New RaaS CryptNet Advertised for Double Extortion Attacks in Dark Web Forums

Context On May 16, 2023, ZScaler threat researchers reported the technical details of a new ransomware-as-a-service (RaaS) operation they’ve observed being advertised on dark web forums. ZScaler researchers provided the following key takeaways: CryptNet is a new ransomware-as-a-service that has been advertised in underground forums since at least April 2023 The CryptNet threat group claims…

Read More

New Mimic Ransomware Abuses Everything Paid to Speed Encryption

Context On January 26, 2023, Trend Micro researchers reported the technical details of a new ransomware they dubbed “Mimic” they observed in June of 2022 targeting English and Russian-speaking users. Technical Details According to Trend Micro researchers, the campaign delivers an executable that drops multiple binaries and an archive containing the payload. Reportedly, the key…

Read More

Ongoing Trend of Ransomware Campaigns Using Copyright Claim as Theme

Context On June 24, 2022, AhnLab Security Emergency response Center (ASEC) researchers reported the technical details of an ongoing phishing campaign that uses malicious files disguised as copyright claim documents to deliver the LockBit ransomware. The use of copyright claims as a theme is an ongoing trend in ransomware phishing campaigns observed in the wild….

Read More

Preventing Ransomware Attacks in a Hybrid Cloud Environment

Businesses interested in scaling up operations are turning to hybrid cloud environments as a cost-effective solution. Hybrid clouds provide the best of both worlds, allowing companies to expand their network without investing in additional, costly on-premises servers that must be maintained. While there are a number of benefits to a hybrid cloud environment, it is,…

Read More

Conti Ransomware Shuts Down Operation, Splinters into Smaller Groups

Summary The notable ransomware gang known as Conti has, according to security firm Advanced Intel (AdvIntel), taken its infrastructure offline and shut down its ransomware operations. While public-facing ‘Conti News’ data leak and the ransom negotiation sites are still online, the Tor admin panels used by Conti members to perform negotiations, publish news, and generate…

Read More