Rheinmetall attacked by BlackBasta ransomware

On Friday May 19, 2023, the German arms producer Rheinmetall acknowledged a cyber-incident at one of its subsidiaries in the private sector. The BlackBasta ransomware group has already claimed responsibility for the attack through its leak-site. Entry for Rheinmetall on BlackBasta leak site...

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator

A Russian national has been charged and indicted by the U.S. Department of Justice DoJ for launching ransomware attacks against "thousands of victims" in the country and across the world. Mikhail Pavlovich Matveev aka Wazawaka, m1x, Boriselcin, and Uhodiransomwar, the 30-year-old individual in...

Russian Hacker “Wazawaka” Indicted for Ransomware

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev, a.k.a. "Wazawaka" and "Boriselcin" worked with...

New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems

A new ransomware-as-service RaaS operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023. The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in ...

Ransomware review: May 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities

A few days ago we wrote about two vulnerabilities found in PaperCut application servers. As we noted, exploitation was fairly simple so there was some urgency to install the patches. My esteemed colleague Chris Boyd literally wrote: "Arbitrary code can be deployed, or even ransomware if thats par...

RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts

The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leak...

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response EDR software by means of a Bring Your Own Vulnerable Driver BYOVD attack. "The AuKill tool abuses an outdated version of the driver used by version...

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response EDR software by means of a Bring Your Own Vulnerable Driver BYOVD attack. "The AuKill tool abuses an outdated version of the driver used by version...

Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks

Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution RCE vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 CVSS score: 7.2, concerns a...

LockBit Ransomware Targets MacOS

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LockBit ransomware has been discovered on VirusTotal compiled for Apples macOS arm64 architecture, raising concerns about the ransomware threat on Mac devices. To receive real-time threat advisories,...

LockBit Ransomware Now Targeting Apple macOS Devices

Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system. The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has...

LockBit ransomware on Mac: Should we worry?

One of the big headlines over the weekend is LockBit, the high-profile Russian ransomware gang, decided to expand its portfolio of potential victims by creating and releasing its first macOS payload, potentially triggering members of the Apple community to panic. But have no fear: Apple security...

LockBit Ransomware Expands Attack Spectrum to Mac Devices

By Deeba Ahmed The new ransomware was spotted by MalwareHunterTeam, which is capable of encrypting macOS devices. This is a post from HackRead.com Read the original post: LockBit Ransomware Expands Attack Spectrum to Mac Devices...

An Analysis of the BabLock (aka Rorschach) Ransomware

This blog post analyzes a stealthy and expeditious ransomware called BabLock aka Rorschach, which shares many characteristics with LockBit...

Ransomware in France, April 2022–March 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, "known attacks" are attacks where the victim opted not to pay a ransom. This provides the best overall picture ...

Ransomware in the UK, April 2022–March 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, "known attacks" are attacks where the victim opted not to pay a ransom. This provides the best overall picture ...