helldown's success seems to rely on exploiting undocumented vulnerabilities rather than sophisticated malware. The group's rapid evolution and targeting of virtualized infrastructures make it a significant emerging threat.

Date

Published: Nov. 20, 2024, 3:36 p.m.

Created: Nov. 20, 2024, 3:36 p.m.

Modified: Nov. 21, 2024, 9:53 a.m.

Attack Patterns

Helldown

Helldown

T1021.001

T1490

T1497

T1070.004

T1562.001

T1005

T1489

T1486

T1016

T1082

T1083

T1570

T1140

T1027

T1560

T1190

T1133

T1078

Additional Informations

Technology

France

United States of America