egregor - X-Industry - Red Sky Alliance2024-03-28T10:16:56Zhttps://redskyalliance.org/xindustry/feed/tag/egregorRansomware Author says Goodbye Forever, Hmmmmm....https://redskyalliance.org/xindustry/ransomware-author-says-goodbye-forever-hmmmmm2022-02-13T20:17:32.000Z2022-02-13T20:17:32.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10099051699,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10099051699,RESIZE_400x{{/staticFileLink}}" width="250" alt="10099051699?profile=RESIZE_400x" /></a>If you or your company was unfortunate enough to be caught in the web of a ransomware attack, the consequences may have been devastating. Hopefully you got rid of the infection, but the all-important files affected by such an attack could still be under lock and key. Without backups, which is more common than you may think, the files may be gone forever.</p>
<p><strong>A tiny slice of good fortune: </strong>Occasionally, we all catch break. Files can sometimes be recovered in the following ways<a href="#_ftn1">[1]</a>:</p>
<ul>
<li>A ransomware author makes some sort of mistake, or their files are just simply coded badly. Researchers figure out a way to <a href="https://www.zdnet.com/article/cracking-ransomware-ransomwarrior-victims-can-now-retrieve-files-for-free/">recover the decryption key</a>, and publish it so victims can recover their files.</li>
<li>Authors offer up the keys themselves. This can be for a variety of reasons. They may have generated a bit too much heat, and are looking to retreat into the shadows with the suggestion of some good deed done. Other times, they decide “party’s over” with the release of a new variant and hand out a “Get out of jail free” pass to former victims.</li>
</ul>
<p><strong>What a maze !! </strong>So, back in 2019, Maze Ransomware came to the forefront. Initially it grabbed victims <a href="https://www.bleepingcomputer.com/news/security/maze-ransomware-says-computer-type-determines-ransom-amount/">via fake Cryptocurrency site traffic</a> and bounced it to exploit kit landing pages. It also claimed to vary ransom amounts depending on if the compromised machine was a workstation, home computer, or server. Tactics changed a little later on, with threats of exfiltrated data being published if ransom demands were not met. The group behind Maze eventually announced retirement, and infection numbers tailed off after one final flourish in August 2020. Maze affiliates quickly moved over to Egregor, which was then mired in the mud of several arrests. We are now into the second month of 2022, and there is yet more developments in Maze land.</p>
<table width="100%">
<tbody>
<tr>
<td>
<p>Hello, It’s developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families.</p>
<p>also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with gazavat. Each archive with keys have corresponding keys inside the numeric folders which equal to advert id in the config.</p>
<p>In the “OLD” folder of maze leak is keys for it’s old version with e-mail based. Consider to make decryptor first for this one, because there were too many regular PC users for this version.</p>
</td>
</tr>
</tbody>
</table>
<p><strong>We’re finished…(again). </strong>Someone has <a href="https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/">posted to the Bleeping Computer forums</a>, claiming to be the developer of not only Maze, but also Egregor and Sekhmet ransomware families. The post reads as follows:</p>
<p><a href="{{#staticFileLink}}10099055055,original{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10099055055,RESIZE_584x{{/staticFileLink}}" width="500" alt="10099055055?profile=RESIZE_584x" /></a>There is, once more, a claim that anyone involved is now definitely out of the Ransomware game for good. All the “source code of tools” are also supposedly gone forever. The forum poster included a zip containing decryption keys for the ransomware, and also some source code for malware used by the Maze gang.</p>
<p><strong>What’s the real reason for this departure? </strong>Decryption tools now exist for the 3 groups mentioned, thanks to the release of the keys on the forum post. The zip file has now been removed from the forum due to the inclusion of the malware source code. The author claims this forum post and announcement is not related to any arrest or takedown, but even so this feels more important as an announcement of leaving the malware realm to avoid trouble than being particularly helpful to victims just for the sake of it. Are they gone for good, or will they return once more with a new set of Ransomware files? Only time will tell…Red Sky does not think so.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://blog.malwarebytes.com/malwarebytes-news/2022/02/ransomware-author-releases-decryption-keys-says-goodbye-forever/">https://blog.malwarebytes.com/malwarebytes-news/2022/02/ransomware-author-releases-decryption-keys-says-goodbye-forever/</a></p></div>Diabolical ‘Diavol’ Ransomwarehttps://redskyalliance.org/xindustry/diabolical-diavol-ransomware2022-01-20T17:19:25.000Z2022-01-20T17:19:25.