Summary: A member of the REvil ransomware-as-a-service (RaaS) group, Yaroslav Vasinskyi, has been sentenced to over 13 years in prison and ordered to pay restitution for conducting numerous ransomware attacks and demanding millions in ransom payments.

Threat Actor: REvil ransomware-as-a-service (RaaS) group | REvil ransomware-as-a-service Victim: Multiple victims | REvil ransomware attacks

Key Point :

Affiliate of the REvil ransomware group, Yaroslav Vasinskyi, has been sentenced to 13 years and seven months in prison for conducting over 2500 ransomware attacks.…
Read More

Victim: Drogaria Preco Bom Country : BR Actor: apos Source: https://apos.blog/apos-raas/Drogaria-Preco-Bom-314d05883c88439791995e7f9a288a53 Discovered: 2024-04-29 15:38:12.897021 Published: 2024-04-26 00:00:00.000000 Description : 5.6GB5MBrazilPrivate dataPublishedbomprecodrogaria.com.br

Read More

Victim: Sunlux Group Country : FR Actor: apos Source: https://apos.blog/apos-raas/Sunlux-Group-50eda5d7962a4b2fabf3ea9bb30cfbe6 Discovered: 2024-04-29 15:38:11.611229 Published: 2024-04-29 15:38:11.611229 Description : 160GB5.1MFrancePrivate dataFinancial dataNot publishedsunlux-group.com

Read More

Victim: Algen Healthcare Country : IN Actor: apos Source: https://apos.blog//apos-raas/Algen-Healthcare-d1a417add85448d1959683ac15099417 Discovered: 2024-04-29 15:38:10.479687 Published: 2024-04-29 15:38:10.479687 Description : 90GB5MIndiaFinancial dataPrivate dataNot publishedalgenhealthcare.co

Read More

Victim: Bitz Softwares Country : BR Actor: apos Source: https://apos.blog/apos-raas/Bitz-Softwares-bc9e829383bb4f0086ed1598c052cefe Discovered: 2024-04-29 15:38:09.214545 Published: 2024-04-29 15:38:09.214545 Description : 18.1MB11.3MBrazilSource codeNot publishedbitzsoftwares.com.br

Read More

Threat actors consistently alter and develop their schemes in order to further escalate their payoffs. In a new trend, ransomware affiliates are actively re-monetizing stolen data outside of their original RaaS agreements, especially as financial squabbles between threat actors emerge in the ransomware economy. The affiliates in such instances are starting to work with third-parties or external data leak services in order to re-extort victims who have already paid the ransom to the original attackers.…

Read More

In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation of these inexpensive and frequently unreliable weapons, ostensibly because they were believed to pose a risk to their owners and facilitate criminality. This was not an issue unique to the US or to that time period, of course; in the UK, where handguns are now strictly regulated, criminals often resort to reactivated, or even home-made or antique, firearms.…

Read More

Summary: Attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, with a 6% increase in intrusions through vulnerability exploitation in 2023, according to Mandiant’s M-Trends 2024 Report. Additionally, researchers observed a rise in the exploitation of zero-day vulnerabilities, with Chinese cyber espionage groups being the most prolific attackers in this regard.…

Read More

Summary: The GRIT Q1 2024 Ransomware Report highlights shifts in activity from Ransomware-as-a-Service (RaaS) groups, an increase in the number of ransomware victims, and changes in the behavior of ransomware groups following law enforcement activity.

Threat Actor: Ransomware-as-a-Service (RaaS) groups | Ransomware-as-a-Service Victim: Various organizations and industries | Ransomware victims

Key Point :

Q1 2024 saw a significant increase in the number of active ransomware groups, with a 55% rise from 29 distinct groups in Q1 2023 to 45 distinct groups in Q1 2024.…
Read More

On April 18, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Netherlands’ National Cyber Security Centre (NCSC-NL) released a joint Cybersecurity Advisory (CSA) that disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with Akira ransomware, identified through FBI investigations and trusted third party reporting as recently as February 2024.…

Read More

As the digital landscape continues to evolve, the United States finds itself at the forefront of emerging cybersecurity challenges. With its critical infrastructure, extensive government networks, and vibrant economy, the nation remains a prime target for a myriad of cyber threats. From state-sponsored actors seeking to undermine national security to sophisticated cybercriminal organizations aiming to exploit vulnerabilities for financial gain, the USA’s threat landscape is diverse and complex.…

Read More

Estimated reading time: 5 minutes

Ghost Locker is a Ransomware-as-a-Service (Raas) created by GhostSec [hacktivist groups]. In October 2023, GhostSec launched the GhostLocker framework. After their successful collaborative operations with the Stormous ransomware group in July 2023, GhostLocker ransomware operators provide various options for their affiliates.…

Read More
Summary

In late 2023, BlackBerry analysts identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in the United States. FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights. They used the lure of a free IP scanning tool to run their well-known Anunak backdoor and gain an initial foothold utilizing living off the land binaries, scripts, and libraries (lolbas).…

Read More

The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect. This surge suggests that despite the Law Enforcement’s (LE) “Operation Cronos” aimed at dismantling LockBit’s infrastructure, the ransomware operators somehow managed to survive and stay a float. It appears that the cybercriminals group behind LockBit ransomware partially restored their infrastructure and created an impression that the LE actions did not affect their normal operation.…

Read More

Here are the key insights from the Halcyon Threat Research and Intelligence Team findings for March 2024. The evolving ransomware landscape continues to reveal intriguing trends when analyzed comprehensively.

Ransomware Prevented per Industry Vertical

Information Technology, Education and Manufacturing were the most targeted industry verticals in March 2024:

Information & Technology 32% (+13% mo/mo) Education 12% (-1% mo/mo) Manufacturing 11% (+6% mo/mo) Healthcare & Pharmaceutical 7% (+3% mo/mo) Finance & Insurance 6% (-25%% mo/mo) Professional, Scientific & Technical Services 6% (-2% mo/mo) State & Local Government 6% (+2% mo/mo) Retail Trade 6% (+4% mo/mo) Arts, Entertainment & Recreation 5% Transportation & Warehousing 5% (+2% mo/mo) other 3% (+2% mo/mo) Utilities 0.6% (-0.4% mo/mo) Accommodations & Food Services 0.2% (-0.1% mo/mo) Construction 0.1% (-0.3% mo/mo) Mining 0.1% (-0.2% mo/mo) Threat Types by Category

Halcyon detected and blocked a wide variety of threats that were missed by other security layers in our client’s environments that are often precursors to the delivery of the ransomware payload:

Monero Coin Miner Trojan

This Trojan installs a Monero coin miner, effectively stealing processing resources from the victim and is capable of performing various evasion techniques to avoid detection and analysis by security tools.…

Read More

Threat detection and response are critical components of a robust cybersecurity strategy. However, simply relying on automated detections is no longer enough to protect your organization from downtime.

To reduce the chances of business disruption from advanced and unknown threats, security teams must operationalize threat intelligence by conducting proactive, hypothesis-driven threat hunts.…

Read More

Key Point : —————————— – Operation Cronos disrupted LockBit’s operations, leading to outages on LockBit-affiliated platforms and a takeover of its leak site by the UK’s National Crime Agency. – Authorities used the compromised leak site to distribute information about LockBit, highlighting the risks of paying ransoms and the impact on affected businesses.…

Read More