Summary: The content discusses the average ransom demands in the first half of 2024 and highlights the highest ransom demands made by threat actors.
Threat Actor: Various threat actors
Victim: …
Summary: The content discusses the average ransom demands in the first half of 2024 and highlights the highest ransom demands made by threat actors.
Threat Actor: Various threat actors
Victim: …
Key Points
In June 2024, ReliaQuest responded to detections from an endpoint detection and response (EDR) tool signaling the beginning of a ransomware attack by the “Medusa” ransomware group that…Threat Actor: DragonForce | DragonForce Victim: N/A Price: N/A Exfiltrated Data Type: N/A
Key Points :
DragonForce, a threat actor, is seeking new partners to join their RaaS operation. They…Summary: The RansomHub ransomware operation has developed a Linux encryptor specifically designed to target VMware ESXi environments in corporate attacks.
Threat Actor: RansomHub | RansomHub Victim: Corporate organizations | corporate …
This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like …
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of …
Summary: The notorious Scattered Spider cybercrime group has become an affiliate of the RansomHub ransomware-as-a-service (RaaS) operator, leading to the emergence of a new RaaS model in the cybercrime landscape.…
In the face of increasingly vigilant security teams and adept defense tools, attackers are continually looking for new ways to circumvent network security …
This blog investigates Medusa ransomware, a Ransomware-as-a-Service (RaaS) variant that is known to use living off the land techniques to infect target networks and move towards its ultimate goals, data …
This staggering amount underscores the imminent need for cyber security to be treated as a global priority. Moreover, with the explosion …
In the ever-evolving cybersecurity landscape, staying informed with the latest statistics and trends is not just beneficial—it’s imperative. The year 2024 is shaping up to be pivotal, with threats becoming …
Qilin, also known as Agenda ransomware, represents a formidable threat in cybercrime. This ransomware, one of the known Ransomware-as-a-Service (RaaS) groups, is designed with adaptability in mind, allowing it to …
Summary: This content discusses the RansomHub ransomware-as-a-service, which is believed to have evolved from the now-defunct Knight ransomware project. RansomHub operates as a data theft and extortion group that sells …
Summary: A threat actor known as “phant0m” is promoting a new Ransomware-as-a-Service (RaaS) called “SpiderX,” which is designed to be more advanced and harder to detect than its predecessor, Diablo …
Intel-Ops researchers recently discovered that the 8Base Ransomware Group has been using Phobos ransomware to infect their targets’ networks. 8Base has reportedly been active since mid-2023.
The Phobos operators have …
Summary: This article discusses a recent ransomware attack by the Ransomhub group on an Industrial Control Systems (ICS) of a Spanish bioenergy plant, highlighting the dangers of cyberattacks on ICS.…
As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, …
Published On : 2024-05-24
EXECUTIVE SUMMARYAt CYFIRMA, our commitment is to provide timely insights into prevalent threats and malicious tactics affecting both organizations and individuals. Synapse ransomware has emerged …
On February 22, 2025, the Critical Infrastructure and Security Agency (CISA) issued a #StopRansomware: ALPHV Blackcat ransomware alert. This alert builds upon earlier Federal Bureau of Investigation (FBI) work and …
On May 10, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis …
Dispossessor has recently emerged in the ransomware landscape, and it is especially notable for its similarities to the notorious LockBit group. Following an extensive crackdown by global law enforcement agencies, which led to the …
NOTE: I started this story before Operation Cronos. Hence you can see tiny details getting unfold before the FBI/Europol Compromise and afterwards. This article mainly focuses on the mighty comeback …
Summary: A cybercriminal named “salfetka” is claiming to sell the source code of INC Ransom, a ransomware-as-a-service operation that has targeted various organizations including Xerox Business Solutions, Yamaha Motor Philippines, …
This report was originally published for our customers on 2 May 2024.
