Tag: ransomware

Introduction Ransomware attacks have emerged as a predominant menace in recent years, with the strategies employed by malicious actors constantly evolving. Among the most effective and worrisome tactics is the "double extortion" model, which has rapidly gained popularity as a preferred business model for threat actors. Financially motivated perpetrators particularly favor the double extortion model, […]

Introduction Royal Ransomware is a new group first spotted on Bleeping Computer last September, where the cybersecurity news site revealed a connection with another malware known as Zeon.   At the moment, we don’t have much information about the group and all its actual TTPs, but we know that they use the Double Extortion model to […]

Introduction BlueSky is a ransomware firstly spotted in May 2022 and it gained the attention of the threat researchers for two main reasons: the first one is that the group behind the ransomware doesn’t adopt the double-extortion model; the second one is that their targets are even normal users because the ransomware has been discovered […]

For months, we at Yoroi Malware ZLab have studied and tracked the evolution of a new emerging cyber-criminal group which has attracted the attention of everyone inside the cyber security threat landscape. This threat actor calls itself “Eternity Group”, previously “Jester Group”, which we internally tracked it as “TH-320”. This threat has also recently been […]

Introduction  Since 27 February 2022, a few days after the apparition of the Conti’s gang support to the Russian invasion of the Ukrainian national territory, a new mysterious Twitter account appeared, “@ContiLeaks”. Nobody knows for sure who operates it, maybe a reluctant Conti gang member, some foreign intelligence, or police officer, but does not matter […]

Introduction  Nowadays ransomware operators have consolidated the double extortion practice by mastering data exfiltration techniques. From time to time, we observed many threat actors approach the data theft in diverse ways, some prefeed to rely on legit services and tools such as RClone, FTP sites, and some through VPN channels, but others also with customized tools.   Also, during the last months the LockBit gang (TH-276) decided to develop and evolve a custom tool specialized in data exfiltration and used as a peculiar element to distinguish their criminal brand. In fact, the StealBit 2.0 tool is part of the […]

Proto: N020921. Con la presente CERT-Yoroi desidera informarla riguardo alla recente pubblicazione di credenziali aziendali all'interno del circuito criminale Groove (TH-306). Groove è un gruppo cyber criminale specializzato in attacchi ransomware  a doppia estorsione (double extortion) comparso nello scenario underground ad Agosto 2021.  Recentemente, il gruppo ha rilasciato una serie di dati relativi a credenziali aziendali potenzialmente utilizzabili per l'autenticazione a servizi SSL VPN esposti ad internet. Potenzialmente, le credenziali […]

Introduction  Ransomware confirms to be one of the most pervasive threats of the last years. We saw during these last years the infamous phenomenon of Double Extorsion, where well-organized cyber-criminal groups perform highly sophisticated red team operations to achieve the highest level of privileges inside the perimeter of victim networks and, before releasing the ransomware, they steal all the sensitive data to extort the target the payment […]

Introduction The ransomware attacks have no end. These cyber weapons are supported by a dedicated staff that constantly update and improve the malware in order to make harder detection and decryption. As the popular GandCrab, which was carried on up to version 5 until its shutdown, also other ransomware are continuously supported with the purpose […]