Ransomware - Cybersec Sentinel

Ransomware

A collection of 24 posts

Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Threat Group: Interlock Threat Type: Ransomware Exploited Vulnerabilities: Network vulnerabilities; FreeBSD and VMware ESXi environments Malware Used: Interlock ransomware variants for FreeBSD and Windows Threat Score: High (8.0/10) — due to cross-platform targeting, focus on critical infrastructure, and double-extortion tactics Last Threat Observation: November 2024 Overview Interlock ransomware is

Emerging Threat Play Ransomware Targets Critical Infrastructure

Emerging Threat Play Ransomware Targets Critical Infrastructure

Threat Type: Ransomware Exploited Vulnerabilities: Microsoft Exchange ProxyNotShell (CVE-2022-41040, CVE-2022-41082), FortiOS vulnerabilities (CVE-2018-13379, CVE-2020-12812), Remote Desktop Protocol (RDP) Malware Used: Play ransomware encryptor, custom VSS copying tool, Grixba information stealer Threat Score: Critical (9/10) — Enhanced threat level due to state-backed collaborations and increased targeting of high-value sectors Last Threat

Qilin.B New Variant Disrupts Backups and Evades Detection Tools

Qilin.B New Variant Disrupts Backups and Evades Detection Tools

Threat Group: Qilin (formerly Agenda) Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Weak credentials, network misconfigurations Malware Used: Qilin.B variant Threat Score: High (8.5/10) — Due to enhanced encryption, evasion, and the ability to disrupt backup systems. Last Threat Observation: October 2024, spotted in attacks against healthcare and large

Akira Ransomware Adapts Its Tactics to Exploit Major Vulnerabilities in 2024

Akira Ransomware Adapts Its Tactics to Exploit Major Vulnerabilities in 2024

Threat Group: Akira Ransomware Threat Type: Ransomware Exploited Vulnerabilities: , CVE-2024-40766 (SonicWall), CVE-2020-3259 (Cisco), CVE-2023-20263 (Cisco), CVE-2023-20269 (Cisco), CVE-2023-27532 (Veeam), CVE-2023-48788 (Ubuntu), CVE-2024-37085 (SAP), CVE-2024-40711 (Microsoft) Malware Used: Akira, Megazord Threat Score: 8.5/10 Last Threat Observation: October 22, 2024 (Resurfaced) Overview Akira ransomware has resurfaced with advanced capabilities, exploiting

Fog Ransomware Goes Global, Disrupting U.S. and Australian Sectors

Fog Ransomware Goes Global, Disrupting U.S. and Australian Sectors

Threat Group: FOG Threat Type: Ransomware Exploited Vulnerabilities: Compromised VPN credentials, Windows system vulnerabilities Malware Used: FOG Ransomware (Variant of STOP/DJVU) Threat Score: High (8.5/10) – due to its rapid file encryption, expanding target range, and recent pivot towards data exfiltration for double extortion. Last Threat Observation: October

Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities

Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities

Threat Group: Unattributed Threat Type: Hybrid ransomware with stealer capabilities Exploited Vulnerabilities: Outdated software, phishing, P2P downloads Malware Used: Crystal Rans0m (Rust-based) Threat Score: High (8.5/10) — Due to the combination of file encryption, information theft, modular structure, and anti-VM techniques. Last Threat Observation: October 21, 2024 Overview Crystal

Trinity Ransomware Targets Critical Infrastructure with Double Extortion

Trinity Ransomware Targets Critical Infrastructure with Double Extortion

Threat Group: - Trinity Ransomware Threat Type: - Ransomware (Double Extortion) Exploited Vulnerabilities: - Unpatched Software, Phishing, Remote Desktop Protocol (RDP) Malware Used: - Trinity Ransomware (.trinitylock extension) Threat Score: - 8.5/10 – High risk, targeting critical sectors like healthcare, with advanced encryption and data exfiltration tactics. Last Threat

Lynx Ransomware Strikes New Targets Unveiling Advanced Encryption Techniques

Lynx Ransomware Strikes New Targets Unveiling Advanced Encryption Techniques

Threat Group: Lynx Threat Type: Ransomware Exploited Vulnerabilities: Targets file encryption vulnerabilities with privilege escalation techniques Malware Used: Modified ransomware code derived from INC ransomware Threat Score: High (8.2/10) — Due to advanced encryption techniques, privilege escalation methods, and cross-sector targeting Last Threat Observation: October 3, 2024, by Rapid7

ELPACO-Team Ransomware: Escalating Threat to Windows Systems

ELPACO-Team Ransomware: Escalating Threat to Windows Systems

Threat Group: ELPACO-team Threat Type: Ransomware Exploited Vulnerabilities: Outdated software and phishing emails Malware Used: ELPACO-team Ransomware Threat Score: High (8.2/10) Last Threat Observation: October 2024 Overview The ELPACO-team ransomware is a malicious strain designed to encrypt files and demand ransom payments in cryptocurrency for their release. Known

Andariel Hacking Group Targets Global Defense and Infrastructure Sectors

Andariel Hacking Group Targets Global Defense and Infrastructure Sectors

Threat Group: - Andariel (Subgroup of Lazarus Group, aka Stonefly, Silent Chollima, Onyx Sleet) Threat Type: - Advanced Persistent Threat (APT), Ransomware, Cyber Espionage Exploited Vulnerabilities: - CVE-2023-22515 (Atlassian Confluence), CVE-2023-27350 (PaperCut), CVE-2023-42793 (TeamCity), CVE-2021-44228 (Apache Log4j) Malware Used: - DTrack, Maui, Dora RAT, Nukebot, SHATTEREDGLASS, Sliver, Mimikatz Threat Score: