13 matches found
Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library
Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download. The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a...
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an...
Multi-Ransomwared Victims Have It Coming–Podcast
You hate to blame the victim, but the fact of the matter is that businesses are just asking to get whacked with ransomware multiple times. A recent study of IT leaders from cloud-native network detection and response firm ExtraHop shows that businesses aren’t even aware of the “attack me,” “easy...
RangnarLocker Ransomware hits Critical Infrastructure Compromising 50+ Organizations
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Federal Bureau of Investigation FBI has released an alert on Ragnarlocker campaign that has affected nearly 52 organizations encompassing 10 critical infrastructure sectors, including entities in significant manufacturing,...
Exploit for CVE-2021-36934
Invoke-HiveNightmare PowerShell-based PoC for CVE-2021-36934,...
DarkSide Ransomware
DarkSide ransomware is a relatively new ransomware strain that threat actors have been using to target multiple large, high-revenue organizations resulting in the encryption and theft of sensitive data and threats to make it publicly available if the ransom demand is not paid. Because of its...
Windows Manage Volume Shadow Copies
This module will perform management actions for Volume Shadow Copies on the system. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. Works on win2k3 and later. Module Options msf use post/windows/manage/vss msf postvss show actions ...actions... msf postvss set...
Threat Analysis Unit (TAU) Threat Intelligence Notification: MailTo (NetWalker) Ransomware
MailTo is a ransomware variant that has recently been reported to have been part of a targeted attack against Toll Group, an Australian freight and logistics company. This ransomware makes no attempt to remain stealthy, and quickly encrypts the user’s data as soon as the ransomware is launched...
Threat Analysis Unit (TAU) Threat Intelligence Notification: Snatch Ransomware
During the end of the year 2019, a ransomware named ‘Snatch” was discovered. Snatch ransomware will force Windows to reboot in Safe Mode where most of the software and system drivers will not be running in order to perform the file encryption process. Similar to the other variants of ransomware, ...
Threat Analysis Unit (TAU) Threat Intelligence Notification: DeathRansom Ransomware
During mid-November, a new ransomware named ‘DeathRansom” was found being distributed. Similar to the other variants of ransomware, it will perform the deletion of volume shadow copies to ensure all the data cannot be restored easily. After the DeathRansom performs file encryption, it will drop...
CB TAU Threat Intelligence Notification: GandCrab 5.2 Ransomware Attempts to Delete Volume Shadow Copies
GandCrab 5.2 ransomware will append seven randomly generated strings as the file extension to each encrypted file and drop a ransom note named as ‘generated file extension-MANUAL.txt’, for example, “office.doc.uahmthl” and “UAHMTHL-MANUAL.txt”. It will also change the desktop background of the...
TAU Threat Intelligence Notification: Shade Ransomware
Summary Recently there is a new wave of malicious spam campaign distributing Shade ransomware via sending malicious JavaScript attachments. The spam campaign was mainly targeting users from Russia, and the ransom note was written in both Russian and English. This variant of Shade ransomware will...
Windows Manage List Shadow Copies
This module will attempt to list any Volume Shadow Copies on the system. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. Works on win2k3 and later...