The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service RaaS schemes like LockBit aka Tenacious Mantis...

Akira ransomware continues to evolve

Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos' findings and analysis. Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version o...

A week in security (February 12 – February 18)

Last week on Malwarebytes Labs: GoldPickaxe Trojan steals your face! Microsoft Exchange vulnerability actively exploited Massive utility scam campaign spreads via online ads Facebook Marketplace users’ stolen data offered for sale How ransomware changed in 2023 Malwarebytes crushes malware all th...

A Deep Dive into the Evolution of Ransomware Part 1

This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends...

What is ransomware-as-a-service and how is it evolving?

Ransomware attacks are becoming more frequent and costlier--breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. Whats more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service...

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware

In less time than it takes to get a stuffed crust pizza delivered, a new group called SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group’s threat intelligence team — no ransomware...

How cyberattacks are changing according to new Microsoft Digital Defense Report

In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are...

Exclusive Ransomware Poll: 80% of Victims Don’t Pay Up

Ransomware is on the rise, but what toll does it take on the real world? Threatpost set out to answer that question in an exclusive poll aimed at taking the pulse of organizations wrestling with attacks, including looking at mitigations and the defenses organizations have in place. When viewed...

On the Taxonomy and Evolution of Ransomware

Given the frequency with which “ransomware” appears in news articles, it may be worthwhile to take a step back and actually consider what the term means. Any malware or attack that culminates in extorting ransom from the victim is commonly referred to as ransomware. The general idea is to encrypt...

Becoming resilient by understanding cybersecurity risks: Part 4—navigating current threats

In part three of this blog series on aligning security with business objectives and risk, we explored what it takes for security leaders to shift from looking at their mission as purely defending against technical attacks, to one that focuses on protecting valuable business assets, data, and...

M-Trends 2021: A View From the Front Lines

We are thrilled to launch M-Trends 2021, the 12th edition of our annual FireEye Mandiant publication. The past year has been unique, as we witnessed an unprecedented combination of global events. Business operations shifted in response to the worldwide pandemic and threat actors continued to...

A week in security (February 17 – 23)

Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...

Excerpts from The Ransomware Economy: Emergence and Innovation

Carbon Black recently published an investigative report on the Dark Web marketplace for ransomware. This is an excerpt from that report, which you can find here. For more information about the rise of ransomware, and what you can do about it, check out the Future-Proof Your Ransomware Prevention...

KSN Report: Ransomware in 2016-2017

This report has been prepared using depersonalized data processed by Kaspersky Security Network KSN. The metrics are based on the number of distinct users of Kaspersky Lab products with the KSN feature enabled, who encountered ransomware at least once in a given period, as well as research into t...

MSRT July 2016 – Cerber ransomware

As part of our ongoing effort to provide better malware protection, the July 2016 release of the Microsoft Malicious Software Removal Tool MSRT includes detection for Win32/Cerber, a prevalent ransomware family. The inclusion in MSRT complements our Cerber-specific family detections in Windows...

Meet The Cryptoworm, The Future of Ransomware

Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and...