gandcrab – Computer Security Articles

It’s business as usual for REvil ransomware

May 5, 2022 admin gandcrab, Jakub Kroustek, jbs, kaseya, raas, ransomware, Ransomware as a Service, rEvil, revil ransomware, Sodin, Sodinokibi

Credit to Author: Jovi Umawing| Date: Thu, 05 May 2022 11:24:03 +0000

A sample of the new REvil ransomware was found in the wild, signaling that, yes, REvil has indeed come back.

The post It’s business as usual for REvil ransomware appeared first on Malwarebytes Labs.

Security Sophos

The Ransomware Threat Intelligence Center

March 17, 2022 admin active adversary, astrolocker, atom silo, avaddon, avos locker, black kingdom, blackmatter, conti, cring, darkside, dearcry, dharma, egregor, entropy, epsilon red, Featured, gandcrab, karma, lockbit, lockfile, maze, memento, Midas, nefilim, netwalker, python, ragnar locker, ragnarok, ransomware, rEvil, robbinhood, ryuk, SamSam, security operations, snatch, sophos threat report, WannaCry, wastedlocker

Credit to Author: Tilly Travers| Date: Thu, 17 Mar 2022 09:13:50 +0000

A collection of Sophos threat research articles and security operations reports related to new or prevalent ransomware groups from 2018 to the present. The content will be updated as new research is published

Independent Krebs

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

February 2, 2022 admin andrey sergeevich bessonov, colonial pipeline, darkside, dmitri alperovitch, FSB, gandcrab, immersive labs, kevin breen, Ne'er-Do-Well News, NotPetya, president biden, ransomware, rEvil, roman gennadyevich muromsky, The Coming Storm, Vladimir Putin

Credit to Author: BrianKrebs| Date: Fri, 14 Jan 2022 22:41:34 +0000

The Russian government said today it arrested 14 people accused of working for “REvil,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to station 100,000 troops along the nation’s border with Ukraine.

MalwareBytes Security

Threat spotlight: The curious case of Ryuk ransomware

December 12, 2019 admin AES, average ransom amount, bitpaymer, BitPaymer ransomware, cryptotech, death note, emotet, far eastern international bank, feib, gabriela nicolao, gandcrab, Hermes, hermes 2.1, luciano martins, pseudo-ransomware, ransom.ryuk, RDP, Remote Desktop Protocol, RSA, russian threat actors, ryuk, Ryuk Ransomware, shinigami’s revenge: the long tail of the ryuk ransomware, threat spotlight, tribune publishing, trickbot, wake-on-lan, wizard spider, wol

Credit to Author: Jovi Umawing| Date: Thu, 12 Dec 2019 22:33:53 +0000

From comic book death god to ransomware baddie, Ryuk ransomware remains a mainstay when organizations find themselves in a crippling malware pinch. We look at Ryuk’s origins, attack methods, and how to protect against this ever-present threat.

Categories:

Threat spotlight

Tags: AES average ransom amount BitPaymer BitPaymer ransomware CryptoTech Death Note emotet Far Eastern International Bank FEIB Gabriela Nicolao gandcrab Hermes Hermes 2.1 Luciano Martins pseudo-ransomware Ransom.Ryuk rdp remote desktop protocol RSA Russian threat actors ryuk Ryuk ransomware Shinigami’s revenge: the long tail of the Ryuk ransomware tribune publishing trickbot Wake-on-LAN Wizard Spider WoL

MalwareBytes Security

Labs quarterly report finds ransomware’s gone rampant against businesses

August 8, 2019 admin Cerber, CTNT, gandcrab, Locky, Phobos, ransomware, ransomware report, rapid, reports, ryuk, Ryuk Ransomware, Sodinokibi, Troldesh, Troldesh ransomware

Credit to Author: Wendy Zamora| Date: Thu, 08 Aug 2019 14:00:00 +0000

This quarter, we noticed one threat dominating the landscape so much it deserved its own hard look. Ransomware is back in a big way, targeting businesses with brute force.

Categories:

Reports

Tags: cerber CTNT gandcrab Locky Phobos ransomware ransomware report rapid ryuk Ryuk ransomware Sodinokibi Troldesh Troldesh ransomware

MalwareBytes Security

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void

July 18, 2019 admin 177a571d7c6a6e4592c60a78b574fe0e, bf9359046c4f5c24de0a9de28bbabd14, caas, Cisco Talos, crime-as-a-service, CVE-2018-8453, CVE-2019-2725, e713658b666ff04c9863ebecb458f174, FruitArmor APT, gandcrab, Heaven's Gate, malvertising, managed service providers, msp hack, Oracle WebLogic vulnerability, raas, Ransom.Sodinokibi, ransomware, Ransomware as a Service, rEvil, salsa20, shadow copy, Sodin, Sodinokibi, threat spotlight, volume snapshot service, vss, Win32k vulnerability, zero-day vulnerability

Credit to Author: Jovi Umawing| Date: Thu, 18 Jul 2019 17:58:26 +0000

There’s a new ransomware-as-a-service (RaaS) in town, and it can twist tongues for giggles as much as twist organizations’ arms for cash. Get to know the Sodinokibi ransomware, including how to protect against this fledgling threat.

Categories:

Threat spotlight

Tags: 177a571d7c6a6e4592c60a78b574fe0e bf9359046c4f5c24de0a9de28bbabd14 caas Cisco Talos crime-as-a-service CVE-2018-8453 CVE-2019-2725 e713658b666ff04c9863ebecb458f174 FruitArmor APT gandcrab Heaven’s Gate malvertising managed service providers msp hack Oracle WebLogic vulnerability raas Ransom.Sodinokibi ransomware Ransomware as a Service revil salsa20 shadow copy sodin Sodinokibi volume snapshot service vss Win32k vulnerability zero-day vulnerability

Independent Krebs

Is ‘REvil’ the New GandCrab Ransomware?

July 15, 2019 admin Cisco Talos, gandcrab, Intel471, kaspersky lab, Ne'er-Do-Well News, rEvil, Sodin, Sodinokibi, Tesorion, The Coming Storm

Credit to Author: BrianKrebs| Date: Mon, 15 Jul 2019 15:58:30 +0000

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.”

Independent Krebs

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

June 3, 2019 admin A Little Sunshine, Armor, Eternal Blue, gandcrab, Joe Stewart, microsoft windows, national security agency, PCRisk.com, Robbinhood ransomware, robinhkjn, The New York Times, Twitter, Valery

Credit to Author: BrianKrebs| Date: Tue, 04 Jun 2019 00:16:11 +0000

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it.

← Previous