Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

October 17, 2024 at 10:15AM Cybersecurity researchers have investigated Cicada3301, a new ransomware-as-a-service (RaaS), revealing its affiliate program on the dark web. With advanced features and capabilities, it has compromised over 30 organizations, primarily in the U.S. and U.K. Its sophisticated operation poses a significant threat to network security. ### Meeting Takeaways – Oct 17, … Read more

New Mallox ransomware Linux variant based on leaked Kryptina code

September 23, 2024 at 02:32PM A Mallox affiliate was found using a modified version of Kryptina ransomware to target Linux systems, signifying the ransomware’s shift from Windows to Linux and VMWare ESXi systems. Kryptina’s leaked source code was utilized to create the rebranded “Mallox Linux 1.0” encryptor. Various other tools, including a Kaspersky password reset … Read more

Vice Society Pivots to Inc Ransomware in Healthcare Attack

September 19, 2024 at 04:39PM Inc ransomware, linked to the group Vanilla Tempest, is increasingly targeting American healthcare organizations. Microsoft’s Threat Intelligence Center (MSTIC) raised concerns over the group’s use of Inc ransomware for double extortion attacks. Healthcare, due to its valuable data and vulnerability, remains a prime target for such cyber threats. The sophisticated … Read more

Linux version of new Cicada ransomware targets VMware ESXi servers

September 3, 2024 at 11:00AM Cicada3301, a new ransomware-as-a-service, is impersonating the legitimate Cicada 3301 organization, conducting cyber attacks and recruiting affiliates. This operation uses double-extortion tactics and targets specific file extensions on Windows and Linux/VMware ESXi systems. Its strategic design is aimed at maximizing damage in enterprise environments and pressuring victims to pay ransoms. … Read more

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

September 2, 2024 at 10:18AM RansomHub, a Ransomware-as-a-service variant, has targeted at least 210 victims across various sectors, using the double extortion model to extort data and funds. Exploiting security vulnerabilities, affiliates conduct reconnaissance and network scanning before targeting victim environments. The surge in Ransomware-as-a-service variants has led to new variants and collaborations with nation-state … Read more

Understanding the ‘Morphology’ of Ransomware: A Deeper Dive

August 22, 2024 at 10:39AM The WithSecure’s Ransomware Landscape report for H1 2024 reveals the underlying morphology shaping the visible landscape of ransomware attacks. While leak sites and public reports provide growth insights and sector-specific attack trends, the report also discusses the changing lexicography of ransomware, law enforcement actions’ impact, and the rebranding and migration … Read more

FBI Shuts Down Dispossessor Ransomware Group’s Servers Across U.S., U.K., and Germany

August 13, 2024 at 05:42AM The FBI disrupted the online infrastructure of nascent ransomware group Dispossessor, targeting small-to-mid-sized businesses internationally. The group employs a dual-extortion model, threatening data exposure and encryption. They leverage system vulnerabilities and weak passwords for attacks and have targeted 43 companies in multiple countries. Law enforcement efforts are increasing, but ransomware … Read more

Hunters International Disguises SharpRhino RAT as Legitimate Network Admin Tool

August 6, 2024 at 12:41PM Hunters International, an emerging ransomware group, has been rapidly advancing with a new remote access Trojan called SharpRhino, deploying Hive ransomware to attack IT professionals. The group leverages typosquatting domains and valid code-signing certificates to install the malware. SharpRhino’s purpose is to ensure persistence and control over targeted systems for … Read more

Five months after takedown, LockBit is a shadow of its former self

July 31, 2024 at 10:23AM LockBit’s ransomware operation, led by leader LockbitSupp, suffered a significant blow following Operation Cronos. Despite efforts to rebuild and operate, LockBit’s reputation and impact have dwindled. With the mass exodus of affiliates and diminishing operations, the future of LockBit and its leader remains uncertain amidst changing dynamics in the ransomware … Read more

Two Members of LockBit Ransomware Group Plead Guilty in US Court

July 22, 2024 at 11:36AM Two members of the LockBit gang pleaded guilty in the US for their involvement in deploying ransomware against organizations globally and in the US. The gang resumed operations after a disruption, becoming the most active ransomware gang in May. The US seeks information on the alleged mastermind and has announced … Read more