ALPHA SPIDER is the adversary behind the development and operation of the Alphv ransomware as a service (RaaS). Over the last year, ALPHA SPIDER affiliates have been leveraging a variety of novel techniques as part of their ransomware operations. CrowdStrike Services has observed techniques such as the usage of NTFS Alternate Data Streams for hiding a reverse SSH tool, … [Read more...] about The Anatomy of an ALPHA SPIDER Ransomware Attack
ransomware
LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada
Mar 14, 2024NewsroomRansomware / Cyber Crime A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to … [Read more...] about LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada
LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released
Feb 20, 2024NewsroomRansomware / Data Protection The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat … [Read more...] about LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released
Rhysida Ransomware Cracked, Free Decryption Tool Released
Feb 12, 2024NewsroomVulnerability / Data Recovery Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). "Through a … [Read more...] about Rhysida Ransomware Cracked, Free Decryption Tool Released
3 Ransomware Group Newcomers to Watch in 2024
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases. Figure 1: Year over year victims per quarter The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a teaser—2023 roared back with the same fervor as 2021, propelling existing groups and ushering in a wave of … [Read more...] about 3 Ransomware Group Newcomers to Watch in 2024
Carbanak Banking Malware Resurfaces with New Ransomware Tactics
Dec 26, 2023NewsroomMalware / Cybercrime The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned … [Read more...] about Carbanak Banking Malware Resurfaces with New Ransomware Tactics
Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals
Nov 21, 2023NewsroomRansomware-as-a-service The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following … [Read more...] about Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals
8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by cybercriminals. "Most of the group's Phobos variants are distributed by SmokeLoader, a backdoor trojan," security researcher Guilherme Venere … [Read more...] about 8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
New Ransomware Group Emerges with Hive’s Source Code and Infrastructure
Nov 13, 2023NewsroomCyber Threat / Malware The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision to cease their operations and … [Read more...] about New Ransomware Group Emerges with Hive’s Source Code and Infrastructure
Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer
Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a "key target" in France. "In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia," the agency said. "The main perpetrator, suspected of being a developer of the Ragnar group, has been brought in … [Read more...] about Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer