The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations. The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and
Ransomware was one of the most observed cyber threats this year to date. Ryuk and Sodinokibi, were the most observed villains in Red Sky Alliance’s client investigations, have been joined by Maze as the top three ransomware variants so far in 2020. After launching several high-profile attacks earlier in 2020, the actors behind Ryuk ransomware seem to have gone on a vacation near the end of Q2. According to cyber threat analysts, Crimeware and their developers often have periods where they go do
- Red Sky Alliance identified 35,859 connections from new unique IP addresses
- Microsoft IP is a compromised C2
- APT 10 – Stone Panda back in the Top 5 Threat Actor Groups
- Capcom Hack - Part II
- Kucoin Exchange Hacked
- Kucoin-activity[.]com - Beware
- Cryptocurrency Challenges
- Plowshares going to Prison
- Black activists in Portland OR doing the Moonwalk
- Sodinokibi using BLM as Registry key
Link to full report: IR-20-325-001-Tactical Cyber Brief325_FINAL.
Remember the Dark Side comics? Well, the DarkSide criminal hacking group is no laughing matter. The DarkSide Ransomware gang claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. DarkSide is operated as a Ransomware-as-a-Service (RaaS) where developers control programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.
DarkSide is the latest ransomware criminal gang to anno
Like any profitable business model, ransomware gangs continue to innovate and increase their business. Recently, reports have emerged of a collaboration between the Maze and Lockbit gangs, as well as the REvil, aka Sodinokibi, operators not leaking stolen data for free when victims do not pay, but instead auctioning it off to the highest bidder.
Here are some of the latest ransomware trends noted by cyber analysts: IR-20-164-002_Ransomware Trends.pdf
Our Friends at the FBI issued a cyber bulletin on 04 01 2020. This was no April Fool's Joke, but a serious cyber warning on the Sodinokibi Ransomware (pic: tgsoft.it), also known as REvil, Bluebackground, or Sodin. Red Sky Alliance / Wapack Labs was already researching this ransomware. Last week, Jesse Burke our Chief of Special Operations, provided a brief on Sodinokibi Ransomware. Look to your right (Did you miss the March Cyber Intelligence Briefing (CIB). Topics: Coronavirus Lures and Bu
Note: this page contains paid content.
Please, subscribe to get an access.