LockBit Ransomware Group Plots Comeback With 4.0 Release
The LockBit ransomware group will soon launch a comeback with the planned release of LockBit 4.0 in February 2025, Cyble
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware
Kryptina's adoption by Mallox affiliates complicates malware tracking as ransomware operators blend different codebases into new variants. Kryptina evolved from a free tool on public forums to being actively used in enterprise attacks, particularly under the Mallox ransomware family. In May 2024, a Mallox affiliate leaked staging server data, revealing that their Linux ransomware was based on a modified version of Kryptina. The affiliate made superficial changes to source code and documentation, stripping Kryptina branding but retaining core functionality. The adoption of Kryptina by Mallox affiliates exemplifies the commoditization of ransomware tools, complicating malware tracking as affiliates blend different codebases into new variants. * This original research was presented by the author at LABScon 2024 in Scottsdale, Arizona.
Uncovering the Dark Web Underground Forum: “Exploit.in” a Nexus for Illicit Cyber Activities
In the hidden corners of the internet, a parallel economy thrives—one that operates beyond the reach of conventional search engines and law enforcement agencies. Dark Web Forums have become the breeding grounds for cybercriminals. In the world of cybersecurity, Exploit in is a well-known private Russian hacker forum. Since it began in 2012, the forum has developed into a well-known exchange and sales platform for various cybercrime tools and stolen data. A wide range of cybercrime-related topics are covered by Exploit, such as credit card information, email spamming tools, social engineering, security & vulnerabilities, social network hacking, cryptography, cracked tools, buying and selling of hacked databases, info-stealer & Malware as a service (Maas). The creators of Exploit, a well-known cybercrime forum where ransomware gangs recruit affiliates and promote their Ransomware-as-a-Service (RaaS) offerings, have declared that ransomware advertisements are no longer permitted and will be taken down.
Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals
Play ransomware has turned into Ransomware-as-a-Service (RaaS), allowing other cybercriminals to use it.
GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel
The hacker collective called GhostSec has unveiled an innovative Ransomware-as-a-Service (RaaS) framework called GhostLocker. They provide comprehensive assistance to customers interested in acquiring this service through a dedicated Telegram channel. Presently, GhostSec is focusing its attacks on Israel. This move represents a surprising departure from their past activities and stated agenda.
You’ve been kept in the dark (web): exposing Qilin’s RaaS program
All you need to know about Qilin ransomware and its operations targeting critical sectors. Group-IB’s Threat Intelligence team infiltrated the Qilin ransomware group in March 2023 and now can reveal inside information about this RaaS program. The blog provides recommendations on how to prevent Qilin’s attacks and will be useful for threat intelligence experts, threat hunters, and corporate cybersecurity teams.
What is ransomware-as-a-service and how is it evolving?
Ransomware attacks are becoming more frequent and costlier—breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. What’s more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service (RaaS) model.
Ransom Cartel Ransomware: A Possible Connection With REvil
Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.
What is ransomware-as-a-service and how is it evolving?
Ransomware attacks are becoming more frequent and costlier—breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. What’s more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service (RaaS) model.
Ransom Cartel Ransomware: A Possible Connection With REvil
Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.