Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Threat Group: Interlock Threat Type: Ransomware Exploited Vulnerabilities: Network vulnerabilities; FreeBSD and VMware ESXi environments Malware Used: Interlock ransomware variants for FreeBSD and Windows Threat Score: High (8.0/10) — due to cross-platform targeting, focus on critical infrastructure, and double-extortion tactics Last Threat Observation: November 2024 Overview Interlock ransomware is

Emerging Threat Play Ransomware Targets Critical Infrastructure

Threat Type: Ransomware Exploited Vulnerabilities: Microsoft Exchange ProxyNotShell (CVE-2022-41040, CVE-2022-41082), FortiOS vulnerabilities (CVE-2018-13379, CVE-2020-12812), Remote Desktop Protocol (RDP) Malware Used: Play ransomware encryptor, custom VSS copying tool, Grixba information stealer Threat Score: Critical (9/10) — Enhanced threat level due to state-backed collaborations and increased targeting of high-value sectors Last Threat

Qilin.B New Variant Disrupts Backups and Evades Detection Tools

Threat Group: Qilin (formerly Agenda) Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Weak credentials, network misconfigurations Malware Used: Qilin.B variant Threat Score: High (8.5/10) — Due to enhanced encryption, evasion, and the ability to disrupt backup systems. Last Threat Observation: October 2024, spotted in attacks against healthcare and large

Akira Ransomware Adapts Its Tactics to Exploit Major Vulnerabilities in 2024

Threat Group: Akira Ransomware Threat Type: Ransomware Exploited Vulnerabilities: , CVE-2024-40766 (SonicWall), CVE-2020-3259 (Cisco), CVE-2023-20263 (Cisco), CVE-2023-20269 (Cisco), CVE-2023-27532 (Veeam), CVE-2023-48788 (Ubuntu), CVE-2024-37085 (SAP), CVE-2024-40711 (Microsoft) Malware Used: Akira, Megazord Threat Score: 8.5/10 Last Threat Observation: October 22, 2024 (Resurfaced) Overview Akira ransomware has resurfaced with advanced capabilities, exploiting

Fog Ransomware Goes Global, Disrupting U.S. and Australian Sectors

Threat Group: FOG Threat Type: Ransomware Exploited Vulnerabilities: Compromised VPN credentials, Windows system vulnerabilities Malware Used: FOG Ransomware (Variant of STOP/DJVU) Threat Score: High (8.5/10) – due to its rapid file encryption, expanding target range, and recent pivot towards data exfiltration for double extortion. Last Threat Observation: October