August 28, 2024 at 03:02PM The PoorTry Windows driver has evolved into an EDR wiper, deleting crucial security files to hinder restoration efforts. Trend Micro first warned about this in May 2023, with Sophos confirming EDR wiping attacks. The tool, used by ransomware gangs like BlackCat and LockBit, employs various tactics to avoid detection and … Read more
August 23, 2024 at 06:36AM Summary: A recent Qilin ransomware attack involved stealing credentials from Google Chrome browsers, using compromised VPN portal credentials, then editing the default domain policy to harvest credentials and erase evidence after exfiltrating them. Ransomware groups continue to evolve tactics, with Russian-speaking groups earning over $500 million from ransomware proceeds and … Read more
August 8, 2024 at 10:51AM CISA and the FBI confirmed that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged. BlackSuit gang has been active since September 2022 and is linked to attacks against over 350 organizations. They sought ransom payments in Bitcoin, with the largest demand … Read more
August 7, 2024 at 06:27PM CISA and the FBI confirmed that the Royal ransomware rebranded to BlackSuit, demanding over $500 million from victims since September 2022. The joint advisory details the gang’s evolution, attack tactics, and linked organizations. Notably, the BlackSuit gang caused a widespread IT outage at CDK Global, affecting over 15,000 car dealerships. … Read more
April 19, 2024 at 07:48AM The Akira ransomware group has extorted $42 million from over 250 victims by targeting businesses and critical infrastructure worldwide. They initially focused on Windows systems before deploying a Linux variant. The group exploits known vulnerabilities in Cisco appliances and uses various methods to establish persistence and evade detection. Akira is … Read more
March 15, 2024 at 09:55AM A new variant of StopCrypt ransomware spotted utilizing multi-stage execution and evading security tools. STOP Djvu, a widely distributed ransomware, targets consumers for small ransom payments. Distributed via malvertising and adware bundles, it infects users with various malware. The new variant employs intricate execution mechanisms, posing a significant threat despite … Read more
February 21, 2024 at 01:57PM SecurityWeek’s Cyber Insights annual series discusses major cybersecurity pain points, including the evolving CISO role and new SEC liability rules. Ransomware, a prevalent cyber extortion method, is anticipated to evolve with new tactics such as encryption-free extortion, AI-powered phishing, and politically motivated attacks. Ransomware-as-a-Service, zero-day vulnerabilities, and geopolitical tensions contribute … Read more
January 30, 2024 at 11:54AM Ransomware threats have intensified in 2023, with criminals now focusing on data extraction instead of encryption. The Delinea survey of US IT and security decision makers revealed a significant increase in ransomware attacks and victims who paid the ransom. Additionally, the report highlights the impact of cyber insurance on the … Read more
January 30, 2024 at 08:23AM The Cyber Claims Report observes the evolving nature of cyber threats, particularly ransomware. In 1H 2023, ransomware frequency increased by 27% from 2H 2022, with an average loss of over $365,000 and an average ransom demand of $1.62 million. Businesses with more than $100 million in revenue were hit the … Read more
January 26, 2024 at 09:24AM Recent research from Dragos shows that despite recent takedowns of top ransomware groups, remaining threat actors continue to evolve new tactics and capitalize on zero-day vulnerabilities to target industrial control systems (ICS). While the number of attacks has decreased, these groups are refining their techniques and increasing their media relations … Read more