Tag: Ransomware

Cuba Ransomware Detection: Tropical Scorpius Threat Actors Deploy Novel RAT Malware in Targeted Attacks
Cuba Ransomware Detection: Tropical Scorpius Threat Actors Deploy Novel RAT Malware in Targeted Attacks

High-profile ransomware attacks illustrate a growing trend in the cyber threat arena in 2021-2022, with the majority of ransomware affiliates engaged in various ransomware-as-a-service (RaaS) programs. In May 2022, cybersecurity researchers noticed novel adversary campaigns deploying Cuba ransomware attributed to the malicious activity of a hacking group tracked as Tropical Scorpius. In these latest attacks, […]

Read More
Cisco Hacked by Yanluowang: Detect Relevant Malicious Activity With Sigma Rules Kit
Cisco Hacked by Yanluowang: Detect Relevant Malicious Activity With Sigma Rules Kit

On August 10, 2022, Cisco officially confirmed its corporate network hack by the Yanluowang ransomware group earlier this year. The tech giant claims that the breach was reported internally on May 24 and was further investigated by Cisco Security Incident Response (CSIRT) team. This Cisco’s security incident made the headlines after the Yanluowang threat actors […]

Read More
SolidBit Ransomware Detection: Novel Variant Targets Users of Popular Video Games and Social Media Platforms
SolidBit Ransomware Detection: Novel Variant Targets Users of Popular Video Games and Social Media Platforms

Ransomware attacks have become a constantly growing trend in the cyber threat arena since 2020, which continues to be on the rise in 2021-2022. Cybersecurity researchers have recently uncovered a new SolidBit ransomware variant, which targets gamers and social media users. The novel malware strain is spotted in the wild, being uploaded to GitHub and […]

Read More
Gwisin Detection: Threat Actors Spread Gwisin Ransomware Targeting Korean Companies
Gwisin Detection: Threat Actors Spread Gwisin Ransomware Targeting Korean Companies

Gwisin ransomware targeting Korean companies in multiple industries is currently on the increase in the cyber threat arena. Attributed to the Korean-speaking threat actors, Gwisin ransomware is leveraged in targeted attacks at specific organizations rather than random individuals and does not perform malicious behaviors on its own, which makes its detection harder. The ransomware is […]

Read More
LockBit 3.0 Ransomware Attack Detection: Deploy Cobalt Strike Beacons Abusing Microsoft Defender
LockBit 3.0 Ransomware Attack Detection: Deploy Cobalt Strike Beacons Abusing Microsoft Defender

LockBit threat actors have been recently under the spotlight in the cyber domain. In July 2022, the hacking collective hit the headlines by introducing the first-ever bug bounty program launched by a ransomware gang. In the latest cyber-attacks, the notorious ransomware group applies Living-off-the-Land tools by abusing the legitimate Microsoft Defender’s command-line utility to deploy […]

Read More
BlackCat Ransomware Attacks: Threat Actors Use Brute Ratel and Cobalt Strike Beacons for Advanced Intrusions
BlackCat Ransomware Attacks: Threat Actors Use Brute Ratel and Cobalt Strike Beacons for Advanced Intrusions

Cybersecurity researchers have revealed a wave of new activity of the notorious BlackCat ransomware group deploying custom malware binaries for more sophisticated intrusions. In the latest attacks, threat actors have been leveraging Cobalt Strike beacons and a new penetration testing tool dubbed Brute Ratel, installing the latter as a Windows service on the compromised machines.  […]

Read More
H0lyGh0st Detection: New Ransomware Tied to North Korean APT
H0lyGh0st Detection: New Ransomware Tied to North Korean APT

New day, the headache for cyber defenders! Microsoft Threat Intelligence Center (MSTIC)  reports a new ransomware strain attacking small to middle-sized businesses across the globe since June 2021. Dubbed H0lyGh0st, the malware has been initially developed by an emerging North Korean APT tracked under the DEV-0530 moniker. The ransomware attacks are explicitly financially motivated, targeting […]

Read More
Maui Ransomware Detection: Novel Threat Targeting U.S. Healthcare and Public Health Sector
Maui Ransomware Detection: Novel Threat Targeting U.S. Healthcare and Public Health Sector

Brace yourself for the new ransomware threat! On July 6, 2022, the FBI, CISA, and the Department of Treasury issued a joint Cybersecurity Advisory (CSA) to warn about Maui ransomware actively leveraged by the North Korean APT group to target organizations in the U.S. healthcare and public health sectors. The attacks have been observed since […]

Read More
MedusaLocker Ransomware Detection: Federal Authorities Release a Joint CSA
MedusaLocker Ransomware Detection: Federal Authorities Release a Joint CSA

MedusaLocker ransomware first surfaced in September 2019 and has been impacting a wide range of industries and organizations, primarily in healthcare, ever since. Assuming how adversaries divide the ransom money, MedusaLocker appears to be run as a RaaS. Sources claimed that payments for ransomware seem to be divided between the affiliate and the developer, with […]

Read More
LockBit 3.0 Ransomware Detection: Operation Revamped
LockBit 3.0 Ransomware Detection: Operation Revamped

LockBit group returns, introducing a new strain of their ransomware, LockBit 3.0. Adversaries dubbed their latest release LockBit Black, enhancing it with new extortion tactics and introducing an option to pay in Zcash, adding to existing Bitcoin and Monero crypto payment options. This time, LockBit hackers are making the headlines by kicking off the first […]

Read More