Ransomware

A collection of 29 posts
Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities
Ransomware

Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities

Threat Group: Unattributed Threat Type: Hybrid ransomware with stealer capabilities Exploited Vulnerabilities: Outdated software, phishing, P2P downloads Malware Used: Crystal Rans0m (Rust-based) Threat Score: High (8.5/10) — Due to the combination of file encryption, information theft, modular structure, and anti-VM techniques. Last Threat Observation: October 21, 2024 Overview Crystal
2 min read
Lynx Ransomware Strikes New Targets Unveiling Advanced Encryption Techniques
Ransomware

Lynx Ransomware Strikes New Targets Unveiling Advanced Encryption Techniques

Threat Group: Lynx Threat Type: Ransomware Exploited Vulnerabilities: Targets file encryption vulnerabilities with privilege escalation techniques Malware Used: Modified ransomware code derived from INC ransomware Threat Score: High (8.2/10) — Due to advanced encryption techniques, privilege escalation methods, and cross-sector targeting Last Threat Observation: October 3, 2024, by Rapid7
2 min read
Andariel Hacking Group Targets Global Defense and Infrastructure Sectors
Ransomware

Andariel Hacking Group Targets Global Defense and Infrastructure Sectors

Threat Group: - Andariel (Subgroup of Lazarus Group, aka Stonefly, Silent Chollima, Onyx Sleet) Threat Type: - Advanced Persistent Threat (APT), Ransomware, Cyber Espionage Exploited Vulnerabilities: - CVE-2023-22515 (Atlassian Confluence), CVE-2023-27350 (PaperCut), CVE-2023-42793 (TeamCity), CVE-2021-44228 (Apache Log4j) Malware Used: - DTrack, Maui, Dora RAT, Nukebot, SHATTEREDGLASS, Sliver, Mimikatz Threat Score:
3 min read
Storm-0501 Expands Ransomware Reach by Targeting Cloud Infrastructure
Ransomware

Storm-0501 Expands Ransomware Reach by Targeting Cloud Infrastructure

Threat Group: Storm-0501 Threat Type: Ransomware Exploited Vulnerabilities: Zoho ManageEngine (CVE-2022-47966), Citrix NetScaler (CVE-2023-4966), ColdFusion (CVE-2023-29300) Malware Used: Embargo Ransomware Threat Score: High (8.5/10) — Due to significant lateral movement across hybrid cloud environments, strong persistence mechanisms, and critical data exfiltration. Last Threat Observation: September 2024 by Microsoft Threat
3 min read
Kransom Ransomware Exploits DLL Side-Loading and Certificate Misuse
Ransomware

Kransom Ransomware Exploits DLL Side-Loading and Certificate Misuse

Threat Group: Kransom Threat Type: Ransomware Exploited Vulnerabilities: Unpatched software vulnerabilities, phishing Malware Used: Kransom Ransomware Threat Score: High (8/10) — Advanced evasion techniques and use of legitimate digital certificates make detection challenging Last Threat Observation: September 2024, verified through multiple cybersecurity sources Overview Kransom ransomware is a newly identified
2 min read