Found 3 bookmarks
Custom sorting
VanHelsing Ransomware
VanHelsing Ransomware
orums as part of our Threat Discovery Process. Designed to target Windows systems, this ransomware employs advanced encryption techniques and appends a unique file extension to compromised files. Its stealthy evasion tactics and persistence mechanisms make detection and removal challenging. This highlights the need for proactive cybersecurity measures and a robust incident response strategy to safeguard data integrity and minimize breach risks. Target Technologies: Windows Target Geography: France, USA. Target Industry: Government, Manufacturing, Pharma. Encrypted file extension: .vanhelsing Observed First: 2025-03-16 Threat actor Communication mode: Tor
#cyfirma#EN#2025#VanHelsing#Ransomware#analysis#RaaS
·cyfirma.com·
VanHelsing Ransomware
Threat Spotlight: Inside the World's Fastest Rising Ransomware Operator — BlackLock
Threat Spotlight: Inside the World's Fastest Rising Ransomware Operator — BlackLock
First observed in March 2024, “BlackLock” (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3. BlackLock uses a double extortion tactic—encrypting data while stealing sensitive information—to pressure victims with the threat of public exposure. Its ransomware is built to target Windows, VMWare ESXi, and Linux environments, though the Linux variant offers fewer features than its Windows counterpart.
#reliaquest#EN#2025#BlackLock#Eldorado#RaaS#analysis#ransomware#gang
·reliaquest.com·
Threat Spotlight: Inside the World's Fastest Rising Ransomware Operator — BlackLock
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware
Kryptina's adoption by Mallox affiliates complicates malware tracking as ransomware operators blend different codebases into new variants. Kryptina evolved from a free tool on public forums to being actively used in enterprise attacks, particularly under the Mallox ransomware family. In May 2024, a Mallox affiliate leaked staging server data, revealing that their Linux ransomware was based on a modified version of Kryptina. The affiliate made superficial changes to source code and documentation, stripping Kryptina branding but retaining core functionality. The adoption of Kryptina by Mallox affiliates exemplifies the commoditization of ransomware tools, complicating malware tracking as affiliates blend different codebases into new variants. * This original research was presented by the author at LABScon 2024 in Scottsdale, Arizona.
#sentinelone#EN#2024#Kryptina#RaaS#Mallox#Ransomware#analysis#LABScon2024
·sentinelone.com·
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware