Tag: Ransomware

Iranian COBALT MIRAGE Threat Group Launches Ransomware Attacks Against U.S. Organizations

Iranian state-backed adversaries are accelerating their pace by leveraging different attack vectors and targeting multiple industries across the world. Hot on the heels of the spear-phishing campaign launched by the infamous APT34 group spreading a new Saitama backdoor, another Iran-linked hacking collective hits the headlines performing ransomware attacks against U.S. companies. The Iranian nation-backed COBALT […]

Read More
BlackByte ransomware detection
BlackByte Ransomware Detection: New Wake-Up Call

The Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) released a joint cybersecurity advisory in regards to the activities of the BlackByte Ransomware-as-a-Service (RaaS) gang. BlackByte ransomware has been used against the businesses located in the USA as the primary targets. The greatest costs fall heavily on the critical infrastructure sectors such […]

Read More
LockBit 2.0 detection
LockBit 2.0 Ransomware Detection: Infamous Threat Resurfaces with New Attack Techniques and Encryption Methods

LockBit operators are accelerating rapidly. The gang has been on cybersecurity professionals’ radar since 2019, revamping with the launch of a LockBit ransomware version 2.0 in June 2021. On February 07, 2022, The Federal Bureau of Investigations (FBI) released IOCs, warning about LockBit 2.0 ransomware attacks. The current data suggest that the novel campaign is […]

Read More
Atom Silo Ransomware
Detecting Atom Silo Ransomware Infections

Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]

Read More
REvil Ransomware Deployed in Kaseya Supply Chain Attack

Hundreds of companies have been recently exposed to a massive supply chain attack on the software company Kaseya. A zero-day bug in Kaseya’s VSA software was nefariously leveraged by the REvil gang to infect 30 managed service providers (MSPs) and multiple their customers with ransomware.  Although the vendor has been aware of the vulnerability since […]

Read More
BazarLoader Malware Detection

Experts warn about an unusual approach to infect targets with BazarLoader — a notorious strain frequently used to deliver ransomware. The hacker collective, dubbed BazarCall, abuses call center functionality to trick victims into downloading the malicious payload. The campaign has been active since at least February 2021, continuously adding new tricks to increase its notoriety. […]

Read More
Defending Against Ransomware Attacks in 2021

The cybersecurity community is facing a crisis caused by the escalating threat of high-profile ransomware attacks. Advancing the trend of 2020, ransomware continues to be the number one problem in 2021, with the increasing sophistication of intrusions and a constantly growing number of malicious affiliates.  Big enterprises remain to be the primary target. Yet, the […]

Read More
REvil Ransomware Evolution: New Tactics, Impressive Gains, and High-Profile Targets

The REvil gang stands behind the avalanche of attacks targeting major companies across the US, Europe, Africa, and South America. In March 2021, ransomware operators claimed almost a dozen of intrusions that resulted in sensitive data compromise. The list of victims includes law firms, construction companies, international banks, and manufacturing vendors. As per news reports, […]

Read More
Zeoticus 2.0: Nasty Ransomware Strain Receives Major Upgrade

Starting from December 2020, a new version of Zeoticus ransomware has been actively targeting users in the wild. Zeoticus 2.0 comes with better performance and enhanced offline capabilities, posing a bigger threat to businesses worldwide.  What is Zeoticus Ransomware? Zeoticus is a relatively new malware sample that appeared in the cyber threat arena in December […]

Read More
Quasar RAT: Detecting Malicious Successors

Quasar remote administration tool (RAT) is a multi-functional and light-weight malware actively used by APT actors since 2014. Quasar’s code is publicly available as an open-source project, which makes the Trojan extremely popular among adversaries due to its broad customization options. As a result, a variety of samples exist inside the Quasar malware family. Many […]

Read More