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10029452898,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10029452898,RESIZE_400x{{/staticFileLink}}" width="200" alt="10029452898?profile=RESIZE_400x" /></a>The US Department of Justice (DOJ) authorities first became aware of Diavol ransomware in October 2021. Diavol is allegedly associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan. Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. While ransom demands have ranged from $10,000 to $500,000, Diavol actors have been willing to engage victims in ransom negotiations and accept lower payments. Authorities have not yet observed Diavol leaking victim data, despite ransom notes that includes threats to leak the stolen information. Aside from the government report, a few online cyber related articles link Diavol to similarities with a group called Wizard Spider and some similarities with a different group called Twisted Spider. These are groups behind Conti and Egregor, respectively.</p>
<p>Link to full report: <a href="{{#staticFileLink}}10029473086,original{{/staticFileLink}}">TR-22-020-001_5G_Diavol.pdf</a></p></div>Ransomware isn’t going Anywherehttps://redskyalliance.org/xindustry/ransomware-isn-t-going-anywhere2021-03-01T15:51:26.000Z2021-03-01T15:51:26.000ZMac McKeehttps://redskyalliance.org/members/MacMcKee<div><p><a href="{{#staticFileLink}}8615969486,original{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8615969486,RESIZE_400x{{/staticFileLink}}" width="250" alt="8615969486?profile=RESIZE_400x" /></a>While in existence prior to 2016, ransomware gained notoriety that year targeting the global <a href="https://www.beckershospitalreview.com/healthcare-information-technology/12-healthcare-ransomware-attacks-of-2016.html">healthcare industry</a>, and in several instances, successfully extorting ransoms from victims. Since then, ransomware has turned out to be more than just a nuisance crime, with ransomware operators adjusting targeting strategies, malware deployment, and diversifying how they executed their campaigns to maintain success rates. Over the past few years, ransomware operators have shifted tactics, moving from widespread targeting intended to collect smaller ransoms from several entities to being more selective in what organizations are targeted and setting larger ransom amounts. One recent <a href="https://www.datacenterknowledge.com/security/another-gang-hides-ransomware-inside-virtual-machines">tactic</a> revealed ransomware operators using virtual machine to evade detection, which was quickly adopted by other groups. The new business plan of auctioning off stolen data has been ransomware even more deadly for all organizations.</p>
<p>The number of ransomware operators appears to have dwindled, at the same time more organized and sophisticated groups such as <a href="https://www.bluvector.io/threat-report-egregor-ransomware-maze/">Egregor</a> (believed to be the new strain from former members of Maze), REvil, and Doppelpaymer emerging and garnering attention from network defenders. These teams have risen to the forefront of ransomware campaigns for being visionary on how to adapt ransomware attacks to increase their resilience. Instead of just encrypting exploited targets, these groups have taken a page from cyber espionage attackers by first exfiltrating the data before encrypting devices in order to further shame victims into paying ransoms. </p>
<p>The teams posted the stolen information on websites for free to be used by other criminals as they saw fought for organizations that didn’t comply with their demands. The fact that REvil team made approximately $100 Million in one year underscores that these teams have a successful criminal business model based on their abilities to pivot and keep network defenders guessing. </p>
<p>If evolution is the cornerstone of survival, these elite groups thrive on their ability to improvise and innovate. Two incidents underscore ingenuity in maintaining relevance in a crowded and competitive cyber crime ecosystem. In June 2020, one computer security company observed ransomware operators from these sophisticated teams exchanging tactics and “intelligence,” extorting victims via a shared data leak platform. In late September 2020, the REvil ransomware team deposited 1 million dollars in Bitcoin in a Russian-speaking cyber crime forum to <a href="https://www.bleepingcomputer.com/news/security/revil-ransomware-deposits-1-million-in-hacker-recruitment-drive/">recruit</a> hackers to be affiliates of its franchise. Collaboration has been an instrumental undertaking for the perseverance of criminal organizations, with recruitment being necessary to not only maintaining activity and bringing in revenue, but also allowing senior members to put distance between themselves and the crimes committed by the newer recruits.</p>
