Found 15 bookmarks
Custom sorting
FunkSec – Alleged Top Ransomware Group Powered by AI
FunkSec – Alleged Top Ransomware Group Powered by AI
  • The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. FunkSec operators appear to use AI-assisted malware development which can enable even inexperienced actors to quickly produce and refine advanced tools. The group’s activities straddle the line between hacktivism and cybercrime, complicating efforts to understand their true motivations. Many of the group’s leaked datasets are recycled from previous hacktivism campaigns, raising doubts about the authenticity of their disclosures. Current methods of assessing ransomware group threats often rely on the actors’ own claims, highlighting the need for more objective evaluation techniques.
#checkpoint#EN#2024#FunkSec#analysis#ransomware
·research.checkpoint.com·
FunkSec – Alleged Top Ransomware Group Powered by AI
Lynx Ransomware: A Rebranding of INC Ransomware
Lynx Ransomware: A Rebranding of INC Ransomware
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics.
#paloaltonetworks#EN#2024#Lynx#Ransomware#INC#US#UK#analysis
·unit42.paloaltonetworks.com·
Lynx Ransomware: A Rebranding of INC Ransomware
Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs - JPCERT/CC Eyes
Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs - JPCERT/CC Eyes
The difficult part of the initial response to a human-operated ransomware attack is identifying the attack vector. You may already know from recent security incident trends that the vulnerabilities of VPN devices are likely to be exploited, but it often...
#jpcert#EN#2024#event#analysis#windows-events#Log#human-operated#Ransomware
·blogs.jpcert.or.jp·
Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs - JPCERT/CC Eyes
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware
Kryptina's adoption by Mallox affiliates complicates malware tracking as ransomware operators blend different codebases into new variants. Kryptina evolved from a free tool on public forums to being actively used in enterprise attacks, particularly under the Mallox ransomware family. In May 2024, a Mallox affiliate leaked staging server data, revealing that their Linux ransomware was based on a modified version of Kryptina. The affiliate made superficial changes to source code and documentation, stripping Kryptina branding but retaining core functionality. The adoption of Kryptina by Mallox affiliates exemplifies the commoditization of ransomware tools, complicating malware tracking as affiliates blend different codebases into new variants. * This original research was presented by the author at LABScon 2024 in Scottsdale, Arizona.
#sentinelone#EN#2024#Kryptina#RaaS#Mallox#Ransomware#analysis#LABScon2024
·sentinelone.com·
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware
Arctic Wolf Labs has observed Fog ransomware being deployed against US organizations in the education and recreation sectors.
Arctic Wolf Labs has observed Fog ransomware being deployed against US organizations in the education and recreation sectors.
On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector. We are sharing details of this emerging variant to help organizations defend against this threat. Please note that we may add further detail to this article as we uncover additional information in our ongoing investigation.
#arcticwolf#EN#2024#Fog#ransomware#USA#analysis
·arcticwolf.com·
Arctic Wolf Labs has observed Fog ransomware being deployed against US organizations in the education and recreation sectors.
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment – The DFIR Report
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment – The DFIR Report
Key Takeaways In October 2023, we observed an intrusion that began with a spam campaign, distributing a forked IcedID loader. The threat actor used Impacket’s wmiexec and RDP to install Scree…
#thedfirreport#EN#2024#analysis#IceID#ScreenConnect#incident#ALPHV#Ransomware
·thedfirreport.com·
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment – The DFIR Report
Analysis of TargetCompany's Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
Analysis of TargetCompany's Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of the TargetCompany ransomware group installing the Mallox ransomware. The TargetCompany ransomware group primarily targets improperly managed MS-SQL servers to install the Mallox ransomware. While these attacks have been ongoing for several years, here we will outline the correlation between the newly identified malware and previous attack cases involving the distribution of the Tor2Mine CoinMiner and BlueSky ransomware.
#asec.ahnlab#EN#2024#MS-SQL#servers#CoinMiner#BlueSky#ransomware#analysis
·asec.ahnlab.com·
Analysis of TargetCompany's Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file […]
#SonicWall#EN#2024#StopCrypt#ransomware#analysis
·blog.sonicwall.com·
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild