Tag
#Ransomware
45 published stories tagged with Ransomware.
Microsoft Disrupts Fox Tempest's Malware-Signing Service
馃毃 Microsoft just shut down a malware-signing service used by ransomware gangs. Defenders should verify if their systems are still trusting certificates from this disrupted service. 馃洝锔忦煕狅笍
Brief: cPanel vulnerability mass exploited in Sorry ransomware attacks
Security reporting described mass exploitation of a cPanel flaw associated with Sorry ransomware activity. Organizations running cPanel should check vendor advisories, patch status
Defender Guidance: cPanel vulnerability mass exploited in Sorry ransomware attacks
Security reporting described mass exploitation of a cPanel flaw associated with Sorry ransomware activity. Organizations running cPanel should check vendor advisories, patch status
Detection Notes: cPanel vulnerability mass exploited in Sorry ransomware attacks
Security reporting described mass exploitation of a cPanel flaw associated with Sorry ransomware activity. Organizations running cPanel should check vendor advisories, patch status
Risk Brief: cPanel vulnerability mass exploited in Sorry ransomware attacks
Security reporting described mass exploitation of a cPanel flaw associated with Sorry ransomware activity. Organizations running cPanel should check vendor advisories, patch status
Brief: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Defender Guidance: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Detection Notes: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Risk Brief: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Brief: Karakurt cold case negotiator sentenced in ransomware case
Ransomware coverage reported that a Karakurt-linked negotiator was sentenced to prison. The operational lesson is that ransomware ecosystems include brokers, negotiators, affiliate
Defender Guidance: Karakurt cold case negotiator sentenced in ransomware case
Ransomware coverage reported that a Karakurt-linked negotiator was sentenced to prison. The operational lesson is that ransomware ecosystems include brokers, negotiators, affiliate
Detection Notes: Karakurt cold case negotiator sentenced in ransomware case
Ransomware coverage reported that a Karakurt-linked negotiator was sentenced to prison. The operational lesson is that ransomware ecosystems include brokers, negotiators, affiliate
Risk Brief: Karakurt cold case negotiator sentenced in ransomware case
Ransomware coverage reported that a Karakurt-linked negotiator was sentenced to prison. The operational lesson is that ransomware ecosystems include brokers, negotiators, affiliate
Brief: VECT 2.0 ransomware behaves as data wiper for large files
BleepingComputer and Dark Reading reported that VECT 2.0 ransomware can act as a data wiper for large files. Defenders should treat destructive behavior as a recovery and business-
Defender Guidance: VECT 2.0 ransomware behaves as data wiper for large files
BleepingComputer and Dark Reading reported that VECT 2.0 ransomware can act as a data wiper for large files. Defenders should treat destructive behavior as a recovery and business-
Detection Notes: VECT 2.0 ransomware behaves as data wiper for large files
BleepingComputer and Dark Reading reported that VECT 2.0 ransomware can act as a data wiper for large files. Defenders should treat destructive behavior as a recovery and business-
Risk Brief: VECT 2.0 ransomware behaves as data wiper for large files
BleepingComputer and Dark Reading reported that VECT 2.0 ransomware can act as a data wiper for large files. Defenders should treat destructive behavior as a recovery and business-
Brief: Trigona ransomware uses custom exfiltration tooling
Recent ransomware reporting said Trigona operators used a custom exfiltration tool. The key defender action is to monitor data staging, unusual archive creation, and outbound trans
Defender Guidance: Trigona ransomware uses custom exfiltration tooling
Recent ransomware reporting said Trigona operators used a custom exfiltration tool. The key defender action is to monitor data staging, unusual archive creation, and outbound trans
Detection Notes: Trigona ransomware uses custom exfiltration tooling
Recent ransomware reporting said Trigona operators used a custom exfiltration tool. The key defender action is to monitor data staging, unusual archive creation, and outbound trans
Risk Brief: Trigona ransomware uses custom exfiltration tooling
Recent ransomware reporting said Trigona operators used a custom exfiltration tool. The key defender action is to monitor data staging, unusual archive creation, and outbound trans
Brief: Kyber ransomware adopts post-quantum-themed encryption claims
BleepingComputer reported that Kyber ransomware uses Kyber1024 post-quantum encryption. The practical risk remains ransomware resilience and recovery, not speculative quantum impac
Defender Guidance: Kyber ransomware adopts post-quantum-themed encryption claims
BleepingComputer reported that Kyber ransomware uses Kyber1024 post-quantum encryption. The practical risk remains ransomware resilience and recovery, not speculative quantum impac
Detection Notes: Kyber ransomware adopts post-quantum-themed encryption claims
BleepingComputer reported that Kyber ransomware uses Kyber1024 post-quantum encryption. The practical risk remains ransomware resilience and recovery, not speculative quantum impac
