Tag: raas
Babuk Ransomware (RaaS): Back-up Deletion and how to stop it
Published 4 months ago
Babuk ransomware was discovered in January 2021 and operated a ransomware-as-a-service (RaaS) model before shutting down its operations in April. The group’s modus operandi is much like other RaaS operations, compromising organizations via phishing attempts or vulnerability exploits such as those used by HAFNIUM to gain initial access. This is followed by exfiltration of sensitive …
Continue reading “Babuk Ransomware (RaaS): Back-up Deletion and how to stop it”
Rook Ransomware (RaaS): The latest kid on the block with an attitude.
Published 3 months ago
Rook, the latest kid on the block for ransomware operations, first appeared on VirusTotal on 26 November 2021. Since its discovery, Rook has claimed its victims across verticals like Banking, Finance, Technology and Aerospace and they have been announced on their TOR site. Like most ransomware operations, Rook utilizes a ‘double extortion’ approach to force …
Continue reading “Rook Ransomware (RaaS): The latest kid on the block with an attitude.”
AvosLocker Ransomware (RaaS): A New Ransomware Group Emerges
Published 6 months ago
AvosLocker recently made headlines as a new ransomware-as-a-service (RaaS) that commenced operations in June, represented by a purple bug brand logo. Operating based on a similar modus operandi to most RaaS, AvosLocker has started promoting its RaaS program via various forums on the dark web in its search for affiliates. AvosLocker’s primary mode of malware …
Continue reading “AvosLocker Ransomware (RaaS): A New Ransomware Group Emerges”
Conti Ransomware (RaaS): A New Wage-Paying Affiliate Model
Published 7 months ago
The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Sep 22 around the CONTI Ransomware Group, providing detailed information regarding its exploits and affiliates. Together with the Federal Bureau of Investigation (FBI), they have seen Conti ransomware in over 400 attacks targeted on international enterprises. A PDF version of the advisory which contains …
Continue reading “Conti Ransomware (RaaS): A New Wage-Paying Affiliate Model”
BlackMatter Ransomware: A New Ransomware-as-a-Service (RaaS)
Published 8 months ago
Following the recent trend in ransomware affiliates, BlackMatter has emerged as the latest ransomware-as-service (RaaS). According to Threat Intelligence company Recorded Future, BlackMatter has announced that they have “incorporated in itself the best features of DarkSide, REvil, and LockBit” as mentioned in an interview. Black Matter cited the following inspirations from each of their partner …
Continue reading “BlackMatter Ransomware: A New Ransomware-as-a-Service (RaaS)”
A New Era of Ransomware and its Affiliates: LockBit 2.0
Published 9 months ago
Following REvil’s sudden disappearance, the empty niche in the RaaS (Ransomware as a Service) ecosystem has quickly been occupied by a new actor: LockBit that recently unveiled their LockBit 2.0 ransomware, capable of impressive encryption speeds – according to their own benchmarks – a full-fledged exfiltration service and a new affiliate program. Soon after its …
Continue reading “A New Era of Ransomware and its Affiliates: LockBit 2.0”