Threat Group: Phobos Ransomware Operators Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Exposed Remote Desktop Protocol (RDP) Ports, Weak Passwords, Phishing Attacks Malware Used: Phobos Ransomware Overview: Phobos ransomware remains a significant and evolving threat, particularly targeting critical sectors such as healthcare, government, and education. Since its emergence in 2019, Phobos

Threat Group: - Qilin (formerly known as "Agenda") Threat Type: - Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: - Zero-day vulnerabilities, VPN access without multi-factor authentication (MFA), spear-phishing, and remote monitoring tools Malware Used: - Qilin Ransomware, with variants developed in Golang and Rust Threat Score: - High (8.8/10)

Overview KOK08 ransomware, identified as a variant of the Matrix ransomware family, is involved in malicious activities including file encryption and data exfiltration. This ransomware uses sophisticated methods that are consistent with the broader trends observed in 2024, where targeted attacks on critical infrastructure and high-value targets have become more

Overview Quorum Cyber's Incident Response team has discovered a new malware, SharpRhino, during a recent ransomware investigation. SharpRhino, attributed to the ransomware group Hunters International, functions as both an initial infection vector and a Remote Access Trojan (RAT). This malware exemplifies the sophisticated methods ransomware groups are employing

Overview Eldorado is a new ransomware-as-a-service (RaaS) operation that has emerged targeting both Windows and Linux systems. First appearing on March 16, 2024, when an advertisement for its affiliate program was posted on the ransomware forum RAMP, Eldorado has since gained notoriety for its sophisticated capabilities and widespread impact. Technical

Executive Summary: The threat posed by the Black Basta ransomware to critical infrastructure is immediate and severe, with a notable surge in aggressive activities targeting essential sectors such as healthcare and energy. Recent intelligence underscores the group's deployment of sophisticated methods, including advanced malware tools like QAKBOT, Brute

Overview KageNoHitobito is a ransomware that has been actively targeting Windows users globally. It encrypts files on local drives, appending a ".hitobito" extension, and demands a ransom through a ransom note displayed on the victim’s desktop. Victims are directed to contact the attackers via a Tor site