Tag: phishing
Babuk Ransomware (RaaS): Back-up Deletion and how to stop it
Published 5 months ago
Babuk ransomware was discovered in January 2021 and operated a ransomware-as-a-service (RaaS) model before shutting down its operations in April. The group’s modus operandi is much like other RaaS operations, compromising organizations via phishing attempts or vulnerability exploits such as those used by HAFNIUM to gain initial access. This is followed by exfiltration of sensitive …
Continue reading “Babuk Ransomware (RaaS): Back-up Deletion and how to stop it”
Dridex: the secret in a PostMessage()
Published 2 years ago
Dridex is a well-known banking malware that evolves constantly. This time we analyze a new variant that uses an effective technique to bypass security solutions.
Banks and crypto wallets: unveiling a global malware campaign using Zeus/Panda
Published 3 years ago
For the past weeks our Threat Intelligence team has been following an enxtesive campaign, possibly operated by the same group, targeting a large amount of financial institutions, cyptocurrency wallets and the occasional Google and Apple accounts. The attackers target their victims both with Phishing emails, typo-squatted domains and malicious attachments that eventually lead to the …
Continue reading “Banks and crypto wallets: unveiling a global malware campaign using Zeus/Panda”
Uncovering a ransomware distribution operation – Part 2
Published 6 years ago
In Part 1 we’ve analyzed a vast Crypt0L0cker ransomware distribution operation currently affecting continental Europe and ready to jump to new countries. In this second post we’ll analyze in detail the server side code used to dispatch the victims towards the correct websites, up to the ransomware itself. We’ll also analyze the ransomware behaviour and how …
Continue reading “Uncovering a ransomware distribution operation – Part 2”
Uncovering a ransomware distribution operation – Part 1
Published 6 years ago
Recently we uncovered a ransomware distribution operation targeting European users and carried out via phishing scams. In this post we will show how we have conducted the research: from the initial infection stage back to the person that is orchestrating the whole operation. These campaigns are targeting Italy, Denmark and Spain, although we have detected two new campaigns about to be started …
Continue reading “Uncovering a ransomware distribution operation – Part 1”