As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises …
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These …
Summary: Law enforcement has seized the Tor website of the Lockbit ransomware group and plans to reveal the identities of its members, but the group claims that they are still …
Summary: A member of the REvil ransomware-as-a-service (RaaS) group, Yaroslav Vasinskyi, has been sentenced to over 13 years in prison and ordered to pay restitution for conducting numerous ransomware attacks …
Victim: Drogaria Preco Bom Country : BR Actor: apos Source: https://apos.blog/apos-raas/Drogaria-Preco-Bom-314d05883c88439791995e7f9a288a53 Discovered: 2024-04-29 15:38:12.897021 Published: 2024-04-26 00:00:00.000000 Description : 5.6GB5MBrazilPrivate dataPublishedbomprecodrogaria.com.br
…
Victim: Sunlux Group Country : FR Actor: apos Source: https://apos.blog/apos-raas/Sunlux-Group-50eda5d7962a4b2fabf3ea9bb30cfbe6 Discovered: 2024-04-29 15:38:11.611229 Published: 2024-04-29 15:38:11.611229 Description : 160GB5.1MFrancePrivate dataFinancial dataNot publishedsunlux-group.com
…
Victim: Algen Healthcare Country : IN Actor: apos Source: https://apos.blog//apos-raas/Algen-Healthcare-d1a417add85448d1959683ac15099417 Discovered: 2024-04-29 15:38:10.479687 Published: 2024-04-29 15:38:10.479687 Description : 90GB5MIndiaFinancial dataPrivate dataNot publishedalgenhealthcare.co
…
Victim: Bitz Softwares Country : BR Actor: apos Source: https://apos.blog/apos-raas/Bitz-Softwares-bc9e829383bb4f0086ed1598c052cefe Discovered: 2024-04-29 15:38:09.214545 Published: 2024-04-29 15:38:09.214545 Description : 18.1MB11.3MBrazilSource codeNot publishedbitzsoftwares.com.br
…
Threat actors consistently alter and develop their schemes in order to further escalate their payoffs. In a new trend, ransomware affiliates are actively re-monetizing stolen data outside of their original …
Threat Actor: Psoglav Ransomware | Psoglav Ransomware Victim: Internet users | Internet users Price: $150 per ID Exfiltrated Data Type: Files
Additional Information :
Psoglav is coded in C# and…In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation of these inexpensive and frequently unreliable weapons, ostensibly because they were believed …
Summary: Attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, with a 6% increase in intrusions through vulnerability exploitation in 2023, according to Mandiant’s M-Trends 2024 …
Summary: The GRIT Q1 2024 Ransomware Report highlights shifts in activity from Ransomware-as-a-Service (RaaS) groups, an increase in the number of ransomware victims, and changes in the behavior of ransomware …
On April 18, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Netherlands’ National Cyber Security Centre (NCSC-NL) released a joint Cybersecurity Advisory …
As the digital landscape continues to evolve, the United States finds itself at the forefront of emerging cybersecurity challenges. With its critical infrastructure, extensive government networks, and vibrant economy, the …
Estimated reading time: 5 minutes
Ghost Locker is a Ransomware-as-a-Service (Raas) created by GhostSec [hacktivist groups]. In October 2023, GhostSec launched the GhostLocker framework. After their successful collaborative operations with …
In late 2023, BlackBerry analysts identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in the United States. FIN7 identified employees at the …
Summary: The number of ransomware victims who choose to pay a ransom has dropped to a record low, with only 28% paying in the first quarter of 2024, down from …
Robot Name : Serve Robotics Robot Capability : Last-mile automation, local deliveries Robot Category : Delivery robot Key Point :
Serve Robotics builds and maintains its fleet of robots for…Robot Name : Max AMR Robot Capability : Autonomous material transport, optimization of material handling, navigation, execution of tasks Robot Category : Autonomous Mobile Robots (AMRs) Key Point :
BYD…Robot Name : Locus Robotics Robot Capability : Autonomous mobile robots (AMRs), increase warehouse efficiency, collaborate with human pickers Robot Category : Warehouse automation Key Point :
Locus Robotics has…The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect. This surge suggests that despite the Law Enforcement’s (LE) “Operation Cronos” aimed …
Here are the key insights from the Halcyon Threat Research and Intelligence Team findings for March 2024. The evolving ransomware landscape continues to reveal intriguing trends when analyzed comprehensively.
Ransomware…Threat detection and response are critical components of a robust cybersecurity strategy. However, simply relying on automated detections is no longer enough to protect your organization from downtime.
To reduce …
Key Point : —————————— – Operation Cronos disrupted LockBit’s operations, leading to outages on LockBit-affiliated platforms and a takeover of its leak site by the UK’s National Crime Agency. – …
On February 21st, 2024, Cofense Intelligence identified an advanced phishing campaign that targeted the Oil and Gas sector to deliver Rhadamanthys Stealer, an advanced information stealer offered as Malware-as-a-Service (MaaS). …