Lucene search
K

74 matches found

The Hacker News
The Hacker News
added 2026/04/06 6:59 a.m.5 views

BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks

Germany's Federal Criminal Police Office aka BKA or the Bundeskriminalamt has unmasked the real identities of two of the key figures associated with the now-defunct REvil aka Sodinokibi ransomware-as-a-service RaaS operation. One of the threat actors, who went by the alias UNKN , functioned as a...

5.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/04/06 2:7 a.m.7 views

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

An elusive hacker who went by the handle "UNKN " and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/09/12 5:0 p.m.67 views

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...

4.1CVSS7.3AI score0.12107EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/02/17 9:24 p.m.24 views

Threat Round up for February 10 to February 17

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Feb. 10 and Feb. 17. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/10 1:2 p.m.23 views

New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity

The notorious ransomware operation known as REvil aka Sodin or Sodinokibi has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2022/02/23 2:0 p.m.176 views

Creaky Old WannaCry, GandCrab Top the Ransomware Scene

What’s old in ransomware is new again. Or, more accurately, never really went away. New analysis shows that for a years-old malware, WannaCry is still a viciously active pest. The self-propagating ransomware cryptoworm that’s been parasitizing victims since 2017 was the top most detected ransomwa...

8.5AI score
Exploits0References19
ThreatPost
ThreatPost
added 2022/02/10 11:16 p.m.207 views

Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares

The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a forum post. The liberator, using the handle “Topleak,” described themselves as the developer of the three ransomwares. It’s been lovely,...

8.6AI score
Exploits0References21
ThreatPost
ThreatPost
added 2020/03/06 9:50 p.m.85 views

Next-Gen Ransomware Packs a 'Human' Punch, Microsoft Warns

Researchers are warning that “human operated” ransomware campaigns are growing more sophisticated, adopting new infection tactics and lateral movement techniques that traditional defense teams aren’t equipped to handle. Researchers said that “auto-spreading” ransomware – like WannaCry and NotPety...

1.1AI score
Exploits0References15
Talos Blog
Talos Blog
added 2020/02/21 10:43 a.m.466 views

Threat Roundup for February 14 to February 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 14 and Feb. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
ThreatPost
ThreatPost
added 2019/10/17 8:17 p.m.60 views

Phorpiex Botnet Shifts Gears From Ransomware to Sextortion

A recent wide-scale campaign indicates that a decade-old botnet is shifting gears from distributing ransomware to delivering millions of sextortion threats to innocent recipients. Worse, researchers say that the botnet’s spam campaign can affect up to 27 million potential victims. The botnet,...

7.4AI score
Exploits0References9
Trellix
Trellix
added 2019/10/14 12:0 a.m.10 views

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money

ARCHIVED STORY McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money By John Fokker · October 14, 2019 Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandCrab, the mos...

6.6AI score
Exploits0
Trellix
Trellix
added 2019/10/02 12:0 a.m.14 views

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - The All-Stars | McAfee Blogs

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars John Fokker · OCT 02, 2019 Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi...

0.8AI score
Exploits0
Trellix
Trellix
added 2019/10/02 12:0 a.m.47 views

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us By McAfee Labs · October 2, 2019 Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team ATR observed a new ransomware family in the wild, dubbed Sodinokibi or REvil, at the end of April 201...

8.1AI score0.69833EPSS
Exploits9
Trellix
Trellix
added 2019/10/02 12:0 a.m.35 views

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us By McAfee Labs · October 2, 2019 Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team ATR observed a new ransomware family in the wild, dubbed Sodinokibi or REvil, at the end of April 201...

7.8CVSS8.1AI score0.69833EPSS
Exploits9
ThreatPost
ThreatPost
added 2019/09/27 12:0 p.m.121 views

News Wrap: GandCrab Operators Resurface, Utilities Firms Hit By LookBack Malware

On this week’s news wrap podcast, Threatpost editors Tara Seals and Lindsey O’Donnell break down the top news, including: Despite claiming they were retiring, GandCrab’s authors have been linked to the REvil/Sodinokibi ransomware via a technical analysis. A spearphishing campaign, first spotted i...

7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/09/24 9:0 p.m.84 views

GandCrab Operators Resurface with REvil Malware

The malware that hit 22 Texas municipalities and various dentist offices around the country recently is likely the work of the crew behind the GandCrab ransomware – indicating that the group didn’t really retire after all. In late May, the GandCrab operators said they decided to ride off into the...

7.4AI score
Exploits0References12
Talos Blog
Talos Blog
added 2019/09/06 11:33 a.m.225 views

Threat Roundup for August 30 to September 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 30 and Sept. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
ThreatPost
ThreatPost
added 2019/08/19 7:49 p.m.88 views

Post GandCrab, Cybercriminals Scouring the Dark Web for the Next Top Ransomware

Ransomware continues to be a top threat, with Friday’s ransomware attack on 23 Texas local government and agencies and two in June on dual Florida cities – Lake City and Riviera Beach, resulting in a decision to pay off the hackers — acting as perfect examples of just how lucrative this type of...

6.8AI score
Exploits0References6
Carbon Black Blog
Carbon Black Blog
added 2019/08/16 6:28 p.m.146 views

CB TAU Threat Intelligence Notification: Sodinokibi Ransomware

Sodinokibi otherwise known as Sodin or REvil is a ransomware variant that has recently been observed evolving its delivery techniques, leveraging fake antivirus software and PowerShell droppers. This malware appears to be related to GandCrab and is likely a result of their operation closing up...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/07/25 1:45 p.m.1 views

Popular Malware Families Using 'Process Doppelgänging' to Evade Detection

The fileless code injection technique called Process Doppelgänging is actively being used by not just one or two but a large number of malware families in the wild, a new report shared with The Hacker News revealed. Discovered in late 2017, Process Doppelgänging is a fileless variation of Process...

7.3AI score
Exploits0
Rows per page
Query Builder