Topic
Ransomware.
49 stories of advisories, analysis, and defensive guidance in this topic.
Microsoft Disrupts Fox Tempest's Malware-Signing Service
馃毃 Microsoft just shut down a malware-signing service used by ransomware gangs. Defenders should verify if their systems are still trusting certificates from this disrupted service. 馃洝锔忦煕狅笍
Brief: cPanel vulnerability mass exploited in Sorry ransomware attacks
Security reporting described mass exploitation of a cPanel flaw associated with Sorry ransomware activity. Organizations running cPanel should check vendor advisories, patch status
Defender Guidance: cPanel vulnerability mass exploited in Sorry ransomware attacks
Security reporting described mass exploitation of a cPanel flaw associated with Sorry ransomware activity. Organizations running cPanel should check vendor advisories, patch status
Detection Notes: cPanel vulnerability mass exploited in Sorry ransomware attacks
Security reporting described mass exploitation of a cPanel flaw associated with Sorry ransomware activity. Organizations running cPanel should check vendor advisories, patch status
Risk Brief: cPanel vulnerability mass exploited in Sorry ransomware attacks
Security reporting described mass exploitation of a cPanel flaw associated with Sorry ransomware activity. Organizations running cPanel should check vendor advisories, patch status
Brief: Karakurt cold case negotiator sentenced in ransomware case
Ransomware coverage reported that a Karakurt-linked negotiator was sentenced to prison. The operational lesson is that ransomware ecosystems include brokers, negotiators, affiliate
Defender Guidance: Karakurt cold case negotiator sentenced in ransomware case
Ransomware coverage reported that a Karakurt-linked negotiator was sentenced to prison. The operational lesson is that ransomware ecosystems include brokers, negotiators, affiliate
Detection Notes: Karakurt cold case negotiator sentenced in ransomware case
Ransomware coverage reported that a Karakurt-linked negotiator was sentenced to prison. The operational lesson is that ransomware ecosystems include brokers, negotiators, affiliate
Risk Brief: Karakurt cold case negotiator sentenced in ransomware case
Ransomware coverage reported that a Karakurt-linked negotiator was sentenced to prison. The operational lesson is that ransomware ecosystems include brokers, negotiators, affiliate
Brief: VECT 2.0 ransomware behaves as data wiper for large files
BleepingComputer and Dark Reading reported that VECT 2.0 ransomware can act as a data wiper for large files. Defenders should treat destructive behavior as a recovery and business-
Defender Guidance: VECT 2.0 ransomware behaves as data wiper for large files
BleepingComputer and Dark Reading reported that VECT 2.0 ransomware can act as a data wiper for large files. Defenders should treat destructive behavior as a recovery and business-
Detection Notes: VECT 2.0 ransomware behaves as data wiper for large files
BleepingComputer and Dark Reading reported that VECT 2.0 ransomware can act as a data wiper for large files. Defenders should treat destructive behavior as a recovery and business-
Risk Brief: VECT 2.0 ransomware behaves as data wiper for large files
BleepingComputer and Dark Reading reported that VECT 2.0 ransomware can act as a data wiper for large files. Defenders should treat destructive behavior as a recovery and business-
Brief: Trigona ransomware uses custom exfiltration tooling
Recent ransomware reporting said Trigona operators used a custom exfiltration tool. The key defender action is to monitor data staging, unusual archive creation, and outbound trans
Defender Guidance: Trigona ransomware uses custom exfiltration tooling
Recent ransomware reporting said Trigona operators used a custom exfiltration tool. The key defender action is to monitor data staging, unusual archive creation, and outbound trans
Detection Notes: Trigona ransomware uses custom exfiltration tooling
Recent ransomware reporting said Trigona operators used a custom exfiltration tool. The key defender action is to monitor data staging, unusual archive creation, and outbound trans
Risk Brief: Trigona ransomware uses custom exfiltration tooling
