emotet (14)

11000532066?profile=RESIZE_400xMalware has a way of grabbing all the attention in the media and keeping companies on their toes.  The world watched as wipers were deployed to Ukrainian organizations after the Russian invasion of Ukraine, which marked the beginning of a time of instability that included ransomware and InfoStealers, as well.  Adding to the negative cybersecurity load of 2022, the contemporary version of ransomware celebrated its 10-year anniversary.

And if that were not enough, researchers have seen that a cybe

10895583072?profile=RESIZE_400xOver the past six months, the infamous Emotet botnet has shown almost no activity, and now it is distributing malicious spam.  Emotet is by far one of the most dangerous trojans ever created.  The malware became a very destructive program as it grew in scale and sophistication.  The victim can be anyone from corporate to private users exposed to spam email campaigns.

The botnet distributes through phishing containing malicious Excel or Word documents.  When users open these documents and enable

10427619487?profile=RESIZE_400xActivity Summary - Week Ending on 22 April 2022:

  • Red Sky Alliance identified 9,534 connections from new IP’s checking in with our Sinkholes
  • StreamHost in Belgium Hit 302x
  • Analysts identified 6,436 new IP addresses participating in various Botnets
  • Industroyer2  
  • Lightning Stealer
  • Emotet
  • TraderTraitor
  • Spying on Boris
  • Trolls in the Tolls

    Link to full report: IR-22-112-001_weekly112.pdf

10254824865?profile=RESIZE_400x

Activity Summary - Week Ending on 1 April 2022:

Today is April Fools' Day, but sound Cyber Security is No Joke.  Call us for protection.

  • Red Sky Alliance identified 15,105 connections from new IP’s checking in with our Sinkholes
  • Kanzas LLC Moscow RU - 241 x
  • Analysts identified 1,392 new IP addresses participating in various Botnets
  • Emotet Variant
  • AbereBot is Escobar
  • Kaspersky Lab
  • Shortage of female Cyber Security Professional
  • Hacked Ukrainian News Website
  • Spearphishing Attack from Belize

10215100865?profile=RESIZE_400xRed Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc

10046387086?profile=RESIZE_400xRed Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc

9913748094?profile=RESIZE_400xThe operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure.  The advanced Trojan is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021.  Emotet is believed to have originated in the Ukraine is also known as Heodo which was first detected in 2014.  See:  https://redskyalliance.org/xindustry/this-may-be-the-end-of-emotet

Most of the victims d

8892672262?profile=RESIZE_400xA specially crafted update created by Germany's Bundeskriminalamt (BKA) federal police agency created and pushed the uninstall update.  European law enforcement has triggered the process of removing the Emotet botnet malware from 1.6 million infected computers around the world.  Emotet was thought to be the world's largest botnet, known for spewing millions of malware-laden spam emails each day. Law enforcement in the US, Canada and Europe conducted a coordinated takedown of Emotet infrastructur

8643112062?profile=RESIZE_400xA new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have recently found.  The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as

8467395687?profile=RESIZE_400xAttacks involving million-dollar ransom demands attract headlines, but the payout is no longer the sole financial incentive for attackers. The exfiltration of critical data is a key motivator that can be used to extort victims into paying even larger fees to recover assets.  Data, including intellectual property such as research and patents, is often targeted by organized groups or as part of corporate espionage. Stealing this information and then coercing a business into paying to get access to

8131297495?profile=RESIZE_400xThe number of attacks related to Emotet continue to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign that is primarily infecting devices with a banking Trojan, according to new research from HP-Bromium, an end-point security company.

Emotet is a malware strain and a cybercrime operation. The malware, also known as Geodo and Mealybug, was first detected in 2014 and remains active, deemed one of the most prevalent threats of 2019. First versions o

7164438487?profile=RESIZE_400xActivity Summary - Week Ending 31 July 2020:

  • Red Sky Alliance identified 65,708 connections from new unique IP addresses
  • 83 unique email accounts have been shown to be Compromised with Keyloggers
  • Analysts identified 2,442 new IP addresses participating in various Botnets
  • Emotet is Back
  • Phishing Campaign Targeting High-Profile Twitter Accounts
  • Confidential & Proprietary
  • Russia conducts 1st gas delivery via Artic shipping Route to Japan
  • DAPL in the news Again
  • Cavitas Energy and Thor
  • Floating stor

3187431567?profile=RESIZE_710xhttps://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/

Our UK partners have share an important report on Ryuk Malware.

Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally. Ryuk is a targeted ransomware where demands are set according to the victim’s perceived ability to pay.

The Ryuk ransomware is often not observed until a period of time after the initial infection – ranging from days to months – which allows the actor time to carry out re