Risk Brief: Kyber ransomware adopts post-quantum-themed encryption claims
BleepingComputer reported that Kyber ransomware uses Kyber1024 post-quantum encryption. The practical risk remains ransomware resilience and recovery, not speculative quantum impac
Brief: Payouts King ransomware uses QEMU virtual machines
BleepingComputer reported that Payouts King ransomware uses QEMU virtual machines. VM-based execution can complicate host visibility, so defenders should monitor unexpected virtual
Defender Guidance: Payouts King ransomware uses QEMU virtual machines
BleepingComputer reported that Payouts King ransomware uses QEMU virtual machines. VM-based execution can complicate host visibility, so defenders should monitor unexpected virtual
Detection Notes: Payouts King ransomware uses QEMU virtual machines
BleepingComputer reported that Payouts King ransomware uses QEMU virtual machines. VM-based execution can complicate host visibility, so defenders should monitor unexpected virtual
Risk Brief: Payouts King ransomware uses QEMU virtual machines
BleepingComputer reported that Payouts King ransomware uses QEMU virtual machines. VM-based execution can complicate host visibility, so defenders should monitor unexpected virtual
Brief: Storm-1175 linked to Medusa ransomware deployment
Dark Reading reported that Microsoft linked a Medusa ransomware affiliate tracked as Storm-1175 to zero-day and n-day exploitation. The listing supports prioritizing exposure manag
Defender Guidance: Storm-1175 linked to Medusa ransomware deployment
Dark Reading reported that Microsoft linked a Medusa ransomware affiliate tracked as Storm-1175 to zero-day and n-day exploitation. The listing supports prioritizing exposure manag
Detection Notes: Storm-1175 linked to Medusa ransomware deployment
Dark Reading reported that Microsoft linked a Medusa ransomware affiliate tracked as Storm-1175 to zero-day and n-day exploitation. The listing supports prioritizing exposure manag
Risk Brief: Storm-1175 linked to Medusa ransomware deployment
Dark Reading reported that Microsoft linked a Medusa ransomware affiliate tracked as Storm-1175 to zero-day and n-day exploitation. The listing supports prioritizing exposure manag
Brief: Interlock ransomware targets Cisco enterprise firewalls
Dark Reading reported Interlock ransomware activity targeting Cisco enterprise firewalls. Network edge devices should be prioritized for patching, configuration review, and anomalo
Defender Guidance: Interlock ransomware targets Cisco enterprise firewalls
Dark Reading reported Interlock ransomware activity targeting Cisco enterprise firewalls. Network edge devices should be prioritized for patching, configuration review, and anomalo
Detection Notes: Interlock ransomware targets Cisco enterprise firewalls
Dark Reading reported Interlock ransomware activity targeting Cisco enterprise firewalls. Network edge devices should be prioritized for patching, configuration review, and anomalo
Risk Brief: Interlock ransomware targets Cisco enterprise firewalls
Dark Reading reported Interlock ransomware activity targeting Cisco enterprise firewalls. Network edge devices should be prioritized for patching, configuration review, and anomalo
Brief: Warlock ransomware post-exploitation activity shows need for dwell-time hunting
Dark Reading listed Warlock ransomware post-exploitation coverage. Defenders should hunt for lateral movement, credential access, and tooling before ransomware detonation.
Defender Guidance: Warlock ransomware post-exploitation activity shows need for dwell-time hunting
Dark Reading listed Warlock ransomware post-exploitation coverage. Defenders should hunt for lateral movement, credential access, and tooling before ransomware detonation.
Detection Notes: Warlock ransomware post-exploitation activity shows need for dwell-time hunting
Dark Reading listed Warlock ransomware post-exploitation coverage. Defenders should hunt for lateral movement, credential access, and tooling before ransomware detonation.
Risk Brief: Warlock ransomware post-exploitation activity shows need for dwell-time hunting
Dark Reading listed Warlock ransomware post-exploitation coverage. Defenders should hunt for lateral movement, credential access, and tooling before ransomware detonation.
Brief: Ransomware groups leak each other鈥檚 data amid cybercrime disputes
Dark Reading reported disputes between ransomware groups resulting in leaked data. The incident shows that cybercrime ecosystems are unstable, but it does not reduce risk to victim
Defender Guidance: Ransomware groups leak each other鈥檚 data amid cybercrime disputes
Dark Reading reported disputes between ransomware groups resulting in leaked data. The incident shows that cybercrime ecosystems are unstable, but it does not reduce risk to victim
Detection Notes: Ransomware groups leak each other鈥檚 data amid cybercrime disputes
Dark Reading reported disputes between ransomware groups resulting in leaked data. The incident shows that cybercrime ecosystems are unstable, but it does not reduce risk to victim
Risk Brief: Ransomware groups leak each other鈥檚 data amid cybercrime disputes
Dark Reading reported disputes between ransomware groups resulting in leaked data. The incident shows that cybercrime ecosystems are unstable, but it does not reduce risk to victim