Recent ransomware reporting said Trigona operators used a custom exfiltration tool. The key defender action is to monitor data staging, unusual archive creation, and outbound trans
Brief: Kyber ransomware adopts post-quantum-themed encryption claims
BleepingComputer reported that Kyber ransomware uses Kyber1024 post-quantum encryption. The practical risk remains ransomware resilience and recovery, not speculative quantum impac
Defender Guidance: Kyber ransomware adopts post-quantum-themed encryption claims
BleepingComputer reported that Kyber ransomware uses Kyber1024 post-quantum encryption. The practical risk remains ransomware resilience and recovery, not speculative quantum impac
Detection Notes: Kyber ransomware adopts post-quantum-themed encryption claims
BleepingComputer reported that Kyber ransomware uses Kyber1024 post-quantum encryption. The practical risk remains ransomware resilience and recovery, not speculative quantum impac
Risk Brief: Kyber ransomware adopts post-quantum-themed encryption claims
BleepingComputer reported that Kyber ransomware uses Kyber1024 post-quantum encryption. The practical risk remains ransomware resilience and recovery, not speculative quantum impac
Brief: Gentlemen ransomware uses SystemBC botnet infrastructure
Ransomware reporting connected Gentlemen ransomware activity with the SystemBC botnet. Defenders should watch for proxy malware, suspicious persistence, and command-and-control beh
Defender Guidance: Gentlemen ransomware uses SystemBC botnet infrastructure
Ransomware reporting connected Gentlemen ransomware activity with the SystemBC botnet. Defenders should watch for proxy malware, suspicious persistence, and command-and-control beh
Detection Notes: Gentlemen ransomware uses SystemBC botnet infrastructure
Ransomware reporting connected Gentlemen ransomware activity with the SystemBC botnet. Defenders should watch for proxy malware, suspicious persistence, and command-and-control beh
Risk Brief: Gentlemen ransomware uses SystemBC botnet infrastructure
Ransomware reporting connected Gentlemen ransomware activity with the SystemBC botnet. Defenders should watch for proxy malware, suspicious persistence, and command-and-control beh
Brief: Payouts King ransomware uses QEMU virtual machines
BleepingComputer reported that Payouts King ransomware uses QEMU virtual machines. VM-based execution can complicate host visibility, so defenders should monitor unexpected virtual
Defender Guidance: Payouts King ransomware uses QEMU virtual machines
BleepingComputer reported that Payouts King ransomware uses QEMU virtual machines. VM-based execution can complicate host visibility, so defenders should monitor unexpected virtual
Detection Notes: Payouts King ransomware uses QEMU virtual machines
BleepingComputer reported that Payouts King ransomware uses QEMU virtual machines. VM-based execution can complicate host visibility, so defenders should monitor unexpected virtual
Risk Brief: Payouts King ransomware uses QEMU virtual machines
BleepingComputer reported that Payouts King ransomware uses QEMU virtual machines. VM-based execution can complicate host visibility, so defenders should monitor unexpected virtual
Brief: Storm-1175 linked to Medusa ransomware deployment
Dark Reading reported that Microsoft linked a Medusa ransomware affiliate tracked as Storm-1175 to zero-day and n-day exploitation. The listing supports prioritizing exposure manag
Defender Guidance: Storm-1175 linked to Medusa ransomware deployment
Dark Reading reported that Microsoft linked a Medusa ransomware affiliate tracked as Storm-1175 to zero-day and n-day exploitation. The listing supports prioritizing exposure manag
Detection Notes: Storm-1175 linked to Medusa ransomware deployment
Dark Reading reported that Microsoft linked a Medusa ransomware affiliate tracked as Storm-1175 to zero-day and n-day exploitation. The listing supports prioritizing exposure manag
Risk Brief: Storm-1175 linked to Medusa ransomware deployment
Dark Reading reported that Microsoft linked a Medusa ransomware affiliate tracked as Storm-1175 to zero-day and n-day exploitation. The listing supports prioritizing exposure manag
