Tag: Ransomware

RansomHub Ransomware Detection: Attackers Exploits Kaspersky’s TDSSKiller to Disable EDR Systems
RansomHub Ransomware Detection: Attackers Exploits Kaspersky’s TDSSKiller to Disable EDR Systems

Right after the joint advisory by FBI, CISA, and partners warning of a significant shift in the RansomHub RaaS group activity, security researchers have spotted the novel trick by adversaries misusing Kaspersky’s legitimate TDSSKiller software to disable Endpoint Detection and Response (EDR) systems. Once they’ve bypassed defenses, attackers turn to the LaZagne tool, siphoning login […]

Read More
Repellent Scorpius: Novel RaaS Group Actively Distributes Cicada3301 Ransomware Variant
Repellent Scorpius: Novel RaaS Group Actively Distributes Cicada3301 Ransomware Variant

Ransomware continues to be a leading global threat to organizations, with attacks becoming more frequent and increasingly sophisticated. Recently, a new Ransomware-as-a-Service (RaaS) group, Repellent Scorpius, has emerged, intensifying the challenge for cyber defenders. This novel actor drives the distribution of the Cicada3301 ransomware, employing a double-extortion tactic to maximize profits while expanding their affiliate […]

Read More
RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations
RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations

Hot on the heels of the joint cybersecurity advisory warning defenders of the Iran-backed Pioneer Kitten’s collaboration with multiple ransomware groups, another spike in ransomware activity is causing a stir in the cyber threat landscape. The FBI, CISA, and partners recently issued a joint alert covering the increased offensive activity of the RansomHub RaaS operators, […]

Read More
Pioneer Kitten Attack Detection: CISA, DC3, and FBI Warn of Iranian State-Sponsored Actors Collaborating With Ransomware Gangs to Target U.S. and Middle East
Pioneer Kitten Attack Detection: CISA, DC3, and FBI Warn of Iranian State-Sponsored Actors Collaborating With Ransomware Gangs to Target U.S. and Middle East

On August 28, 2024, a joint advisory was released by the FBI, the Department of Defense, and CISA, alerting cybersecurity professionals about a surge in operations by Iran-linked adversaries. These actors are increasingly collaborating with ransomware gangs to target education, finance, healthcare, state bodies, and defense industry sectors. Known as Pioneer Kitten, state-sponsored hacking collective […]

Read More
BlackSuit (Royal) Ransomware Detection: The FBI and CISA Warn Defenders of Ransomware Rebranding with Enhanced Capabilities
BlackSuit (Royal) Ransomware Detection: The FBI and CISA Warn Defenders of Ransomware Rebranding with Enhanced Capabilities

The ever-growing volumes of ransomware attacks, the increased number of financially motivated hacking collectives, and soaring global ransomware damage costs are shaking up the modern cyber threat arena. The FBI and CISA have recently issued a novel alert notifying defenders of the emergence of the BlackSuit ransomware, the evolution of Royal ransomware enriched with enhanced […]

Read More
Zola Ransomware Detection: Proton Family Evolves with a New Ransomware Variant Featuring a Kill Switch
Zola Ransomware Detection: Proton Family Evolves with a New Ransomware Variant Featuring a Kill Switch

Following in-the-wild attacks exploiting CVE-2024-37085 by diverse ransomware gangs, defenders encounter a new variant of the nefarious Proton ransomware family dubbed Zola. Zola strain displays sophisticated capabilities as a result of the ransomware family’s multiple iterations and upgrades, incorporating privilege escalation, disk overwriting functionality, and a kill switch that terminates processes if a Persian keyboard […]

Read More
CVE-2024-37085 Detection: Ransomware Groups Actively Exploit a Newly Patched Vulnerability in VMware ESXi Hypervisors to Gain Full Administrative Privileges
CVE-2024-37085 Detection: Ransomware Groups Actively Exploit a Newly Patched Vulnerability in VMware ESXi Hypervisors to Gain Full Administrative Privileges

A couple of weeks after the disclosure of CVE-2024-38112, a critical vulnerability exploited by the Void Banshee group to deploy the Atlantida stealer, another security flaw came into the spotlight. Multiple ransomware groups have weaponized a recently patched vulnerability in VMware ESXi hypervisors tracked as CVE-2024-37085 to gain elevated privileges and distribute file-encrypting malicious samples. […]

Read More
Akira Ransomware Group Is on the Rise: Hackers Target the Airline Industry in LATAM
Akira Ransomware Group Is on the Rise: Hackers Target the Airline Industry in LATAM

Cybersecurity researchers have recently observed a new cyber attack on a Latin American airline leveraging Akira ransomware. The attackers took advantage of SSH protocol for initial access and maintained reconnaissance and persistence by utilizing legitimate tools and Living off-the-Land Binaries and Scripts (LOLBAS). Notably, before deploying ransomware, hackers managed to successfully exfiltrate critical data.  Detecting […]

Read More
Volcano Demon Ransomware Attack Detection: Adversaries Apply a New LukaLocker Malware Demanding Ransom via Phone Calls
Volcano Demon Ransomware Attack Detection: Adversaries Apply a New LukaLocker Malware Demanding Ransom via Phone Calls

New ransomware maintainers have rapidly emerged in the cyber threat arena, employing innovative locker malware and a variety of detection evasion tactics. The ransomware gang dubbed “Volcano Demon” leverages novel LukaLocker malware and demands ransom payment via phone calls to IT executives and decision-makers. Detect Volcano Demon Ransomware Attacks Ransomware remains one of the top […]

Read More
TellYouThePass Ransomware Attack Detection: Hackers Exploit CVE-2024-4577 to Install Web Shells and Drop Malware 
TellYouThePass Ransomware Attack Detection: Hackers Exploit CVE-2024-4577 to Install Web Shells and Drop Malware 

The TellYouThePass ransomware operators have been spotted behind a novel adversary campaign leveraging the PHP-CGI vulnerability tracked as CVE-2024-4577. Adversaries weaponize the flaw to upload web shells and distribute TellYouThePass ransomware on compromised instances. Detect TellYouThePass Ransomware Campaign In light of the newly uncovered PHP-CGI bug being swiftly weaponized for in-the-wild attacks, facilitating the distribution […]

Read More