Tag: Ransomware

Black Basta Activity Detection: FBI, CISA & Partners Warn of Increasing Ransomware Attacks Targeting Critical Infrastructure Sectors, Including Healthcare
Black Basta Activity Detection: FBI, CISA & Partners Warn of Increasing Ransomware Attacks Targeting Critical Infrastructure Sectors, Including Healthcare

As of May 2024, the nefarious Black Basta ransomware operators have breached over 500 global organizations. In response to the escalating threats, the U.S.’s leading and global cybersecurity agencies have issued a joint cybersecurity advisory warning defenders of the group’s increasing activity, which has already affected dozens of critical infrastructure organizations, including the healthcare sector. […]

Read More
Akira Ransomware Detection: Joint Cybersecurity Advisory (CSA) AA24-109A Highlights Attacks Targeting Businesses and Critical Infrastructure in North America, Europe, and Australia
Akira Ransomware Detection: Joint Cybersecurity Advisory (CSA) AA24-109A Highlights Attacks Targeting Businesses and Critical Infrastructure in North America, Europe, and Australia

FBI and CISA, in conjunction with the U.S. and leading international cybersecurity agencies, have recently issued a joint advisory AA24-109A warning defenders of a surge in cyber attacks leveraging Akira ransomware. According to investigations, related malicious campaigns have affected 250+ organizations and claimed around $42 million in ransom payments.  Detect Akira Ransomware Attacks Escalating ransomware […]

Read More
Detect ALPHA SPIDER Ransomware Attacks: TTPs Leveraged by ALPHV aka BlackCat RaaS Operators
Detect ALPHA SPIDER Ransomware Attacks: TTPs Leveraged by ALPHV aka BlackCat RaaS Operators

Ransomware remains a top threat to organizations globally, with a constant surge in the volume and sophistication of attacks. Among key players in the ransomware arena, the ALPHA SPIDER group stands out by taking credit for a series of recent high-profile attacks targeting the U.S. healthcare payment software processor Change and MGM gaming industry giant. […]

Read More
Phobos Ransomware Activity Detection: Adversaries Target the Public Sector, Healthcare, and Other Critical U.S. Infrastructure
Phobos Ransomware Activity Detection: Adversaries Target the Public Sector, Healthcare, and Other Critical U.S. Infrastructure

The exponential rise and escalation in intrusion complexity of ransomware attacks fuel the need for proactive ransomware detection. FBI and CISA issue a joint cybersecurity heads-up notifying the global defender community of a dramatic increase in Phobos ransomware attacks targeting the U.S. state bodies and other critical infrastructure, resulting in successful ransom demands amounting to […]

Read More
Knight Ransomware Detection: 3.0 Ransomware Source Code Available for Sale
Knight Ransomware Detection: 3.0 Ransomware Source Code Available for Sale

The source code for Knight ransomware, a rebrand of Cyclops RaaS operation, is available for sale on a hacking forum. Researchers revealed a recent advertisement posted on the RAMP forum by an individual threat actor under the moniker Cyclops who belongs to the Knight ransomware gang. The source code for Knight ransomware version 3.0 is […]

Read More
Play Ransomware Detection: Ongoing Ransomware Attacks Against Businesses and Critical Infrastructure in the U.S., South America, and Europe
Play Ransomware Detection: Ongoing Ransomware Attacks Against Businesses and Critical Infrastructure in the U.S., South America, and Europe

At the end of November 2023, leading U.S. cybersecurity agencies, in collaboration with international partners, issued an alert covering LockBit 3.0 ransomware attacks as part of their #StopRansomware effort aimed at boosting cybersecurity awareness. Recently, another joint Cybersecurity Advisory came out aimed at notifying defenders of the ongoing attacks by the Play ransomware group. In […]

Read More
Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains
Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains

Heads up! Recent Cactus ransomware attacks are getting into the spotlight. Hackers exploit critical Qlik Sense vulnerabilities to further deliver Cactus ransomware. In other ransomware campaigns, they leverage malvertising lures to spread DanaBot malware for initial access to compromised systems.  Detecting Cactus Ransomware Infections Ransomware operators are constantly seeking new ways to proceed with payload […]

Read More
CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software
CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software

This November, a set of new zero-days in the popular software products are emerging in the cyber domain, like CVE-2023-22518 affecting all versions of Confluence Data Center and Server. Shortly after its disclosure, another zero-day flaw in SysAid IT software tracked under CVE-2023-47246 comes to the scene. Microsoft revealed traces of vulnerability exploitation, with the […]

Read More
CVE-2023-22518 Detection: Exploitation of a New Critical Vulnerability in Atlassian Confluence Leads to Cerber Ransomware Deployment 
CVE-2023-22518 Detection: Exploitation of a New Critical Vulnerability in Atlassian Confluence Leads to Cerber Ransomware Deployment 

Just over a month after the disclosure of a critical Confluence zero-day tracked as CVE-2023-22515, a novel vulnerability emerges in the cyber threat arena impacting Atlassian products. Adversaries are setting eyes on a recently fixed and maximum severity vulnerability known as CVE-2023-22518 in all versions of Confluence Data Center and Confluence Server, which enables them […]

Read More
CVE-2023-46604 Detection: HelloKitty Ransomware Maintainers Exploits RCE Vulnerability in Apache ActiveMQ
CVE-2023-46604 Detection: HelloKitty Ransomware Maintainers Exploits RCE Vulnerability in Apache ActiveMQ

At the turn of November, hot over the heels of disclosing CVE-2023-43208, the Mirth Connect vulnerability, another security bug comes to the scene. Defenders notify the global community of a newly uncovered the highest severity RCE bug that affects Apache ActiveMQ products. Detect CVE-2023-46604 With emerging vulnerabilities being a juicy target for adversaries seeking to […]

Read More