Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers

A financially motivated threat actor has been outed as an initial access broker IAB that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit CTU has dubbed the e-crime group Gold Melody, which is also kno...

Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares

The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a forum post. The liberator, using the handle “Topleak,” described themselves as the developer of the three ransomwares. It’s been lovely,...

Ransomware author releases decryption keys, says goodbye forever

Update 12th February: An earlier version of this post incorrectly stated that the decryption tool used to unlock files existed prior to the keys being released - this has now been corrected. If you’re unfortunate enough to be caught out by ransomware, the consequences can be devastating. You may ...

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware...

New ‘White Rabbit’ Ransomware May Be New FIN8 Tool

A new ransomware family, White Rabbit, chewed through a local U.S. bank last month — and it may be connected to the financially motivated advanced persistent threat APT group known as FIN8, researchers said. In a Tuesday report, Trend Micro researchers said that this twicky wabbit knows how to...

New Ransomware Variants Flourish Amid Law Enforcement Actions

Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. "Be it due to law enforcement,...

A closer look at Qakbot’s latest building blocks (and how to knock them down)

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...

Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets

As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets...

This Week in Security News - April 2, 2021

Alleged Members of Egregor Ransomware Cartel Arrested and Cybercriminals Home in on Manufacturers...

HelloKitty: When Cyberpunk met cy-purr-crime

On February 9, after discovering a compromise, CD Projekt Red CDPR announced to its 1+ million followers on Twitter that it was the victim of a ransomware attack against its systems and made it clear they would not yield to the demands of the threat actors, nor negotiate. Cyberpunk 2077, the late...

So Unchill: Melting UNC2198 ICEDID to Ransomware Operations

Mandiant Advanced Practices AP closely tracks the shifting tactics, techniques, and procedures TTPs of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a blog post detailing intrusion tradecraft associated with the deployment of MAZE. ...

Egregor ransomware hit by arrests

In a collaboration between French and Ukranian law enforcement, arrests have been made that might put a dent in one of the worlds most sophisticated ransomware operations. As reported first by France Inter, law enforcement made the arrests after French authorities traced ransom payments to...

Extortion, precision malware, and ruthless scams. Read the State of Malware 2021 report

Last year, threat actors took advantage of the COVID-19 public health crisis in a way previously considered unimaginable, not only preying on uncertainty and fear during the initial months of the global pandemic, but retooling attack methods, reneging on promises, strengthening malware, and...

Members of the infamous Egregor ransomware arrested in Ukraine

By Deeba Ahmed Ukrainian and French police conducted a joint operation to disrupt the Egregor ransomware group. Here's what we know so far. This is a post from HackRead.com Read the original post: Members of the infamous Egregor ransomware arrested in Ukraine...

FBI Warns of Egregor Attacks on Businesses Worldwide

The FBI has alerted companies in the private sector to a spate of attacks using the Egregor ransomware. The malware currently is raging a warpath across businesses worldwide and has already compromised more than 150 organizations. The agency issued an advisory PDF that also shed new light and...

A week in security (December 14 – December 20)

Last week on Malwarebytes Labs we kept you updated on the SolarWinds attack, we warned about the special dangers that come with the Christmas season, published a threat profile for the Egregor ransomware, warned how a lead generation scam was targeting potential Malwarebytes MSP partners, and...

Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor

Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform. These overarching changes make it both easier for cybercriminals to deploy the backdoor, as well as cloak the destination of the command-and-control C2 traffic...

Vancouver Metro Disrupted by Egregor Ransomware

The threat actors behind the Egregor ransomware are showing a prolificacy in their early months of activity. On the heels of targeting struggling U.S. retailer Kmart, the Egregor gang also disrupted the Vancouver metro system with a ransomware attack. Translink, the Canadian city’s public...

Kmart, Latest Victim of Egregor Ransomware – Report

Retail stalwart Kmart has suffered a ransomware attack at the hands of the Egregor gang, according to a report. The incident has encrypted devices and servers connected to the company’s networks, knocking out back-end services, according to BleepingComputer. The outlet obtained the purported rans...

VideoBytes: Is it goodbye forever to Maze ransomware?

Hello Folks! In this Videobyte we’re talking about Maze ransomware and whether or not its shutting down, and what that means for the cybercrime world. The notorious Maze ransomware group, known for its corporate targeting and data leaking extortion schemes is, apparently, shutting down operations...