Tag: Ransomware

Volcano Demon Ransomware Attack Detection: Adversaries Apply a New LukaLocker Malware Demanding Ransom via Phone Calls
Volcano Demon Ransomware Attack Detection: Adversaries Apply a New LukaLocker Malware Demanding Ransom via Phone Calls

New ransomware maintainers have rapidly emerged in the cyber threat arena, employing innovative locker malware and a variety of detection evasion tactics. The ransomware gang dubbed “Volcano Demon” leverages novel LukaLocker malware and demands ransom payment via phone calls to IT executives and decision-makers. Detect Volcano Demon Ransomware Attacks Ransomware remains one of the top […]

Read More
TellYouThePass Ransomware Attack Detection: Hackers Exploit CVE-2024-4577 to Install Web Shells and Drop Malware 
TellYouThePass Ransomware Attack Detection: Hackers Exploit CVE-2024-4577 to Install Web Shells and Drop Malware 

The TellYouThePass ransomware operators have been spotted behind a novel adversary campaign leveraging the PHP-CGI vulnerability tracked as CVE-2024-4577. Adversaries weaponize the flaw to upload web shells and distribute TellYouThePass ransomware on compromised instances. Detect TellYouThePass Ransomware Campaign In light of the newly uncovered PHP-CGI bug being swiftly weaponized for in-the-wild attacks, facilitating the distribution […]

Read More
Black Basta Activity Detection: FBI, CISA & Partners Warn of Increasing Ransomware Attacks Targeting Critical Infrastructure Sectors, Including Healthcare
Black Basta Activity Detection: FBI, CISA & Partners Warn of Increasing Ransomware Attacks Targeting Critical Infrastructure Sectors, Including Healthcare

As of May 2024, the nefarious Black Basta ransomware operators have breached over 500 global organizations. In response to the escalating threats, the U.S.’s leading and global cybersecurity agencies have issued a joint cybersecurity advisory warning defenders of the group’s increasing activity, which has already affected dozens of critical infrastructure organizations, including the healthcare sector. […]

Read More
Akira Ransomware Detection: Joint Cybersecurity Advisory (CSA) AA24-109A Highlights Attacks Targeting Businesses and Critical Infrastructure in North America, Europe, and Australia
Akira Ransomware Detection: Joint Cybersecurity Advisory (CSA) AA24-109A Highlights Attacks Targeting Businesses and Critical Infrastructure in North America, Europe, and Australia

FBI and CISA, in conjunction with the U.S. and leading international cybersecurity agencies, have recently issued a joint advisory AA24-109A warning defenders of a surge in cyber attacks leveraging Akira ransomware. According to investigations, related malicious campaigns have affected 250+ organizations and claimed around $42 million in ransom payments.  Detect Akira Ransomware Attacks Escalating ransomware […]

Read More
Detect ALPHA SPIDER Ransomware Attacks: TTPs Leveraged by ALPHV aka BlackCat RaaS Operators
Detect ALPHA SPIDER Ransomware Attacks: TTPs Leveraged by ALPHV aka BlackCat RaaS Operators

Ransomware remains a top threat to organizations globally, with a constant surge in the volume and sophistication of attacks. Among key players in the ransomware arena, the ALPHA SPIDER group stands out by taking credit for a series of recent high-profile attacks targeting the U.S. healthcare payment software processor Change and MGM gaming industry giant. […]

Read More
Phobos Ransomware Activity Detection: Adversaries Target the Public Sector, Healthcare, and Other Critical U.S. Infrastructure
Phobos Ransomware Activity Detection: Adversaries Target the Public Sector, Healthcare, and Other Critical U.S. Infrastructure

The exponential rise and escalation in intrusion complexity of ransomware attacks fuel the need for proactive ransomware detection. FBI and CISA issue a joint cybersecurity heads-up notifying the global defender community of a dramatic increase in Phobos ransomware attacks targeting the U.S. state bodies and other critical infrastructure, resulting in successful ransom demands amounting to […]

Read More
Knight Ransomware Detection: 3.0 Ransomware Source Code Available for Sale
Knight Ransomware Detection: 3.0 Ransomware Source Code Available for Sale

The source code for Knight ransomware, a rebrand of Cyclops RaaS operation, is available for sale on a hacking forum. Researchers revealed a recent advertisement posted on the RAMP forum by an individual threat actor under the moniker Cyclops who belongs to the Knight ransomware gang. The source code for Knight ransomware version 3.0 is […]

Read More
Play Ransomware Detection: Ongoing Ransomware Attacks Against Businesses and Critical Infrastructure in the U.S., South America, and Europe
Play Ransomware Detection: Ongoing Ransomware Attacks Against Businesses and Critical Infrastructure in the U.S., South America, and Europe

At the end of November 2023, leading U.S. cybersecurity agencies, in collaboration with international partners, issued an alert covering LockBit 3.0 ransomware attacks as part of their #StopRansomware effort aimed at boosting cybersecurity awareness. Recently, another joint Cybersecurity Advisory came out aimed at notifying defenders of the ongoing attacks by the Play ransomware group. In […]

Read More
Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains
Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains

Heads up! Recent Cactus ransomware attacks are getting into the spotlight. Hackers exploit critical Qlik Sense vulnerabilities to further deliver Cactus ransomware. In other ransomware campaigns, they leverage malvertising lures to spread DanaBot malware for initial access to compromised systems.  Detecting Cactus Ransomware Infections Ransomware operators are constantly seeking new ways to proceed with payload […]

Read More
CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software
CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software

This November, a set of new zero-days in the popular software products are emerging in the cyber domain, like CVE-2023-22518 affecting all versions of Confluence Data Center and Server. Shortly after its disclosure, another zero-day flaw in SysAid IT software tracked under CVE-2023-47246 comes to the scene. Microsoft revealed traces of vulnerability exploitation, with the […]

Read More