Babuk ransomware was discovered in January 2021 and operated a ransomware-as-a-service (RaaS) model before shutting down its operations in April. The group’s modus operandi is much like other RaaS operations, compromising organizations via phishing attempts or vulnerability exploits such as those used by HAFNIUM to gain initial access. This is followed by exfiltration of sensitive …

Rook, the latest kid on the block for ransomware operations, first appeared on VirusTotal on 26 November 2021. Since its discovery, Rook has claimed its victims across verticals like Banking, Finance, Technology and Aerospace and they have been announced on their TOR site. Like most ransomware operations, Rook utilizes a ‘double extortion’ approach to force …

AvosLocker recently made headlines as a new ransomware-as-a-service (RaaS) that commenced operations in June, represented by a purple bug brand logo. Operating based on a similar modus operandi to most RaaS, AvosLocker has started promoting its RaaS program via various forums on the dark web in its search for affiliates. AvosLocker’s primary mode of malware …

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Sep 22 around the CONTI Ransomware Group, providing detailed information regarding its exploits and affiliates. Together with the Federal Bureau of Investigation (FBI), they have seen Conti ransomware in over 400 attacks targeted on international enterprises. A PDF version of the advisory which contains …

Following the recent trend in ransomware affiliates, BlackMatter has emerged as the latest ransomware-as-service (RaaS). According to Threat Intelligence company Recorded Future, BlackMatter has announced that they have “incorporated in itself the best features of DarkSide, REvil, and LockBit” as mentioned in an interview. Black Matter cited the following inspirations from each of their partner …

Following REvil’s sudden disappearance, the empty niche in the RaaS (Ransomware as a Service) ecosystem has quickly been occupied by a new actor: LockBit that recently unveiled their LockBit 2.0 ransomware, capable of impressive encryption speeds – according to their own benchmarks – a full-fledged exfiltration service and a new affiliate program. Soon after its …