threat spotlight – Computer Security Articles

Meet Exotic Lily, access broker for ransomware and other malware peddlers

March 18, 2022 admin bazarloader, cve-2021-40444, exotic lily, initial access broker, spear phishing, spoofing, threat spotlight

Credit to Author: Pieter Arntz| Date: Fri, 18 Mar 2022 22:58:48 +0000

Exotic Lily is the name given to a group of cybercriminals that specialized as an initial access broker, serving groups like Conti and Diavol ransomware.

The post Meet Exotic Lily, access broker for ransomware and other malware peddlers appeared first on Malwarebytes Labs.

MalwareBytes Security

Cyclops Blink malware: US and UK authorities issue alert

February 24, 2022 admin cisa, cyclops blink, IOC, ncsc, NotPetya, sandworm, threat spotlight, ttp, Ukraine, VPNFilter, watchguard

Credit to Author: Pieter Arntz| Date: Thu, 24 Feb 2022 15:38:34 +0000

US and UK authorities have attributed the newly found malware Cyclops Blink to the Russian state-sponsored Sandworm group.

The post Cyclops Blink malware: US and UK authorities issue alert appeared first on Malwarebytes Labs.

MalwareBytes Security

Threat spotlight: RobbinHood ransomware takes the driver’s seat

February 20, 2020 admin .enc_robbinhood, Anti-Ransomware, baltimore, bitcoin, greenville, Malwarebytes, ransom, ransom note, ransomware, ransomware rollback, robbinhood, Robbinhood ransomware, rollback, threat spotlight

Credit to Author: Pieter Arntz| Date: Thu, 20 Feb 2020 18:09:03 +0000

RobbinHood a is a ransomware family that specifically targets organizations using a vulnerable kernel driver to prepare systems for encryption. Learn how to protect against it.

Categories:

Threat spotlight

Tags: .enc_robbinhood Anti-Ransomware baltimore bitcoin greenville Malwarebytes ransom ransom note ransomware ransomware rollback robbinhood robbinhood ransomware rollback

MalwareBytes Security

Business in the front, party in the back: backdoors in elastic servers expose private data

January 17, 2020 admin AWS, AWS buckets, cloud database, cloud databases, cloud infrastructure, elastic databases, elastic servers, insecure cloud, PACs, personally identifiable information, port 9200, threat spotlight

Credit to Author: Vasilios Hioureas| Date: Fri, 17 Jan 2020 18:58:47 +0000

It’s all too easy to discover data leaks online, especially in cloud services. We take a look at misconfigurations in elastic servers that lead to exposed data on the Internet.

Categories:

Threat spotlight

Tags: aws AWS buckets cloud database cloud databases cloud infrastructure elastic databases elastic servers insecure cloud pacs personally identifiable information port 9200

MalwareBytes Security

Threat spotlight: Phobos ransomware lives up to its name

January 10, 2020 admin brute force, coveware, crysis, crysis ransomware, dharma, Dharma Ransomware, disorganised crime, mfa, Multi-Factor Authorization, Phobos, phobos nextgen, phobos notdharma, phobos ransomware, raas, ransomware, Ransomware as a Service, RDP, Remote Desktop Protocol, server message block, SMB, Sodinokibi, threat spotlight, virtual private networks, VPN

Credit to Author: Jovi Umawing| Date: Fri, 10 Jan 2020 18:04:44 +0000

Phobos, which many believe was named after the Greek god of fear, isn’t as widespread as it was before nor is it more novel than your average ransomware. Yet, it remains a threat to consumers and businesses alike. We dive into Phobos ransomware and show users how to face their fears and protect against it.