<p>The Egregor team reflects this type of approach. Researchers believe that the current Egregor campaign is the new operation from members of the now retired Maze team, who appear to also have been involved with the defunct <a href="https://portswigger.net/daily-swig/gandcrab-closure-will-lead-to-power-vacuum-in-ransomware-market">GandCrab</a> ransomware group that netted approximately USD 2 billion before the team disbanded. And now it appears these members are going to follow that plan. According to one computer security magazine, it seems that the Maze team is shut down their operations, a process that appears to have started at least a month ago. If correct, and there’s no reason not to believe this, these individuals were prepared with a new ransomware strain, not skipping a beat before launching their new strain on global victims. This indicates that the more proficient groups like Egregor likely have developmental capabilities, thinking ahead about their operations, how long they want to be involved in them, before moving on to a new venture.</p>
<p>Ransomware attacks continue to be one of the most diverse weapons in the hostile actor toolbox, largely because how it is deployed depends largely on the intent of the attacker. The purpose of ransomware distribution has evolved with the attackers executing the malware. In addition to conventional financially-driven extortion, attackers have used ransomware to purposefully disrupt targeted systems (e.g., <a href="https://www.theguardian.com/technology/2017/jun/28/notpetya-ransomware-attack-ukraine-russia">NotPetya</a> ransomware), exploited industrial control systems (e.g., <a href="https://www.zdnet.com/article/ransomware-attacks-are-now-targeting-industrial-control-systems/">Ekans ransomware</a>), and even used in tandem with the theft of data before encrypting it (<a href="https://www.zdnet.com/article/another-ransomware-strain-is-now-stealing-data-before-encrypting-it/">Zeppelin ransomware</a>). A mid-2019 incident in <a href="https://www.zdnet.com/article/germanwiper-ransomware-hits-germany-hard-destroys-files-asks-for-ransom/">Germany</a> revealed a strain of ransomware that overwrote existing data on the machine, thereby destroying it, rather than encrypting or locking it. </p>
<p>Further complicating matters is the issue of paying ransoms. Despite raising awareness among private sector organizations and critical infrastructure sectors in the hopes of mitigating the threat, recent research shows that victims tend to pay ransoms than not. According to one computer security company, a <a href="https://www.pindrop.com/blog/70-percent-of-enterprise-ransomware-victims-paid-up-data-shows/#:~:text=Ransomware%20gangs%20have%20been%20targeting,to%20get%20their%20data%20back">survey</a> of 600 business executives revealed that 70 percent of businesses infected with ransomware paid the requested amount (generally between USD 20,000-25,000) to retrieve their data. The tendency to pay ransoms encourages these criminals to continue to launch these attacks, prompting the question on how to curb this vicious cycle. This prompted the Department of the Treasury’s Office of Foreign Assets Control to issue its own advisory in October 2020, highlighting <a href="https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf">sanction risks</a> for entities paying ransomware payments. Whether this encourages organizations to “do the right thing” remains to be seen, it does reveal that the government recognizes that it needs to help businesses confront this threat more than just issuing <a href="https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf">guidelines</a>. </p>
<p>As we enter a turbulent 2021, it does not look like the ransomware threat will abate as much as the more sophisticated operators will continue to evolve how and when its deployed. If the past 18 months is any indication, the more ambitious and successful ransomware campaigns will be orchestrated by groups, rather than single individuals. The targeting of larger organizations that are more prone to paying substantial ransoms have proven a boon to these groups where they can now attract qualified recruits to support affiliate programs that minimizes their exposure while enabling them to still collect a percentage of the profits. Whether these recruits can follow their mentors’ success is not certain and may force them to move away from the blueprint set forth by original members. Members that have founded ransomware groups and have temporarily removed themselves from campaigning may take the time to see how law enforcement goes after their affiliates, before either starting a new strain or entering a new criminal opportunity. Perhaps more worrisome is how ransomware will continue to be leveraged by governments as was observed with the NotPetya attacks. A tempestuous geopolitical climate is ripe for states looking to inflict non-lethal pain on transgressive states while providing plausible deniability even if the victim levies sanctions as a result. </p>
