SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant

Credit to Author: Nathaniel Morales| Date: Tue, 02 Aug 2022 00:00:00 +0000

This blog entry offers a technical analysis of a new SolidBit variant that is posing as different applications to lure gamers and social media users. The SolidBit ransomware group appears to be planning to expand its operations through these fraudulent apps and its recruitment of ransomware-as-a-service affiliates.

Read more

LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities

Credit to Author: Ivan Nicole Chavez| Date: Mon, 25 Jul 2022 00:00:00 +0000

In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware.

Read more

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server

Credit to Author: Nathaniel Morales| Date: Wed, 06 Jul 2022 00:00:00 +0000

We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection.

Read more

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

Credit to Author: Kenneth Adrian Apostol| Date: Thu, 30 Jun 2022 00:00:00 +0000

We look into a recent attack orchestrated by the Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations.

Read more

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Credit to Author: Shingo Matsugaya| Date: Mon, 27 Jun 2022 00:00:00 +0000

We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.

Read more

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

Credit to Author: Don Ovid Ladores| Date: Wed, 08 Jun 2022 00:00:00 +0000

Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report.

Read more