Categories:

Threat spotlight

Tags: brute force coveware crysis crysis ransomware dharma Dharma ransomware disorganised crime mfa Multi-Factor Authorization Phobos Phobos NextGen Phobos NotDharma Phobos ransomware raas ransomware Ransomware as a Service rdp remote desktop protocol Server Message Block SMB Sodinokibi virtual private networks vpn

MalwareBytes Security

Threat spotlight: The curious case of Ryuk ransomware

December 12, 2019 admin AES, average ransom amount, bitpaymer, BitPaymer ransomware, cryptotech, death note, emotet, far eastern international bank, feib, gabriela nicolao, gandcrab, Hermes, hermes 2.1, luciano martins, pseudo-ransomware, ransom.ryuk, RDP, Remote Desktop Protocol, RSA, russian threat actors, ryuk, Ryuk Ransomware, shinigami’s revenge: the long tail of the ryuk ransomware, threat spotlight, tribune publishing, trickbot, wake-on-lan, wizard spider, wol

Credit to Author: Jovi Umawing| Date: Thu, 12 Dec 2019 22:33:53 +0000

From comic book death god to ransomware baddie, Ryuk ransomware remains a mainstay when organizations find themselves in a crippling malware pinch. We look at Ryuk’s origins, attack methods, and how to protect against this ever-present threat.

Categories:

Threat spotlight

Tags: AES average ransom amount BitPaymer BitPaymer ransomware CryptoTech Death Note emotet Far Eastern International Bank FEIB Gabriela Nicolao gandcrab Hermes Hermes 2.1 Luciano Martins pseudo-ransomware Ransom.Ryuk rdp remote desktop protocol RSA Russian threat actors ryuk Ryuk ransomware Shinigami’s revenge: the long tail of the Ryuk ransomware tribune publishing trickbot Wake-on-LAN Wizard Spider WoL

MalwareBytes Security

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void

July 18, 2019 admin 177a571d7c6a6e4592c60a78b574fe0e, bf9359046c4f5c24de0a9de28bbabd14, caas, Cisco Talos, crime-as-a-service, CVE-2018-8453, CVE-2019-2725, e713658b666ff04c9863ebecb458f174, FruitArmor APT, gandcrab, Heaven's Gate, malvertising, managed service providers, msp hack, Oracle WebLogic vulnerability, raas, Ransom.Sodinokibi, ransomware, Ransomware as a Service, rEvil, salsa20, shadow copy, Sodin, Sodinokibi, threat spotlight, volume snapshot service, vss, Win32k vulnerability, zero-day vulnerability

Credit to Author: Jovi Umawing| Date: Thu, 18 Jul 2019 17:58:26 +0000

There’s a new ransomware-as-a-service (RaaS) in town, and it can twist tongues for giggles as much as twist organizations’ arms for cash. Get to know the Sodinokibi ransomware, including how to protect against this fledgling threat.

Categories:

Threat spotlight

Tags: 177a571d7c6a6e4592c60a78b574fe0e bf9359046c4f5c24de0a9de28bbabd14 caas Cisco Talos crime-as-a-service CVE-2018-8453 CVE-2019-2725 e713658b666ff04c9863ebecb458f174 FruitArmor APT gandcrab Heaven’s Gate malvertising managed service providers msp hack Oracle WebLogic vulnerability raas Ransom.Sodinokibi ransomware Ransomware as a Service revil salsa20 shadow copy sodin Sodinokibi volume snapshot service vss Win32k vulnerability zero-day vulnerability

MalwareBytes Security

MegaCortex continues trend of targeted ransomware attacks

June 12, 2019 admin aes128ctr, business security, MegaCortex, ransom, ransom.megacortex, ransomware, ransomware attack, targeted ransomware, threat spotlight

Credit to Author: Pieter Arntz| Date: Wed, 12 Jun 2019 16:03:25 +0000

In this threat spotlight, we feature MegaCortex, another custom ransomware designed for targeted attacks on enterprises. Will this Matrix-inspired malware strike again?

Categories:

Threat spotlight

Tags: aes128ctr business security megacortex ransom ransom.megacortex ransomware ransomware attack targeted ransomware

← Previous