<p>Former National Security Agency and Central Intelligence Agency director General Michael <a href="https://www.thecipherbrief.com/column/agenda-setter/navigating-the-ransomware-conundrum">Hayden</a> commented in an op-ed that “the cavalry ain’t coming,” a reference to the fact that organizations should not expect the government to provide all necessary protection for businesses from cyber threats. This sentiment is particularly applicable to the ransomware threat where organizations need to create contingency plans and continuity-of-operations processes that preserve their critical business operations. Those able to demonstrate cybersecurity resiliency will be best positioned to remediate and recover from ransomware campaigns, regardless of the intent of the attacker.</p>
<p>Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at <a href="https://redskyalliance.org">https://redskyalliance.org</a> at no charge.</p>
<p>What can you do to better protect your organization today? </p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication-company wide.</li>
<li>For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. <a href="http://www.infragard.org">infragard.org</a></li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p> </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a>.</p>
<p><strong> </strong></p>
<p><strong>Reporting: </strong><a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p><strong>Website: </strong><a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></p>
<p><strong>LinkedIn: </strong><a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a></p>
<p><strong>Twitter: </strong><a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></p>
<p><strong>Weekly Cyber Intelligence Briefings: </strong></p>
<p><a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a></p>
<p> </p>
<p> <a href="{{#staticFileLink}}8615974865,original{{/staticFileLink}}">TR-21-060-001_Ransomware_Going_Nowhere.pdf</a></p>
<p> </p></div>TACTICAL CYBER REPORT: BUSINESS SERVICEShttps://redskyalliance.org/xindustry/tactical-cyber-report-business-services2021-01-08T18:29:55.000Z2021-01-08T18:29:55.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><h2><a href="{{#staticFileLink}}8403075076,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8403075076,RESIZE_400x{{/staticFileLink}}" width="250" alt="8403075076?profile=RESIZE_400x" /></a>Activity Summary - Week Ending 8 January 2021:</h2>
<ul>
<li>Red Sky Alliance observed 123 unique email accounts compromised with Keyloggers</li>
<li>roger1983@gmail.com ??</li>
<li>Analysts identified 46,954 connections from new unique IP addresses</li>
<li>Red Sky Alliance identified 2,131 new IP addresses participating in various Botnets</li>
<li>WhatsApp – New Policies</li>
<li>Egregor Ransomware</li>
<li>T-Mobile hit AGAIN</li>
<li>The Green New Deal now on Steroids</li>
<li>6<sup>th</sup> of January a Sad Day in the US</li>
<li>Protests and new technology surveillance</li>
</ul>
<p>Link to full report: <a href="{{#staticFileLink}}8403074489,original{{/staticFileLink}}">IR-21-008-001_BusinessServices_008_FINAL.pdf</a></p></div>Egregor Ransomware Joins an Exclusive Clubhttps://redskyalliance.org/xindustry/egregor-ransomware-joins-an-exclusive-club2020-10-06T21:20:20.000Z2020-10-06T21:20:20.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}8007968456,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8007968456,RESIZE_400x{{/staticFileLink}}" width="250" alt="8007968456?profile=RESIZE_400x" /></a>Cyber security researchers are warning about a recently uncovered ransomware variant called Egregor that appears to have infected about a dozen organizations worldwide over the past several months. Similarities to Sekhmet Crypto-Locking malware and bee noted.</p>
<p>True to other ransomware hackers, the bad actors behind the Egregor ransomware are threatening to leak victims' data if the ransom demands are not met within three days. The cybercriminals linked to Egregor are also mimicking Maze tactics, creating a "news" site on the Darknet that offers a list of victims that have been targeted and updates about when stolen and encrypted data will be released. Egregors' ransom note also says that aside from decrypting all the files, that is if the company pays the ransom, they will also provide recommendations for securing the company's network; or 'helping' them to avoid being breached again.</p>
<p>It is not clear how much ransom Egregor is demanding or if any data has been leaked, yet a copy of one ransom note posted online notes these cybercriminals plan to release stolen data through what they call "mass media."</p>
<p>The Egregor ransomware variant was first spotted in mid-September by several independent security researchers, who posted samples of the ransom note on Twitter.</p>
