Tag : ransomware

24 attack reports | 0 vulnerabilities

Attack Reports

Title Published Tags Description Number of indicators
Patch or Peril: A Veeam vulnerability incident July 12, 2024, 5:31 p.m. While the vulnerability CVE-2023-27532 was made public in March 2023 and subsequently patched by Veeam for versions 12/11a and la… 2
BianLian Ransomware Group: 2024 Activity Analysis July 12, 2024, 4:01 p.m. The intelligence report delves into the evolving tactics and operations of the BianLian ransomware group, which has emerged as on… 8
Ransomware: Activity Levels Remain High Despite Disruption July 11, 2024, 1:06 p.m. While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with Loc… 27
Decrypted: DoNex Ransomware and its Predecessors July 10, 2024, 9:33 a.m. Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of… 8
BlackSuit Ransomware: Insights and Defense Strategies July 8, 2024, 10:54 a.m. This report provides an in-depth analysis of the BlackSuit ransomware, a threat that has been actively targeting various sectors … 8
Mallox Ransomware: Linux Variant Decryptor Found July 4, 2024, 10:36 a.m. The report analyzes the Mallox ransomware, which has been active since mid-2021 and focuses on multi-extortion by encrypting vict… 5
New Ransomware Operator Volcano Demon Serving Up LukaLocker July 3, 2024, 11:35 a.m. A cybersecurity firm has encountered a new ransomware organization, dubbed Volcano Demon, responsible for recent attacks involvin… 3
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer June 27, 2024, 8:14 a.m. P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it… 15
Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware June 26, 2024, 5:32 p.m. In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and cri… 8
RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS June 20, 2024, 5:50 p.m. Check Point Research has identified multiple threat actors utilizing Rafel, an open-source remote administration tool (RAT). The … 6
Update: CVE-2024-4577 quickly weaponized to distribute Ransomware June 11, 2024, 10:13 a.m. The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. Th… 5
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment June 10, 2024, 11:03 a.m. This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial a… 33
Lost in the Fog: A New Ransomware Threat June 7, 2024, 10:34 a.m. Arctic Wolf Labs began monitoring the deployment of a new ransomware variant called Fog in early May 2024. The ransomware attacks… 5
TargetCompany’s Linux Variant Targets ESXi Environments June 6, 2024, 11:42 a.m. Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizat… 3
Threat Actors' Systems Can Also Be Exposed and Used by Other Threat Actors June 6, 2024, 7:22 a.m. This report discusses a case where a CoinMiner threat actor's proxy server, used to access an infected botnet, became the target … 34
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks May 29, 2024, 11:12 a.m. Microsoft has identified Moonstone Sleet, a new North Korean threat actor that employs various tactics, including creating fake c… 20
New ransomware group abusing BitLocker May 23, 2024, 2:49 p.m. The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized fil… 6
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware May 16, 2024, 9:27 a.m. The report describes a recent campaign by the threat actor Storm-1811, a financially motivated cybercriminal group known for depl… 12
Ongoing Malvertising Campaign leads to Ransomware May 15, 2024, 3:14 p.m. Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malic… 78
Security Brief: Millions of Messages Distribute LockBit Black Ransomware May 13, 2024, 6:27 p.m. In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of … 16
StopRansomware: Black Basta May 13, 2024, 9:31 a.m. This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant f… 174
Code Emulation and Cybercrime Infrastructure Discovery May 8, 2024, 11:18 a.m. This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within… 76
Analysis of TargetCompany’s Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware) May 2, 2024, 2:07 p.m. The report analyzes recent attacks by the TargetCompany ransomware group targeting poorly managed MS-SQL servers. The group initi… 5
Ransomware Roundup (April 29, 2024) April 29, 2024, 6:21 p.m. This concise report provides insights into the evolving ransomware landscape, covering the KageNoHitobito and DoNex variants. It … 7