-
Iranian hackers attack exposed RDP servers to deploy Dharma ransomware
Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity.
- August 24, 2020
- 05:12 AM
1
-
Dharma ransomware created a hacking toolkit to make cybercrime easy
The Dharma Ransomware-as-a-Service (RaaS) operation makes it easy for a wannabe cyber-criminal to get into the ransomware business by offering a toolkit that does almost everything for them.
- August 12, 2020
- 02:46 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
GandCrab ransomware operator arrested in Belarus
An affiliate of the GandCrab ransomware-as-a-business (RaaS) has been arrested, according to some Russian news sources. Authorities in Russia were able to identify the individual in cooperation with law enforcement in Romania and the U.K.
- July 31, 2020
- 06:13 PM
- 2
-
The Week in Ransomware - May 15th 2020 - REvil targets Trump
This week, we saw some interesting news about ransomware features being added and continued attackers against high profile victims.
- May 16, 2020
- 02:13 PM
- 1
-
Tools and Tactics of the Sodinokibi Ransomware Distributors
Using a network of honeypots, researchers from McAfee examined the tools and tactics used by the Sodinokibi Ransomware (REvil) affiliates to infect their victims with ransomware and compromise other machines on the network.
- October 21, 2019
- 12:01 AM
- 1
-
Sodinokibi Ransomware: Following the Affiliate Money Trail
After a Sodinokibi ransomware affiliate posted partial transaction IDs for ransomware payments, researchers were able to use that information to follow the money trail for affiliates and in some cases, how they spend their illicit earnings.
- October 14, 2019
- 12:01 AM
- 0
-
Sodinokibi Ransomware Builds An All-Star Team of Affiliates
The Sodinokibi Ransomware (REvil) has been making news lately as they target the enterprise, MSPs, and government entities through their hand-picked team of all-star affiliates. These affiliates appear to have had a prior history with the GandCrab RaaS and use similar distribution methods.
- October 02, 2019
- 12:24 PM
- 0
-
Jokeroo Ransomware as a Service Pulls an Exit Scam
Since May 7th, 2019, the Tor sites for the Jokeroo Ransomware as a Service (RaaS) have started displaying a notice stating that their server was seized by the Royal Thai Police in conjunction with the Dutch National Police and Europol. It turns out that this notice is fake and the RaaS is performing an exit scam.
- May 09, 2019
- 02:24 PM
- 0
-
Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits
A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours.
- March 12, 2019
- 04:30 AM
- 0
-
BlackRouter Ransomware Promoted as a RaaS by Iranian Developer
A ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previousl distributed another ransomware called Blackheart and promotes other infections such as a RAT.
- January 17, 2019
- 05:48 PM
- 2
- 1
- 2
