Threat Group: Kransom Threat Type: Ransomware Exploited Vulnerabilities: Unpatched software vulnerabilities, phishing Malware Used: Kransom Ransomware Threat Score: High (8/10) — Advanced evasion techniques and use of legitimate digital certificates make detection challenging Last Threat Observation: September 2024, verified through multiple cybersecurity sources Overview Kransom ransomware is a newly identified

Threat Details and Score Threat Group: Meow, also known as MeowCorp and MeowLeaks, a ransomware group derived from NB65 (itself based on Conti v2's leaked source code). Threat Type: Ransomware/Data Extortion. Exploited Vulnerabilities: Weak RDP configurations, phishing campaigns, compromised software (e.g., VMware and Jenkins), deceptive downloads,

Threat Group: Scattered Spider Threat Type: Cybercrime Group (Focused on Cloud Environments, Ransomware) Exploited Vulnerabilities: Azure Cross-Tenant Synchronization, Federated Identity Providers, Cloud Platforms Malware Used: AlphV ransomware Threat Score: High (8.8/10) — Due to its sophisticated exploitation of cloud-based systems, privilege escalation methods, and use of advanced tools for

Threat Group: NoName (formerly known as CosmicBeetle) Threat Type: Ransomware (Part of the Spacecolon malware family) Exploited Vulnerabilities: CVE-2017-0144 (EternalBlue), CVE-2023-27532 (Veeam Backup), CVE-2020-1472 (ZeroLogon), and others Malware Used: ScRansom, LockBit variants, RansomHub Threat Score: High (8.5/10) – Due to its focus on SMBs and evolving encryption methods Last

Threat Group: Phobos Ransomware Operators Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Exposed Remote Desktop Protocol (RDP) Ports, Weak Passwords, Phishing Attacks Malware Used: Phobos Ransomware Overview: Phobos ransomware remains a significant and evolving threat, particularly targeting critical sectors such as healthcare, government, and education. Since its emergence in 2019, Phobos

Overview The Qilin ransomware group, also known as Agenda, has been active since 2022, progressively evolving its tactics. The group recently escalated its operations by targeting credentials stored in Google Chrome browsers, significantly heightening the risk profile for affected organizations. This tactic, coupled with their established methods of double extortion,

Overview KOK08 ransomware, identified as a variant of the Matrix ransomware family, is involved in malicious activities including file encryption and data exfiltration. This ransomware uses sophisticated methods that are consistent with the broader trends observed in 2024, where targeted attacks on critical infrastructure and high-value targets have become more

Overview Quorum Cyber's Incident Response team has discovered a new malware, SharpRhino, during a recent ransomware investigation. SharpRhino, attributed to the ransomware group Hunters International, functions as both an initial infection vector and a Remote Access Trojan (RAT). This malware exemplifies the sophisticated methods ransomware groups are employing

Overview Eldorado is a new ransomware-as-a-service (RaaS) operation that has emerged targeting both Windows and Linux systems. First appearing on March 16, 2024, when an advertisement for its affiliate program was posted on the ransomware forum RAMP, Eldorado has since gained notoriety for its sophisticated capabilities and widespread impact. Technical

Executive Summary: The threat posed by the Black Basta ransomware to critical infrastructure is immediate and severe, with a notable surge in aggressive activities targeting essential sectors such as healthcare and energy. Recent intelligence underscores the group's deployment of sophisticated methods, including advanced malware tools like QAKBOT, Brute

Overview KageNoHitobito is a ransomware that has been actively targeting Windows users globally. It encrypts files on local drives, appending a ".hitobito" extension, and demands a ransom through a ransom note displayed on the victim’s desktop. Victims are directed to contact the attackers via a Tor site