<p>"The first time Egregor was analyzed by our team was earlier this week. We don't have specifics about how long it's operating but seems that the first public appearance of Egregor was September 18 on Twitter by @demonslay335 and @PolarToffee," a security researcher informed Information Security Media Group. "At this time, there are still only 13 companies in the 'hall of shame.'"</p>
<p>The recent alert notes that the Egregor variant appears to be a spinoff of another ransomware strain called Sekhmet, which has also been linked to criminal gangs threatening to release encrypted and stolen data if victims do not pay.</p>
<p>Analysts have noted that the Egregor ransomware uses several types of anti-analysis techniques, including code obfuscation and packed payloads, which means the malicious code "unpacks" itself in memory to avoid detection by security tools. Without the right decryptor key, it is difficult to analyze the full ransomware payload to learn additional details about how the malware works. </p>
<p>"The Egregor payload can only be decrypted if the correct key is provided in the process' command line, which means that the file cannot be analyzed, either manually or using a sandbox, if the exact same command line that the attackers used to run the ransomware isn't provided," according to the recent alert.</p>
<p>Researchers claim the use of the decryptor key makes a deeper analysis more difficult at this time. This means that if the analyst or researcher only have access to the packed file, without knowing how it was launched in the affected environment, Egregor's payload cannot be decrypted; thus executed.</p>
<p>The Egregor ransom note examined is vague and offers few clues about how the malware works and how the operators behind it will decrypt files once the ransom is paid. Unfortunately, there are no details on the ransom note or on the Egregor website. To get payment details, the victim needs to navigate to the deep web link Egregor provided and get instructions from the attacker through a live chat, which analysts have not conducted for security reasons. While it is not clear whether any data related to Egregor ransomware attacks has been leaked, security experts note that more cybercriminal gangs are using this technique to force victims to pay or as a warning to others.<a href="#_ftn1">[1]</a> Ransomware attacks are ever present. </p>
<p>Speaking at ISMG's Virtual Cybersecurity Summit in New York City last August, an attorney with the cybersecurity team at Baker Hostetler, said that in at least 25 percent of the ransomware cases his firm has helped investigate, attackers claimed to have not just crypto-locked systems but also to have exfiltrated data. This could be used in forcing compliance with the hacker’s threat of exposing internal documents. </p>
<p>In August 2020, the incident response firm Coveware released a report finding that of the thousands of ransomware cases the firm investigated in the second quarter of 2020, 30 percent involved attackers threatening to release stolen data.<a href="#_ftn2">[2]</a></p>
<p>BTW - Egregore is an occult concept representing a distinct non-physical entity that arises from a collective group of people. Historically, the concept referred to angelic beings, or watchers, and the specific rituals and practices associated with them, namely within Enochian traditions.<a href="#_ftn3">[3]</a></p>
<p>The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to blocking attacks such as ransomware. Red Sky Alliance offers tools and services to help stop these types of cyber-attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.</p>
<p>What can you do to better protect your organization today?</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication company wide.</li>
<li>Join and become active in your local Infragard chapter, there is no charge for membership. infragard.org</li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. </li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p>Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports.</p>
<p>Articles about the cyber threat groups mentioned in this report can be found at <a href="https://redskyalliance.org">https://redskyalliance.org</a> There is no charge for access to these reports.</p>
<p>Our services can help protect with attacks such as these. We provide both internal monitoring in tandem with RedXray notifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.</p>
<p>The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://thecyberwire.com/newsletters/daily-briefing/9/193">https://thecyberwire.com/newsletters/daily-briefing/9/193</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.bankinfosecurity.co.uk/egregor-ransomware-adds-to-data-leak-trend-a-15110">https://www.bankinfosecurity.co.uk/egregor-ransomware-adds-to-data-leak-trend-a-15110</a></p>
<p><a href="#_ftnref3">[3]</a> <a href="https://en.wikipedia.org/wiki/Egregore">https://en.wikipedia.org/wiki/Egregore</a></p></div>