Lucene search
K

22 matches found

Securelist
Securelist
added 3 days ago7 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/28 3:0 p.m.22 views

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

In this article 1. Pre-encryption 2. File encryption 3. Post-encryption 4. Defending against The Gentlemen ransomware 5. Microsoft Defender detections and hunting guidance 6. Indicators of compromise Ransomware that combines robust encryption with rapid lateral movement significantly increases th...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/01 9:56 a.m.6 views

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

The U.S. Department of Justice DoJ on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg , 40, of Georgia, and Kevin Martin , 36, of Texas, were accused of deploying th...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/19 2:25 p.m.11 views

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits fe...

9.8CVSS6.7AI score0.99999EPSS
Exploits42
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.10 views

Enhanced Cyber Threat Intelligence by Network Forensic Analysis for Ransomware As a Service(RaaS) Malwares

In the current era of interconnected cyberspace, there is an adverse effect of ransomware on individuals, startups, and large companies. Cybercriminals hold digital assets till the demand for payment is made. The success of ransomware upsurged with the introduction of Ransomware as a ServiceRaaS...

5.5AI score
Exploits0
Trellix
Trellix
added 2026/01/15 12:0 a.m.4 views

Dark Web Roast December 2025 Edition

Dark Web Roast - December 2025 Edition By Trellix Advanced Research Center · January 15, 2026 Executive summary December 2025 delivered a spectacular finale to the year's cybercriminal comedy show, featuring Global Ransomware-as-a-Service RaaS operator liquidating their empire for pocket change,...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/26 2:31 p.m.11 views

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service RaaS group, Qilin, with potential involvement from North...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-30270

Malware in sbrugna...

5.5CVSS5.5AI score0.00384EPSS
Exploits1References4
Rapid7 Blog
Rapid7 Blog
added 2025/06/03 12:0 a.m.4 views

From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime

Introduction In the ever-evolving landscape of cyber threat actors, the lines between ideologically driven hacktivism and financially motivated cybercriminals have become increasingly blurred. Originally fueled by political, social, or ethical causes, hacktivist groups have historically engaged i...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:44 p.m.7 views

CVE-2020-9451

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a not yet created log file to...

5.5CVSS6.8AI score0.00384EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2025/04/02 1:0 p.m.4 views

A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/08 1:56 p.m.8 views

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...

9.8CVSS8.8AI score0.99934EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/05/16 12:20 p.m.3 views

Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts

Ransomware affiliates associated with the Qilin ransomware-as-a-service RaaS scheme earn anywhere between 80% to 85% of each ransom payment, according to new findings from Group-IB. The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details about the...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/15 10:9 a.m.7 views

New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems

A new ransomware-as-service RaaS operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023. The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in ...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/27 10:15 a.m.9 views

RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts

The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leak...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/13 4:40 p.m.9 views

RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware

Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" RTM Locker that functions as a private ransomware-as-a-service RaaS provider and carries out opportunistic attacks to generate illicit profit. "The 'Read The Manual' Locker gang uses...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/18 5:17 a.m.5 views

LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise IoCs and tactics, techniques, and procedures TTPs associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service RaaS...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/14 11:52 a.m.3 views

The Prolificacy of LockBit Ransomware

Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in Septembe...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/10 10:42 a.m.4 views

3 Overlooked Cybersecurity Breaches

Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them. 1: 2 RaaS Attacks in 13 Months Ransomware as a service is a type of attack in which the ransomware software and...

7AI score
Exploits0
NVD
NVD
added 2021/05/25 12:15 p.m.15 views

CVE-2020-9451

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a not yet created log file to...

5.5CVSS0.00384EPSS
Exploits1References3
Rows per page
Query Builder