CyberVolk Ransomware Technical & Malware Analysis
Blog The CyberVolk Ransomware represents a significant and evolving cyber threat, crafted by the financially motivated CyberVolk group, an Indian hacker organization linked with Russian cyber threat actors. This ransomware, which has rapidly gained notoriety in the cybersecurity community, was released as Ransomware-as-a-Service (RaaS) and demonstrated sophisticated encryption techniques, including the use of quantum-resistant algorithms. […]
Unpacking Rhysida Ransomware: Technical Insights and the Washington Times Attack
Blog Over the past several years, ransomware attacks have skyrocketed and are now among the most costly and perilous threats to nearly all industries in the world. These attacks, which lock up a victim’s data and demand payment for unlocking it, can shutter operations, expose sensitive information, and cause millions in losses. The latest strain, […]
Darkweb’s New Favorite: AzzaSec Ransomware
Blog AzzaSec Ransomware, developed by the AzzaSec Hacktivist Group, represents a significant cybersecurity threat due to its sophisticated features and destructive capabilities. This ransomware is particularly dangerous because of its fully undetected (FUD) nature and its use in targeted attacks via ransomware as a service (RaaS). Key Findings Development and Affiliations: AzzaSec Ransomware was developed by the […]
Hunter’s Lens: Ransomware 2.0: Beyond Encryption to Extortion
Blog In the past few years, one cybersecurity evolution has stood out to me as a particularly concerning development. That is the growing ferocity and effectiveness of ransomware, which I’ve referred to as ‘Ransomware 2.0’. Ransomware is malicious software that forces individuals to pay to regain access to their computers or computer data. It works […]
Cisco Has Been Hacked by Yanluowang Ransomware Group
Blog Cisco has confirmed that the Yanluowang ransomware group has breached the company’s network and that the actor has attempted to extort the stolen files under threat of leaking them online. Cisco said on May 24, 2022 that it became aware of a possible compromise. CyberKnow Twitter It was determined that a Cisco employee had […]
USA Offers $10M Bounty for Providing Information on the Conti Ransomware Gang
Blog As part of the Justice Awards program, the US State Department announced that a $10 million reward will be offered for information on five high-ranking Conti ransomware members, including the first reveal of one of the members’ face. The program is a State Department program with monetary rewards for information on threat actors that […]
Who is DarkSide Ransomware Group?
Blog Who is DarkSide Ransomware Group? FBI claims attack on the Colonial Pipeline has been attributed to DarkSide Ransomware, a kind of new ransomware family that emerged on the crimeware market at the beginning of November 2020. DarkSide is a Ransomware-as-a-Service with the stated goal of targeting ‘large corporations.’ They are primarily focused on recruiting […]
REvil Ransomware Malware Analysis
Blog 1. Overall Summary The REvil (also known as Sodinokibi) is a Ransomware-as-a-Service (RaaS). The first attack of REvil in the middle of April 2019, got huge attention from the Cyber Security world due to sharing many similarities with GandCrab Ransomware and the distribution techniques of ransomware they are using such as exploit kits, scan […]
LockBit 2.0 Ransomware Analysis
Blog 1 Executive Summary 1.1 Overview LockBit 2.0 is a Ransomware as a Service (RaaS), with an Affiliate program in place. Oftentimes, their binaries are cryptographically signed with valid, stolen certificates. LockBit Ransomware have some similarity with Maze Ransomware in UAC bypass techniques but Encryption Routine makes LockBit 2.0 so powerful and fast against other […]