12 matches found
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an...
Researchers Shed Light on CatB Ransomware's Evasion Techniques
The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of anothe...
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...
Vulnerabilities & Threats that Matter 18 – 24th July
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 497 11 2 Worldwide 6 33 For a detailed threat digest, download the pdf file here Summary The third week of July 2022 witnessed the discovery of 497 vulnerabilities out of...
Shade Threat Actors Call It Quits, Release 750K Encryption Keys
The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository earlier this week, one containing the file keys and four “ReadMe”...
Player 1 Limps Back Into the Ring - Hello again, Locky!
This post was authored by Alex Chiu, Warren Mercer, and Jaeson Schultz. Sean Baird and Matthew Molyett contributed to this post.Back in May, the Necurs spam botnet jettisoned Locky ransomware in favor of the new Jaff ransomware variant. However, earlier this month Kaspersky discovered a...
SMB Exploited: WannaCry Use of EternalBlue
Server Message Block SMB is the transport protocol used by Windows machines for a wide variety of purposes such as file sharing, printer sharing, and access to remote Windows services. SMB operates over TCP ports 139 and 445. In April 2017, Shadow Brokers released an SMB vulnerability named...
Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns
Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...
Locky is Back Asking for Unpaid Debts
On June 21, 2016, FireEye’s Dynamic Threat Intelligence DTI identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. As shown in Figure 1, Locky spam activity was uninterrupted until June 1,...