Ransomware attacks represent a significant cybersecurity threat, affecting various sectors and individuals. This study examines a comprehensive dataset of ransomware payments and chat logs to better understand the strategies and patterns of attackers. The analysis focuses on major ransomware groups, including LockBit, Hive, BlackMatter, and Conti, covering 200 incidents from Continue Reading
Malware’s Shared Secrets: Code Similarity Insights for Ransomware Gangs Activities Tracking
On July 1, 2024, the cyber security vendor Halcyon, Inc., identified a novel ransomware strain they named LukaLocker (ref. here). In the article researchers from Halcyon reported a new ransomware operator, dubbed Volcano Demon, specialized in attacks using the LukaLocker encryptor. According to the source, the threat actor targets both Continue Reading
Unveiling AzzaSec Ransomware: Technical insights into the group’s locker.
AzzaSec emerged as an Italian hacktivist group leveraging ransomware to further their political and ideological objectives. In recent days a lot of media attention has been dedicated to this group, especially in conjunction with the announcement of a R-a-a-S (Ransomware-as-a-Service) program adopted by the group in question. Since AzzaSec sells Continue Reading
A {Black}Cat and mouse game: How the gang’s operators have ‘unseized’ their Dedicated Leak Site
In recent days, the FBI was entrenched in a virtual struggle against the ransomware group known as ALPHV / BlackCat. This engagement unfolded subsequent to the FBI gaining control of the underlying infrastructure that the group had utilized to amass over $300 million in ransoms. In the early hours of Dec. 19, 2023, the darkweb Continue Reading
Rhysida: An old / new threat in the ransomware landscape
Rhysida is a relatively new ransomware group operating as a R-a-a-S (Ransomware-as-a-Service) provider. The corresponding ransomware has the particularity of making use of LibTomCrypt, a cryptographic library that allows attackers to leverage on robust encryption methods and a fast development. Rhysida appears to be written in C++ and compiled via MinGW; the payloads I’ve found are quite Continue Reading
ALPHV / BlackCat: Threat Assessment and Profile
BlackCat / ALPHV is known for high-profile attacks like those conducted against the italian luxury brand Moncler, the aviation company Swissport and more recently against GSE (Gestore Servizi Energetici SpA). The ransomware payload includes a lot of advanced features and is able to support a wide range of offensive operations and to impact different environment . It’s command-line driven Continue Reading
Affiliates vs Hunters: Fighting the “DarkSide”
On August 2020 a new type of malware, belonging to the Ransomware category, appeared in the cyber threat landscape. Threat actor responsible for its development called it “DarkSide” and , like others piece of malware of this type, is operated in Big Game Hunting (BGH) campaigns. Around more or less the same time, a DLS (Dedicated Leak Continue Reading