RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Credit to Author: Hitomi Kimura| Date: Wed, 13 Sep 2023 00:00:00 +0000

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.

Read more

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms

Credit to Author: Ed Cabrera| Date: Fri, 08 Sep 2023 00:00:00 +0000

Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members.

Read more

Monti Ransomware Unleashes a New Encryptor for Linux

Credit to Author: Nathaniel Morales| Date: Mon, 14 Aug 2023 00:00:00 +0000

The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions.

Read more

TargetCompany Ransomware Abuses FUD Obfuscator Packers

Credit to Author: Don Ovid Ladores| Date: Mon, 07 Aug 2023 00:00:00 +0000

In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.

Read more

Tailing Big Head Ransomware’s Variants, Tactics, and Impact

Credit to Author: Ieriz Nicolle Gonzalez| Date: Fri, 07 Jul 2023 00:00:00 +0000

We analyze the technical details of a new ransomware family named Big Head. In this entry, we discuss the Big Head ransomware’s similarities and distinct markers that add more technical details to initial reports on the ransomware.

Read more

An Overview of the Different Versions of the Trigona Ransomware

Credit to Author: Arianne Dela Cruz| Date: Fri, 23 Jun 2023 00:00:00 +0000

The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously updating their ransomware binaries.

Read more

Xollam, the Latest Face of TargetCompany

Credit to Author: Earle Maui Earnshaw| Date: Tue, 06 Jun 2023 00:00:00 +0000

This blog talks about the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. We also investigate previous variants’ behaviors and the ransomware family’s extortion scheme.

Read more

BlackCat Ransomware Deploys New Signed Kernel Driver

Credit to Author: Mahmoud Zohdy| Date: Mon, 22 May 2023 00:00:00 +0000

In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase.

Read more