A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. GootLoader is a stealthy malware classified as a first-stage downloader designed to attack Windows-based systems. It is considered an Initial-Access-as-a-Service (IAaaS) tool used within a ransomware-as-a-service (RaaS) criminal business model. The GootLoader group's introduction of their custom bot into the late stages of their attack chain is an at
ransomware (310)
RanswomwareWhen researchers responded to an ad to join up with a Ransomware-as-a-Service (RaaS) operation, they wound up in a cybercriminal job interview with one of the most active threat actors in the affiliate business, who turns out to be behind at least five different strains of ransomware. Meet "farnetwork," who was unmasked after giving over too many specifics to a Group-IB threat researcher pretending to be a potential affiliate for the Nokoyawa ransomware group. The cybercriminal is a
According to cyber threat professionals, every 11 seconds an organization falls victim to a ransomware attack. In today's interconnected world, cybersecurity looms as an ever-present concern that organizations can no longer afford to sideline. A 48% increase in cyber risk last year should serve as a wake-up call to all business managers. Whether a business pays hackers a ransom or not, there are significant costs involved which will include items such as digital forensics and data restoration,
When I review the cybersecurity e-newsletters, the unsolicited vendors, and PR pitches offering solutions and commentary related to breaches, it is clear that the bad actors do not care which industries they affect. Their goals are to disrupt, and if they can get some ransom money in the process or make it difficult for organizations to function normally, especially if they are friendly to their political foes, they are more than happy to do it for fun and profit.[1]
Here are some companies fro
This Fortiguard article in the Ransomware Roundup covers the Knight ransomware.
Knight Ransomware Overview:
Knight is a relatively new ransomware group that arrived in August 2023. Like many attackers, the gang behind this variant employs double extortion tactics, where the Knight ransomware encrypts files on victims’ machines and exfiltrates data for extortion purposes.
The predecessor of Knight, Cyclops, had multi-OS tools for Windows, Linux, and Mac OS. So, while FortiGuard Labs had only loc
The RagnarLocker ransomware’s infrastructure and the website the group used for shaming victims were taken down this week as part of a coordinated law enforcement effort. Active since 2020, RagnarLocker has been involved in numerous attacks, with at least 52 entities across 10 critical infrastructure sectors falling victims to this ransomware family, according to data from the Federal Bureau of Investigation (FBI).
See: https://redskyalliance.org/xindustry/ragnar-locker-ransomware
Unlike other
Last year, Forbes wrote a scary article about facts and patterns that applied to Halloween and Cybersecurity Awareness Month of October.[1] After another year, the online environment and digital dangers are still unsettling, if not scarier. So, exploring some of the stats and trends is time again.
“In 2023, the World Economic Forum, for the first time, ranked cybercrime and cybersecurity as one of the top ten global risks over a 2-year and 10-year period. Legislation in the US and Europe is m
The hackers behind the ransomware attack that crippled operations at MGM Resorts are “one of the most dangerous financial criminal groups” currently operating, researchers at Microsoft said last week. In a blog, the researchers explained the tactics used by Octo Tempest, a group also known as Scattered Spider, 0ktapus or UNC3944.
The group has been in the limelight since its attack on MGM Resorts left parts of Las Vegas paralyzed for days and cost the casino giant an estimated $100 million. Th
In a world driven by connectivity and digitalization, the maritime industry is not immune to the growing threat of cyberattacks. A recent report by Thetius, law firm HFW, and maritime cybersecurity company CyberOwl reveals a sobering truth: the average cost of a cyberattack in the maritime sector has soared to $550,000, a threefold increase from $182,000 in 2022. Moreover, ransom demands have skyrocketed by more than 350%, with an average payment of $3.2 million, up from $3.1 million the previ
CYBERSECURITY BEST PRACTICES, MALWARE, PHISHING, AND RANSOMWARE, CYBER THREATS AND ADVISORIES
The link below provides is document is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. This publication was developed through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in the Cyber Incident Reporting
The United States and United Arab Emirates (UAE) have finalized an agreement that sets out how the two countries will cooperate on cybersecurity and digital resilience. The memorandum of understanding signed by the Treasury Department and the UAE’s Cyber Security Council calls for increased information sharing about digital threats to the financial sector; more staff training and visits; and “competency-building activities” like joint online exercises, according to the Treasury.[1]
“As cyber-at
Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats last Friday; yes Friday the 13th. The company, which runs the largest pipeline system for refined oil products in the US, addressed claims made by the Ransomed.vc gang that data had been stolen from their systems.
“Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party. After wor
US Authorities have shared a joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn
The US Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants were deployed in various combinations."
See: https://www.ic3.gov/Media/News/2023/230928.pdf
Not much is
Retch is a new ransomware variant first discovered in mid-August 2023. It encrypts files on compromised machines and leaves two ransom notes asking victims to pay a ransom for file decryption.
Infection Vector - Information about the infection vector used by the Retch ransomware threat actor is not currently available. However, it is unlikely to be significantly different from other ransomware groups.[1] Retch ransomware samples have been submitted to a public file scanning service from the f
The media is full of stories about cyber threats, attacks, and ransomware demands, and why is this the norm? Digital transformation creates larger data estates, opening new avenues of attack for cybercriminals. Bad actors’ tactics are sophisticated and constantly evolving, making it difficult for companies to stay ahead of emerging threats. Cyber threat intelligence gives businesses the information and capabilities they need to refine their defenses continually.
Targeted cyber threat intelli
Cyber security refers to every aspect of protecting a company or organization as well as its employees and assets from online threats. For all of us in animal agriculture, cybersecurity is no longer just about avoiding those sketchy phishing emails or resetting our passwords. It’s about being aware of our online presence and how that may make us vulnerable to individuals or groups looking to gain access to sensitive information with the intent to target our farms or companies.[1]
Recently, the
DoDo ransomware was first reported last February of 2023. It is a variant of the widely reported and observed Chaos ransomware. Because it is a derivative, the DoDo ransomware is not considered new and recent. However, a slightly different version of the DoDo ransomware has recently emerged, described below.[1]
Infection Vector - DoDo ransomware samples have the “Mercurial Grabber” file icon, which indicates the ransomware was likely distributed as such. Mercurial Grabber is an open-source m
Microsoft spokesmen disclosed on 17 August 2023 that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's threat intelligence team said in a series of posts on X (formerly Twitter). "This Bla
A known ransomware group on 21 August 2023 started publishing data allegedly stolen from the systems of Japanese watchmaking company Seiko https://www.seikowatches.com. Seiko revealed on 10 August 2023 that it had identified a possible data breach on 28 July 2023, with someone gaining access to at least one server. An investigation showed that some information may have been compromised. “The Company and all our Group companies kindly ask our customers and business partners to contact us imm
