A new ransomware called “Kasseika” uses Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files. Kasseika was likely built by former members of the BlackMatter group or experienced ransomware actors who purchased its code. Kasseika Ransomware Deploys BYOVD Attacks A new ransomware operation known as “Kasseika” has recently been discovered. This… Continue reading Kasseika Ransomware Exploits Vulnerable Antivirus Drivers
Tag: Ransomware
LockBit Ransomware Uses Resume Word Files to Spread
A recent investigation by ASEC reveals the new tactics of an infamous LockBit ransomware. “Post-paid pentesters” started masquerading as innocuous summaries in Word documents. Ironically, this similar tactic is reminiscent of its past modus operandi. This clever tactic allows the ransomware to infiltrate systems unnoticed. LockBit Ransomware in action The LockBit ransomware, known for its… Continue reading LockBit Ransomware Uses Resume Word Files to Spread
Tortilla (Babuk) Ransomware Decryptor Available
On January 9, 2024, Avast and Cisco Talos announced the release of a free decryptor for one of the Babuk ransomware variants – Tortilla. Analysts ensure that all the victims of the said threat actor can use the decryptor to get their files back. That is the second ransomware strain to get the decryptor in… Continue reading Tortilla (Babuk) Ransomware Decryptor Available
Black Basta Ransomware Free Decryptor Available
SRLabs researchers published a free decryptor for BlackBasta ransomware. They discovered the vulnerability in the way malware handles the encryption process and found the way to recover the encryption key and get the files back. The decryptor is called Black Basta Buster and is available for free on the devs’ GitHub page. Black Basta Decryptor… Continue reading Black Basta Ransomware Free Decryptor Available
What are Remote Encryption Attacks? Explanation & Mitigation
The digital world is seeing a surge in remote encryption attacks – a sophisticated ransomware attack. Although there is nothing new in this technology, it looks like a YouTube video uploaded ten years ago that is gaining recommendations just now. In this article, we’ll look at the intricacies, evolution, and effective countermeasures of these attacks.… Continue reading What are Remote Encryption Attacks? Explanation & Mitigation
ALPHV Site Taken Down by the FBI
On December 19, 2023, one of the ALPHV/BlackCat ransomware sites was taken down by the FBI. The typical FBI banner now decorates its main, while other sites of the cybercrime gang are still online. This event is possibly related to the 5-day downtime of all the gang’s Darknet infrastructure a week ago. ALPHV/BlackCat Ransomware Site… Continue reading ALPHV Site Taken Down by the FBI
KraftHeinz Hacked by Snatch Ransomware Gang
The global food and beverage company KraftHeinz became a target of an infamous Snatch ransomware gang. Hackers listed the company on its Darknet leak site. This is yet another hack of a food industry company throughout the last time. KraftHeinz Hacked by Snatch Ransomware On December 13th, the Snatch ransomware gang listed KraftHeinz on their… Continue reading KraftHeinz Hacked by Snatch Ransomware Gang
Cactus Ransomware Attacks – Microsoft Alerts
Microsoft has raised the alarm about a growing wave of ransomware attacks utilizing malvertising tactics to spread Cactus ransomware. The sophisticated malware campaign hinges on deploying DanaBot as an initial access vector, orchestrated by the ransomware operator Storm-0216, also known as Twisted Spider or UNC2198. Cactus Ransomware Deployed by DanaBot Microsoft’s Threat Intelligence team has… Continue reading Cactus Ransomware Attacks – Microsoft Alerts
Qilin Ransomware Focuses on VMware ESXi Servers
In a disturbing development, security researchers have uncovered a Linux version of the Qilin ransomware gang’s encryptor, specifically tailored to target VMware ESXi servers. This encryptor is one of the most advanced and customizable Linux encryptors observed. Qilin Targets VMware ESXi Today, more and more businesses are adopting virtualization technologies for server hosting. For example,… Continue reading Qilin Ransomware Focuses on VMware ESXi Servers
Henry Schein was hacked twice by BlackCat ransomware
Henry Schein Global, a healthcare solutions provider, faced a persistent cybersecurity nightmare. The BlackCat/ALPHV ransomware gang is launching a second wave of attacks, claiming to have re-encrypted files after stalled negotiations. The company, headquartered in Melville, New York, is restoring systems. It happened after the cybercrime group took credit for an initial breach on October… Continue reading Henry Schein was hacked twice by BlackCat ransomware