Ransomware

A collection of 28 posts
Threat Actor Azote Group Expands Nitrogen Ransomware Campaign Targeting IT and Finance
Ransomware

Threat Actor Azote Group Expands Nitrogen Ransomware Campaign Targeting IT and Finance

Threat Group: Azote Group / UNC4696 Threat Type: Ransomware (Double Extortion), Initial Access Broker Exploited Vulnerabilities: Malvertising, DLL Sideloading, Vulnerable Drivers, Social Engineering Malware Used: NitrogenLoader, NitrogenInstaller, NitrogenStager, Sliver, Cobalt Strike, BlackCat/ALPHV, KeeLoader Threat Score: 🔥 Critical (9.1/10) – Due to its modular, evasive attack chain, and confirmed links to
3 min read
MedusaLocker Variant ETHAN Deploys Stronger Encryption and Data Theft
Ransomware

MedusaLocker Variant ETHAN Deploys Stronger Encryption and Data Theft

Threat Group: MedusaLocker Threat Type: Ransomware Exploited Vulnerabilities: No specific vulnerabilities identified; relies on common malware distribution methods Malware Used: ETHAN Ransomware (variant of MedusaLocker) Threat Score: High (9.0/10) – Due to its double-extortion tactics, data encryption capabilities, and impact on critical business operations. Last Threat Observation: March 02,
3 min read
The New Ransomware Menace Vgod Gains Momentum
Ransomware

The New Ransomware Menace Vgod Gains Momentum

Threat Group – Vgod Crew Threat Type – Ransomware Exploited Vulnerabilities – Unpatched remote code execution flaws, vulnerabilities in VPNs, weak passwords Malware Used – Vgod Ransomware, Custom Trojanized Toolsets Threat Score – High (8.7 out of 10) – Reflecting advanced encryption, double extortion tactics, cross-platform targeting, and alignment with broader ransomware trends Last Threat
7 min read
Interlock Ransomware Targets FreeBSD and Critical Infrastructure
Ransomware

Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Threat Group: Interlock Threat Type: Ransomware Exploited Vulnerabilities: Network vulnerabilities; FreeBSD and VMware ESXi environments Malware Used: Interlock ransomware variants for FreeBSD and Windows Threat Score: High (8.0/10) — due to cross-platform targeting, focus on critical infrastructure, and double-extortion tactics Last Threat Observation: November 2024 Overview Interlock ransomware is
2 min read
Emerging Threat Play Ransomware Targets Critical Infrastructure
Ransomware

Emerging Threat Play Ransomware Targets Critical Infrastructure

Threat Type: Ransomware Exploited Vulnerabilities: Microsoft Exchange ProxyNotShell (CVE-2022-41040, CVE-2022-41082), FortiOS vulnerabilities (CVE-2018-13379, CVE-2020-12812), Remote Desktop Protocol (RDP) Malware Used: Play ransomware encryptor, custom VSS copying tool, Grixba information stealer Threat Score: Critical (9/10) — Enhanced threat level due to state-backed collaborations and increased targeting of high-value sectors Last Threat
3 min read
Akira Ransomware Adapts Its Tactics to Exploit Major Vulnerabilities in 2024
Ransomware

Akira Ransomware Adapts Its Tactics to Exploit Major Vulnerabilities in 2024

Threat Group: Akira Ransomware Threat Type: Ransomware Exploited Vulnerabilities: , CVE-2024-40766 (SonicWall), CVE-2020-3259 (Cisco), CVE-2023-20263 (Cisco), CVE-2023-20269 (Cisco), CVE-2023-27532 (Veeam), CVE-2023-48788 (Ubuntu), CVE-2024-37085 (SAP), CVE-2024-40711 (Microsoft) Malware Used: Akira, Megazord Threat Score: 8.5/10 Last Threat Observation: October 22, 2024 (Resurfaced) Overview Akira ransomware has resurfaced with advanced capabilities, exploiting
2 min read
Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities
Ransomware

Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities

Threat Group: Unattributed Threat Type: Hybrid ransomware with stealer capabilities Exploited Vulnerabilities: Outdated software, phishing, P2P downloads Malware Used: Crystal Rans0m (Rust-based) Threat Score: High (8.5/10) — Due to the combination of file encryption, information theft, modular structure, and anti-VM techniques. Last Threat Observation: October 21, 2024 Overview Crystal
2 min read