Today > | 13 High | 31 Medium | 2 Low vulnerabilities - You can now download lists of IOCs here!
6 attack reports | 0 vulnerabilities
ESET researchers have uncovered new Rust-based tools used by the Embargo ransomware group. The toolkit includes MDeployer, a loader that deploys MS4Killer and Embargo ransomware, and MS4Killer, an EDR killer that exploits a vulnerable driver. Embargo, first observed in June 2024, is a relatively ne…
The Beast Ransomware group, active since 2022, offers a Ransomware-as-a-Service (RaaS) platform with constant updates. It supports Windows, Linux, and ESXi systems, providing affiliates with customizable binary options. Beast employs advanced encryption methods, including Elliptic-curve and ChaCha2…
Lynx ransomware, discovered in July 2024, is a successor to INC ransomware targeting organizations in retail, real estate, architecture, and financial services in the U.S. and UK. It shares significant source code with INC and operates as a ransomware-as-a-service model. Lynx employs double extorti…
The Dark Angels ransomware group, active since April 2022, operates with sophisticated strategies targeting large companies for substantial ransom demands. They focus on stealthy attacks, avoiding outsourcing to third-party brokers. The group uses various ransomware payloads, including Babuk and Re…
Akira is a prolific ransomware operating since March 2023, targeting multiple industries in North America, the UK, and Australia. It functions as Ransomware as a Service (RaaS) and employs double extortion tactics. Akira has connections to the disbanded Conti group, sharing code similarities and op…
Mallox is a sophisticated ransomware family that emerged in 2021 and has since evolved into a Ransomware-as-a-Service (RaaS) operation. Initially targeting specific companies, it transitioned to a more generic approach, likely as part of its RaaS model. The malware employs complex encryption scheme…