Hive Ransomware

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022. As of November 2022, Hive ransomware actors have victimized over 1,300 companies […]

Venus Ransomware Targets Remote Desktop Services

Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices. Venus Ransomware appears to have begun operating in the middle of August 2022 and has since encrypted victims worldwide. However, there was another ransomware using the same encrypted file extension since 2021, but it is unclear […]

QNAP NAS devices affected by ransomware

Network hardware-maker QNAP is urging customers to update their network-attached storage devices immediately to protect them from a new wave of ongoing ransomware attacks that can destroy terabytes of data in a single stroke. Singapore-based QNAP said recently that it has identified a new campaign from a ransomware group known as DeadBolt. The attacks take aim at […]

Ransomware Developers are using Intermittent Encryption

Partially encrypting victims’ files improves ransomware speed and aids evasion. First seen in LockFile, the technique is now being widely adopted. Intermittent encryption is important to ransomware operators from two perspectives: Speed: Encryption can be a time-intensive process and time is crucial to ransomware operators – the faster they encrypt the victims’ files, the less […]

HavanaCrypt Ransomware Masquarading as Google Update

First observed June 2022 in the wild, HavanaCrypt Ransomware masquerades as a legitimate Google Chrome update with sophisticated anti-analysis techniques and other functionality that may be used for data exfiltration and privilege escalation since its lack of a ransom note renders it unprofitable for its author. HavanaCrypt leverages functionalities from the open-source password software KeePass […]

Ransomware as a Service

Do you know that a ransomware attack happens once every 11 seconds? Over the years, the frequency and intensity of these attacks have increased. This is due to the increased sophistication of cybercriminals and the easy availability of Ransomware as a Service (RaaS). Cybercriminals have also come up with ingenious ways to extort money from companies, and RaaS is […]

RansomWare : BlackByte

BlackByte is a ransomware family that has been building a name for itself since 2021. Like its contemporaries, it has gone after critical infrastructure for a higher chance of a getting a payout. Blackbyte Initial versions used symmetric keys, it has multiple variants, archives files using WinRAR, uses trojanized legitimate tools, and involves phishing emails […]

Smash-and-Grab: AstraLocker 2.0 Pushes Ransomware Direct from Office Docs

ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.  The “smash and grab” attack methodology as well as other features suggest the attacker behind this malware is low-skill and looking to cause disruption, compared with the more patient, methodical, and measured approach to compromises used […]

Avos Ransomware Group Expands with New Attack Arsenal

Description Avos is a ransomware group first identified in 2021 initially targeting Windows machines. More recently, a new ransomware variant of AvosLocker, named after the group, is also targeting Linux environments. Well-funded and financially motivated, Avos has been active since June 2021 and follows the ransomware-as-a-service (RaaS) model, an affiliate program to recruit potential partners. […]

Scroll to top
× How can I help you? Available from 08:00 to 22:00