Tag: Ransomware

BianLian Ransomware Detection: AA23-136A Joint Cybersecurity Advisory Details on TTPs Leveraged by BianLian Operators in the Ongoing Malicious Campaigns
BianLian Ransomware Detection: AA23-136A Joint Cybersecurity Advisory Details on TTPs Leveraged by BianLian Operators in the Ongoing Malicious Campaigns

Following a wave of cyber attacks by the Iran-linked hacking collective tracked as Pioneer Kitten, the FBI, CISA, and authoring partners issue a new alert notifying defenders of a growing threat posed by BianLian Ransomware Group, which primarily targets critical infrastructure organizations in the U.S. and Australia. Detect BianLian Ransomware According to the State of […]

Read More
Interlock Ransomware Detection: High-Profile and Double-Extortion Attacks Using a New Ransomware Variant
Interlock Ransomware Detection: High-Profile and Double-Extortion Attacks Using a New Ransomware Variant

Adversaries employ new Interlock ransomware in recently observed big-game hunting and double-extortion attacks against U.S. and European organizations in multiple industry sectors. Defenders assume with low confidence that Interlock ransomware might be a newly diversified group linked to the Rhysida ransomware affiliates or developers, based on comparable TTPs and encryptor binaries. Detect Interlock Ransomware Ransomware […]

Read More
RansomHub Ransomware Detection: Attackers Exploits Kaspersky’s TDSSKiller to Disable EDR Systems
RansomHub Ransomware Detection: Attackers Exploits Kaspersky’s TDSSKiller to Disable EDR Systems

Right after the joint advisory by FBI, CISA, and partners warning of a significant shift in the RansomHub RaaS group activity, security researchers have spotted the novel trick by adversaries misusing Kaspersky’s legitimate TDSSKiller software to disable Endpoint Detection and Response (EDR) systems. Once they’ve bypassed defenses, attackers turn to the LaZagne tool, siphoning login […]

Read More
Repellent Scorpius: Novel RaaS Group Actively Distributes Cicada3301 Ransomware Variant
Repellent Scorpius: Novel RaaS Group Actively Distributes Cicada3301 Ransomware Variant

Ransomware continues to be a leading global threat to organizations, with attacks becoming more frequent and increasingly sophisticated. Recently, a new Ransomware-as-a-Service (RaaS) group, Repellent Scorpius, has emerged, intensifying the challenge for cyber defenders. This novel actor drives the distribution of the Cicada3301 ransomware, employing a double-extortion tactic to maximize profits while expanding their affiliate […]

Read More
RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations
RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations

Hot on the heels of the joint cybersecurity advisory warning defenders of the Iran-backed Pioneer Kitten’s collaboration with multiple ransomware groups, another spike in ransomware activity is causing a stir in the cyber threat landscape. The FBI, CISA, and partners recently issued a joint alert covering the increased offensive activity of the RansomHub RaaS operators, […]

Read More
Pioneer Kitten Attack Detection: CISA, DC3, and FBI Warn of Iranian State-Sponsored Actors Collaborating With Ransomware Gangs to Target U.S. and Middle East
Pioneer Kitten Attack Detection: CISA, DC3, and FBI Warn of Iranian State-Sponsored Actors Collaborating With Ransomware Gangs to Target U.S. and Middle East

On August 28, 2024, a joint advisory was released by the FBI, the Department of Defense, and CISA, alerting cybersecurity professionals about a surge in operations by Iran-linked adversaries. These actors are increasingly collaborating with ransomware gangs to target education, finance, healthcare, state bodies, and defense industry sectors. Known as Pioneer Kitten, state-sponsored hacking collective […]

Read More
BlackSuit (Royal) Ransomware Detection: The FBI and CISA Warn Defenders of Ransomware Rebranding with Enhanced Capabilities
BlackSuit (Royal) Ransomware Detection: The FBI and CISA Warn Defenders of Ransomware Rebranding with Enhanced Capabilities

The ever-growing volumes of ransomware attacks, the increased number of financially motivated hacking collectives, and soaring global ransomware damage costs are shaking up the modern cyber threat arena. The FBI and CISA have recently issued a novel alert notifying defenders of the emergence of the BlackSuit ransomware, the evolution of Royal ransomware enriched with enhanced […]

Read More
Zola Ransomware Detection: Proton Family Evolves with a New Ransomware Variant Featuring a Kill Switch
Zola Ransomware Detection: Proton Family Evolves with a New Ransomware Variant Featuring a Kill Switch

Following in-the-wild attacks exploiting CVE-2024-37085 by diverse ransomware gangs, defenders encounter a new variant of the nefarious Proton ransomware family dubbed Zola. Zola strain displays sophisticated capabilities as a result of the ransomware family’s multiple iterations and upgrades, incorporating privilege escalation, disk overwriting functionality, and a kill switch that terminates processes if a Persian keyboard […]

Read More
CVE-2024-37085 Detection: Ransomware Groups Actively Exploit a Newly Patched Vulnerability in VMware ESXi Hypervisors to Gain Full Administrative Privileges
CVE-2024-37085 Detection: Ransomware Groups Actively Exploit a Newly Patched Vulnerability in VMware ESXi Hypervisors to Gain Full Administrative Privileges

A couple of weeks after the disclosure of CVE-2024-38112, a critical vulnerability exploited by the Void Banshee group to deploy the Atlantida stealer, another security flaw came into the spotlight. Multiple ransomware groups have weaponized a recently patched vulnerability in VMware ESXi hypervisors tracked as CVE-2024-37085 to gain elevated privileges and distribute file-encrypting malicious samples. […]

Read More
Akira Ransomware Group Is on the Rise: Hackers Target the Airline Industry in LATAM
Akira Ransomware Group Is on the Rise: Hackers Target the Airline Industry in LATAM

Cybersecurity researchers have recently observed a new cyber attack on a Latin American airline leveraging Akira ransomware. The attackers took advantage of SSH protocol for initial access and maintained reconnaissance and persistence by utilizing legitimate tools and Living off-the-Land Binaries and Scripts (LOLBAS). Notably, before deploying ransomware, hackers managed to successfully exfiltrate critical data.  Detecting […]

Read More