Right after the joint advisory by FBI, CISA, and partners warning of a significant shift in the RansomHub RaaS group activity, security researchers have spotted the novel trick by adversaries misusing Kaspersky’s legitimate TDSSKiller software to disable Endpoint Detection and Response (EDR) systems. Once they’ve bypassed defenses, attackers turn to the LaZagne tool, siphoning login […]
Ransomware continues to be a leading global threat to organizations, with attacks becoming more frequent and increasingly sophisticated. Recently, a new Ransomware-as-a-Service (RaaS) group, Repellent Scorpius, has emerged, intensifying the challenge for cyber defenders. This novel actor drives the distribution of the Cicada3301 ransomware, employing a double-extortion tactic to maximize profits while expanding their affiliate […]
Hot on the heels of the joint cybersecurity advisory warning defenders of the Iran-backed Pioneer Kitten’s collaboration with multiple ransomware groups, another spike in ransomware activity is causing a stir in the cyber threat landscape. The FBI, CISA, and partners recently issued a joint alert covering the increased offensive activity of the RansomHub RaaS operators, […]
On August 28, 2024, a joint advisory was released by the FBI, the Department of Defense, and CISA, alerting cybersecurity professionals about a surge in operations by Iran-linked adversaries. These actors are increasingly collaborating with ransomware gangs to target education, finance, healthcare, state bodies, and defense industry sectors. Known as Pioneer Kitten, state-sponsored hacking collective […]
The ever-growing volumes of ransomware attacks, the increased number of financially motivated hacking collectives, and soaring global ransomware damage costs are shaking up the modern cyber threat arena. The FBI and CISA have recently issued a novel alert notifying defenders of the emergence of the BlackSuit ransomware, the evolution of Royal ransomware enriched with enhanced […]
Following in-the-wild attacks exploiting CVE-2024-37085 by diverse ransomware gangs, defenders encounter a new variant of the nefarious Proton ransomware family dubbed Zola. Zola strain displays sophisticated capabilities as a result of the ransomware family’s multiple iterations and upgrades, incorporating privilege escalation, disk overwriting functionality, and a kill switch that terminates processes if a Persian keyboard […]
A couple of weeks after the disclosure of CVE-2024-38112, a critical vulnerability exploited by the Void Banshee group to deploy the Atlantida stealer, another security flaw came into the spotlight. Multiple ransomware groups have weaponized a recently patched vulnerability in VMware ESXi hypervisors tracked as CVE-2024-37085 to gain elevated privileges and distribute file-encrypting malicious samples. […]
Cybersecurity researchers have recently observed a new cyber attack on a Latin American airline leveraging Akira ransomware. The attackers took advantage of SSH protocol for initial access and maintained reconnaissance and persistence by utilizing legitimate tools and Living off-the-Land Binaries and Scripts (LOLBAS). Notably, before deploying ransomware, hackers managed to successfully exfiltrate critical data. Detecting […]
New ransomware maintainers have rapidly emerged in the cyber threat arena, employing innovative locker malware and a variety of detection evasion tactics. The ransomware gang dubbed “Volcano Demon” leverages novel LukaLocker malware and demands ransom payment via phone calls to IT executives and decision-makers. Detect Volcano Demon Ransomware Attacks Ransomware remains one of the top […]
The TellYouThePass ransomware operators have been spotted behind a novel adversary campaign leveraging the PHP-CGI vulnerability tracked as CVE-2024-4577. Adversaries weaponize the flaw to upload web shells and distribute TellYouThePass ransomware on compromised instances. Detect TellYouThePass Ransomware Campaign In light of the newly uncovered PHP-CGI bug being swiftly weaponized for in-the-wild attacks, facilitating the distribution […]