Brief: Interlock ransomware targets Cisco enterprise firewalls
Dark Reading reported Interlock ransomware activity targeting Cisco enterprise firewalls. Network edge devices should be prioritized for patching, configuration review, and anomalo
Defender Guidance: Interlock ransomware targets Cisco enterprise firewalls
Dark Reading reported Interlock ransomware activity targeting Cisco enterprise firewalls. Network edge devices should be prioritized for patching, configuration review, and anomalo
Detection Notes: Interlock ransomware targets Cisco enterprise firewalls
Dark Reading reported Interlock ransomware activity targeting Cisco enterprise firewalls. Network edge devices should be prioritized for patching, configuration review, and anomalo
Risk Brief: Interlock ransomware targets Cisco enterprise firewalls
Dark Reading reported Interlock ransomware activity targeting Cisco enterprise firewalls. Network edge devices should be prioritized for patching, configuration review, and anomalo
Brief: Warlock ransomware post-exploitation activity shows need for dwell-time hunting
Dark Reading listed Warlock ransomware post-exploitation coverage. Defenders should hunt for lateral movement, credential access, and tooling before ransomware detonation.
Defender Guidance: Warlock ransomware post-exploitation activity shows need for dwell-time hunting
Dark Reading listed Warlock ransomware post-exploitation coverage. Defenders should hunt for lateral movement, credential access, and tooling before ransomware detonation.
Detection Notes: Warlock ransomware post-exploitation activity shows need for dwell-time hunting
Dark Reading listed Warlock ransomware post-exploitation coverage. Defenders should hunt for lateral movement, credential access, and tooling before ransomware detonation.
Risk Brief: Warlock ransomware post-exploitation activity shows need for dwell-time hunting
Dark Reading listed Warlock ransomware post-exploitation coverage. Defenders should hunt for lateral movement, credential access, and tooling before ransomware detonation.
Brief: INC ransomware activity targets healthcare organizations in Oceania
Dark Reading reported INC ransomware activity affecting healthcare in Oceania. Healthcare defenders should prioritize backups, segmentation, identity controls, and downtime procedu
Defender Guidance: INC ransomware activity targets healthcare organizations in Oceania
Dark Reading reported INC ransomware activity affecting healthcare in Oceania. Healthcare defenders should prioritize backups, segmentation, identity controls, and downtime procedu
Detection Notes: INC ransomware activity targets healthcare organizations in Oceania
Dark Reading reported INC ransomware activity affecting healthcare in Oceania. Healthcare defenders should prioritize backups, segmentation, identity controls, and downtime procedu
Risk Brief: INC ransomware activity targets healthcare organizations in Oceania
Dark Reading reported INC ransomware activity affecting healthcare in Oceania. Healthcare defenders should prioritize backups, segmentation, identity controls, and downtime procedu
Brief: Ransomware groups leak each other鈥檚 data amid cybercrime disputes
Dark Reading reported disputes between ransomware groups resulting in leaked data. The incident shows that cybercrime ecosystems are unstable, but it does not reduce risk to victim
Defender Guidance: Ransomware groups leak each other鈥檚 data amid cybercrime disputes
Dark Reading reported disputes between ransomware groups resulting in leaked data. The incident shows that cybercrime ecosystems are unstable, but it does not reduce risk to victim
Detection Notes: Ransomware groups leak each other鈥檚 data amid cybercrime disputes
Dark Reading reported disputes between ransomware groups resulting in leaked data. The incident shows that cybercrime ecosystems are unstable, but it does not reduce risk to victim
Risk Brief: Ransomware groups leak each other鈥檚 data amid cybercrime disputes
Dark Reading reported disputes between ransomware groups resulting in leaked data. The incident shows that cybercrime ecosystems are unstable, but it does not reduce risk to victim