The Ransomware Threat Intelligence Center

Credit to Author: Tilly Travers| Date: Thu, 17 Mar 2022 09:13:50 +0000

A collection of Sophos threat research articles and security operations reports related to new or prevalent ransomware groups from 2018 to the present. The content will be updated as new research is published

Read more

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Credit to Author: BrianKrebs| Date: Fri, 14 Jan 2022 22:41:34 +0000

The Russian government said today it arrested 14 people accused of working for “REvil,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to station 100,000 troops along the nation’s border with Ukraine.

Read more

Threat spotlight: The curious case of Ryuk ransomware

Credit to Author: Jovi Umawing| Date: Thu, 12 Dec 2019 22:33:53 +0000

From comic book death god to ransomware baddie, Ryuk ransomware remains a mainstay when organizations find themselves in a crippling malware pinch. We look at Ryuk’s origins, attack methods, and how to protect against this ever-present threat.

Categories:

Tags:

(Read more…)

The post Threat spotlight: The curious case of Ryuk ransomware appeared first on Malwarebytes Labs.

Read more

Labs quarterly report finds ransomware’s gone rampant against businesses

Credit to Author: Wendy Zamora| Date: Thu, 08 Aug 2019 14:00:00 +0000

This quarter, we noticed one threat dominating the landscape so much it deserved its own hard look. Ransomware is back in a big way, targeting businesses with brute force.

Categories:

Tags:

(Read more…)

The post Labs quarterly report finds ransomware’s gone rampant against businesses appeared first on Malwarebytes Labs.

Read more

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void

Credit to Author: Jovi Umawing| Date: Thu, 18 Jul 2019 17:58:26 +0000

There’s a new ransomware-as-a-service (RaaS) in town, and it can twist tongues for giggles as much as twist organizations’ arms for cash. Get to know the Sodinokibi ransomware, including how to protect against this fledgling threat.

Categories:

Tags:

(Read more…)

The post Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void appeared first on Malwarebytes Labs.

Read more

Is ‘REvil’ the New GandCrab Ransomware?

Credit to Author: BrianKrebs| Date: Mon, 15 Jul 2019 15:58:30 +0000

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.”

Read more

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Credit to Author: BrianKrebs| Date: Tue, 04 Jun 2019 00:16:11 +0000

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it.

Read more