218 matches found
Conti vs. LockBit: A Comparative Analysis of Ransomware Groups
We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022...
Conti ransomware group’s pulse stops, but did it fake its own death?
The dark web leak site used by the notorious Conti ransomware gang has disappeared, along with the chat function it used to negotiate ransoms with victims. For as long as this infrastructure is down the group is unable to operate and a significent threat is removed from the pantheon of ransomware...
Karakurt extortion group: Threat profile
The FBI Federal Bureau of Investigation, together with CISA Cybersecurity and Infrastructure Security Agency and other federal agencies, recently released a joint cybersecurity advisory CSA about the Karakurt data extortion group also known as Karakurt Team and Karakurt Lair. Like RansomHouse,...
Hacking Scenarios: How Hackers Choose Their Victims
Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year. May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January. Conti, a...
Ransomware: May 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. Conti sleight of hand? Although LockBit remained the most widely-deployed ransomware in May 2022, it was,...
Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks
An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. "Control over firmware gives attackers...
Using Python to unearth a goldmine of threat intelligence from leaked chat logs
Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. I...
Using Python to unearth a goldmine of threat intelligence from leaked chat logs
Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. I...
Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down its attack infrastructure in favor of migrating their malicious cyber activities to other ancillary operations, including Karakurt and BlackByte. "From the...
North Korean IT Workers Are Infiltrating Tech Companies
Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news...
Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to...
A week in security (May 9 – 15)
Last week on Malwarebytes Labs: How to spot the signs of a virtual kidnap scam Virtual credit cards coming to Chrome: What you need to know Clearview AI banned from selling facial recognition data in the US Cyberattacks on SATCOM networks attributed to Russian threat actors F5 BIG-IP vulnerabilit...
Ransom.Conti MVID-2022-0602 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7ba20fce7ac259f6062f73290c2e28cf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Ransom.Conti MVID-2022-0603 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/6748dfe8e64dea2fc4c14691f7e766c6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
New ransomware trends in 2022
Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop...
Conti Ransomware Attack Spurs State of Emergency in Costa Rica
Costa Rican President Rodrigo Chaves declared a state of national cybersecurity emergency over the weekend following a financially motivated Conti ransomware attack against his administration that has hamstrung the government and economy of the Latin American nation. The attack—attributed to the...
Costa Rica continues defence against sustained Conti ransomware attacks
Its not been plain sailing recently for Conti ransomware, the Ransomware as a Service RaaS group with several major attacks under its belt. In August last year, a pen tester leaked valuable manuals and documents related to the operation. These leaks continued as the Conti gang expressed support f...
U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers
The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convi...
Ransom.Conti Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/20f0c736a966142de88dee06a2e4a5b1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Ransomware: April 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022 was most notable for the emergence of three new ransomware-as-a-service RaaS groups—Onyx, Mindwar...