Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Threat Actor: DragonForce | DragonForce Victim: N/A Price: N/A Exfiltrated Data Type: N/A
Key Points :
DragonForce, a threat actor, is seeking new partners to join their RaaS operation. They are specifically looking for specialists in various fields such as access specialists and pentesters. They offer their own infrastructure, tools, and 80% of the income from their attacks to their partners.…Summary: The RansomHub ransomware operation has developed a Linux encryptor specifically designed to target VMware ESXi environments in corporate attacks.
Threat Actor: RansomHub | RansomHub Victim: Corporate organizations | corporate organizations
Key Point :
RansomHub is a ransomware-as-a-service (RaaS) operation that has claimed over 45 victims across 18 countries.…This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like they deserve special attention and investigation.
Qilin has been covered already by experts from Trend Micro, Secureworks, Group-IB, SentinelOne, SOCRadar, BleepingComputer, and MalwareHunterTeam.…
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of global and local threats, posing significant risks to individuals, organizations, and critical sectors of Brazilian society.…
Summary: The notorious Scattered Spider cybercrime group has become an affiliate of the RansomHub ransomware-as-a-service (RaaS) operator, leading to the emergence of a new RaaS model in the cybercrime landscape.
Threat Actor: Scattered Spider | Scattered Spider Victim: Change Healthcare | Change Healthcare
Key Point :
The Scattered Spider cybercrime group, formerly an ALPHV/BlackCat affiliate, is now conducting ransomware operations with RansomHub, according to analysis by GuidePoint Security.…This blog investigates Medusa ransomware, a Ransomware-as-a-Service (RaaS) variant that is known to use living off the land techniques to infect target networks and move towards its ultimate goals, data encryption and exfiltration.
What is Living off the Land attack?In the face of increasingly vigilant security teams and adept defense tools, attackers are continually looking for new ways to circumvent network security and gain access to their target environments.…
This staggering amount underscores the imminent need for cyber security to be treated as a global priority. Moreover, with the explosion of generative AI (besides chatGPT as well!), the current 2200 daily attacks, are expected to not only multiply manifold but become far more individualized.…
In the ever-evolving cybersecurity landscape, staying informed with the latest statistics and trends is not just beneficial—it’s imperative. The year 2024 is shaping up to be pivotal, with threats becoming more sophisticated and industries worldwide grappling with a digital environment that’s more integral to operations than ever before. …
Qilin, also known as Agenda ransomware, represents a formidable threat in cybercrime. This ransomware, one of the known Ransomware-as-a-Service (RaaS) groups, is designed with adaptability in mind, allowing it to customize attacks based on its victims’ specific environments. Originating from a sophisticated background, Qilin leverages advanced tactics to extort organizations.…
Summary: This content discusses the RansomHub ransomware-as-a-service, which is believed to have evolved from the now-defunct Knight ransomware project. RansomHub operates as a data theft and extortion group that sells stolen files to the highest bidder.
Threat Actor: RansomHub | RansomHub Victim: United Health subsidiary Change Healthcare | Change Healthcare
Key Point :
RansomHub is a relatively new ransomware-as-a-service that has evolved from the now-defunct Knight ransomware project.…Summary: A threat actor known as “phant0m” is promoting a new Ransomware-as-a-Service (RaaS) called “SpiderX,” which is designed to be more advanced and harder to detect than its predecessor, Diablo ransomware.
Threat Actor: phant0m | phant0m Victim: N/A
Key Point :
A threat actor named phant0m is advertising a new Ransomware-as-a-Service (RaaS) called SpiderX on the dark web forum OnniForums.…Intel-Ops researchers recently discovered that the 8Base Ransomware Group has been using Phobos ransomware to infect their targets’ networks. 8Base has reportedly been active since mid-2023.
The Phobos operators have been selling the ransomware’s multiple variants (e.g., Eking, Eight, Elbie, Devos and Faust) via the ransomware-as-a-service (RaaS) model.…
Summary: This article discusses a recent ransomware attack by the Ransomhub group on an Industrial Control Systems (ICS) of a Spanish bioenergy plant, highlighting the dangers of cyberattacks on ICS.
Threat Actor: Ransomhub | Ransomhub Victim: Spanish bioenergy plant | Spanish bioenergy plant
Key Point :
The recent ransomware attack by the Ransomhub group targeted the Supervisory Control and Data Acquisition (SCADA) system of a Spanish bioenergy plant, highlighting the vulnerability of Industrial Control Systems (ICS) to cyberattacks.…As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, cyber threats are becoming more sophisticated and frequent, presenting substantial risks to businesses across all sectors.…
Published On : 2024-05-24
EXECUTIVE SUMMARYAt CYFIRMA, our commitment is to provide timely insights into prevalent threats and malicious tactics affecting both organizations and individuals. Synapse ransomware has emerged as a new threat in the cyber landscape, appearing in the wild since February 2024. This ransomware is distributed under the Ransomware-as-a-Service (RaaS) model to affiliates via dark web or onion web pages, with its payload, SynapseCrypter.exe.…
On February 22, 2025, the Critical Infrastructure and Security Agency (CISA) issued a #StopRansomware: ALPHV Blackcat ransomware alert. This alert builds upon earlier Federal Bureau of Investigation (FBI) work and contributions from other agencies and OSINT sources in 2022, 2023, and early 2024. This alert released new Indicators of Compromise (IoC), including several command and control (C&C) server domains essential to the Kill Chain1 currently used by the Blackcat threat actors.…
On May 10, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector.…
Dispossessor has recently emerged in the ransomware landscape, and it is especially notable for its similarities to the notorious LockBit group. Following an extensive crackdown by global law enforcement agencies, which led to the seizure of LockBit’s primary domains, Dispossessor quickly surfaced, mimicking the structure and content of LockBit.
Dispossessor’s logo
Who is Dispossessor RansomwareThe name “Dispossessor” could be linked to Ursula K.…
NOTE: I started this story before Operation Cronos. Hence you can see tiny details getting unfold before the FBI/Europol Compromise and afterwards. This article mainly focuses on the mighty comeback of LockBit Group and their approach after Operation Cronos and does NOT attribute to the Identity of LockBitSupp.…
Summary: A cybercriminal named “salfetka” is claiming to sell the source code of INC Ransom, a ransomware-as-a-service operation that has targeted various organizations including Xerox Business Solutions, Yamaha Motor Philippines, and the National Health Service in Scotland.
Threat Actor: salfetka | salfetka Victim: INC Ransom | INC Ransom
Key Point:
A cybercriminal named “salfetka” is selling the source code of INC Ransom, a ransomware-as-a-service operation.…