Ransomware as a Service – PossibleThreat Articles

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 26 Sep 2024 17:00:00 +0000

Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, […]

The post Storm-0501: Ransomware attacks expanding to hybrid cloud environments appeared first on Microsoft Security Blog.

Independent Krebs Security

How Did Authorities Identify the Alleged Lockbit Boss?

May 13, 2024 0 Comments 3k@xakep.ru, 7.9521020220, A Little Sunshine, antichat, Breadcrumbs, cerber, constella intelligence, d.horoshev@gmail.com, dmitrij ju horoshev, dmitry yuriyevich khoroshev, Exploit, icq number 669316, intel 471, khoroshev1@icloud.com, lockbit, lockbitsupp, Ne'er-Do-Well News, nerowolfe, pin@darktower.su, putinkrab, Ransomware, Ransomware as a Service, sitedev5@yandex.ru, stairwell.ru, tkaner.com, u.s. department of the treasury, verified

Credit to Author: BrianKrebs| Date: Mon, 13 May 2024 11:26:27 +0000

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.

Microsoft Security

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

October 30, 2023 0 Comments adversary-in-the-middle (aitm), credential theft, elevation of privilege, extortion, human-operated ransomware, Ransomware as a Service, tempest

Credit to Author: Microsoft Incident Response and Microsoft Threat Intelligence| Date: Wed, 25 Oct 2023 16:30:00 +0000

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.

The post Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction appeared first on Microsoft Security Blog.

Microsoft Security

Hive ransomware gets upgrades in Rust

July 5, 2022 0 Comments cybersecurity, hive, Microsoft security intelligence, mstic, Ransomware, Ransomware as a Service

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Tue, 05 Jul 2022 16:00:00 +0000

With its latest variant carrying several major upgrades, Hive proves it’s one of the fastest evolving ransomware payload, exemplifying the continuously changing ransomware ecosystem.

The post Hive ransomware gets upgrades in Rust appeared first on Microsoft Security Blog.

Microsoft Security

The many lives of BlackCat ransomware

June 13, 2022 0 Comments cybersecurity, human-operated ransomware, Microsoft security intelligence, Ransomware, Ransomware as a Service

Credit to Author: Paul Oliveria| Date: Mon, 13 Jun 2022 16:00:00 +0000

The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.

The post The many lives of BlackCat ransomware appeared first on Microsoft Security Blog.

Security Sophos

The Active Adversary Playbook 2022

June 7, 2022 0 Comments active adversary, artifacts, attack tools, cobalt strike, Cryptomining, cyberattacks, cyberthreats, dwell time, Exploit, featured, initial access broker, malware delivery system, mitre, proxylogon, proxyshell, Ransomware, Ransomware as a Service, security operations, sophos rapid response, vulnerability

Credit to Author: Tilly Travers| Date: Tue, 07 Jun 2022 11:02:43 +0000

Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021

Microsoft Security

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

May 9, 2022 0 Comments cybersecurity, human-operated ransomware, Microsoft security intelligence, Ransomware, Ransomware as a Service

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Mon, 09 May 2022 13:00:00 +0000

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

The post Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself appeared first on Microsoft Security Blog.

MalwareBytes Security

It’s business as usual for REvil ransomware

May 5, 2022 0 Comments gandcrab, jakub kroustek, jbs, kaseya, raas, Ransomware, Ransomware as a Service, revil, revil ransomware, sodin, Sodinokibi

Credit to Author: Jovi Umawing| Date: Thu, 05 May 2022 11:24:03 +0000

A sample of the new REvil ransomware was found in the wild, signaling that, yes, REvil has indeed come back.

The post It’s business as usual for REvil ransomware appeared first on Malwarebytes Labs.

MalwareBytes Security

Ransomware gang hits 49ers’ network before Super Bowl kick off

February 14, 2022 0 Comments 2fa, 49ers, blackbyte ransomware, FBI, proxyshell, proxyshell vulnerability, raas, Ransomware, Ransomware as a Service, san franciso 49ers, two-factor authentication

Credit to Author: Jovi Umawing| Date: Mon, 14 Feb 2022 15:52:18 +0000

Just hours before the Super Bowl Sunday kick off, the San Francisco 49ers confirmed it was the victim of a ransomware attack.

Categories: Ransomware

Tags: 2fa 49ers BlackByte ransomware fbi proxyshell ProxyShell vulnerability raas ransomware ransomware-as-a-service San Franciso 49ers two-factor authentication

MalwareBytes Security

Threat spotlight: Phobos ransomware lives up to its name

January 10, 2020 0 Comments brute force, coveware, crysis, crysis ransomware, dharma, dharma ransomware, disorganised crime, MFA, multi-factor authorization, Phobos, phobos nextgen, phobos notdharma, phobos ransomware, raas, Ransomware, Ransomware as a Service, RDP, remote desktop protocol, server message block, smb, Sodinokibi, Threat spotlight, virtual private networks, vpn

Credit to Author: Jovi Umawing| Date: Fri, 10 Jan 2020 18:04:44 +0000

Phobos, which many believe was named after the Greek god of fear, isn’t as widespread as it was before nor is it more novel than your average ransomware. Yet, it remains a threat to consumers and businesses alike. We dive into Phobos ransomware and show users how to face their fears and protect against it.

Categories:

Threat spotlight

Tags: brute force coveware crysis crysis ransomware dharma Dharma ransomware disorganised crime mfa Multi-Factor Authorization Phobos Phobos NextGen Phobos NotDharma Phobos ransomware raas ransomware Ransomware as a Service rdp remote desktop protocol Server Message Block SMB Sodinokibi virtual private networks vpn

← Previous