New ransomware maintainers have rapidly emerged in the cyber threat arena, employing innovative locker malware and a variety of detection evasion tactics. The ransomware gang dubbed “Volcano Demon” leverages novel LukaLocker malware and demands ransom payment via phone calls to IT executives and decision-makers. Detect Volcano Demon Ransomware Attacks Ransomware remains one of the top […]
The TellYouThePass ransomware operators have been spotted behind a novel adversary campaign leveraging the PHP-CGI vulnerability tracked as CVE-2024-4577. Adversaries weaponize the flaw to upload web shells and distribute TellYouThePass ransomware on compromised instances. Detect TellYouThePass Ransomware Campaign In light of the newly uncovered PHP-CGI bug being swiftly weaponized for in-the-wild attacks, facilitating the distribution […]
As of May 2024, the nefarious Black Basta ransomware operators have breached over 500 global organizations. In response to the escalating threats, the U.S.’s leading and global cybersecurity agencies have issued a joint cybersecurity advisory warning defenders of the group’s increasing activity, which has already affected dozens of critical infrastructure organizations, including the healthcare sector. […]
FBI and CISA, in conjunction with the U.S. and leading international cybersecurity agencies, have recently issued a joint advisory AA24-109A warning defenders of a surge in cyber attacks leveraging Akira ransomware. According to investigations, related malicious campaigns have affected 250+ organizations and claimed around $42 million in ransom payments. Detect Akira Ransomware Attacks Escalating ransomware […]
Ransomware remains a top threat to organizations globally, with a constant surge in the volume and sophistication of attacks. Among key players in the ransomware arena, the ALPHA SPIDER group stands out by taking credit for a series of recent high-profile attacks targeting the U.S. healthcare payment software processor Change and MGM gaming industry giant. […]
The exponential rise and escalation in intrusion complexity of ransomware attacks fuel the need for proactive ransomware detection. FBI and CISA issue a joint cybersecurity heads-up notifying the global defender community of a dramatic increase in Phobos ransomware attacks targeting the U.S. state bodies and other critical infrastructure, resulting in successful ransom demands amounting to […]
The source code for Knight ransomware, a rebrand of Cyclops RaaS operation, is available for sale on a hacking forum. Researchers revealed a recent advertisement posted on the RAMP forum by an individual threat actor under the moniker Cyclops who belongs to the Knight ransomware gang. The source code for Knight ransomware version 3.0 is […]
At the end of November 2023, leading U.S. cybersecurity agencies, in collaboration with international partners, issued an alert covering LockBit 3.0 ransomware attacks as part of their #StopRansomware effort aimed at boosting cybersecurity awareness. Recently, another joint Cybersecurity Advisory came out aimed at notifying defenders of the ongoing attacks by the Play ransomware group. In […]
Heads up! Recent Cactus ransomware attacks are getting into the spotlight. Hackers exploit critical Qlik Sense vulnerabilities to further deliver Cactus ransomware. In other ransomware campaigns, they leverage malvertising lures to spread DanaBot malware for initial access to compromised systems. Detecting Cactus Ransomware Infections Ransomware operators are constantly seeking new ways to proceed with payload […]
This November, a set of new zero-days in the popular software products are emerging in the cyber domain, like CVE-2023-22518 affecting all versions of Confluence Data Center and Server. Shortly after its disclosure, another zero-day flaw in SysAid IT software tracked under CVE-2023-47246 comes to the scene. Microsoft revealed traces of vulnerability exploitation, with the […]