In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk.
Therefore, to prevent your company from falling prey to opportunists looking for such low-hanging companies to attack, Group-IB’s Threat Intelligence Team decided to write a very straightforward report on TTPs of The Gentlemen; whose TTPs overlap with techniques of other financially motivated threat actors conducting intrusions for extortion. The information shared in this blog comes from intrusion analysis and underground private sources monitored by Group-IB’s Threat Intelligence Team. Thus, the information has a high confidence level.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Building cyber resilience key in securing future of Africa’s people
October 11, 2024
An average of 2 960 attacks: that is the number of cyber attacks to which the ordinary organisation in Africa is subjected each and every week. It is a staggering revelation and what makes it more worrying is that this is growing rapidly every year. This year’s figure is up 37% on the previous year, according ...
- Education under siege: How cybercriminals target our schools
October 10, 2024
Education is essentially an “industry of industries,” with K-12 and higher education enterprises handling data that could include health records, financial data, and other regulated information. At the same time, their facilities can host payment processing systems, networks that are used as internet service providers (ISPs), and other diverse infrastructure. The cyberthreats that Microsoft observes across ...
- Exploited Vulnerability in Multiple Fortinet Products
October 10, 2024
Fortinet has released a security advisory to address a critical vulnerability in the FortiOS fgfmd daemon. CVE-2024-23113 is a ‘use of externally-controlled format string’ vulnerability with a CVSSv3 score of 9.8. A remote unauthenticated attacker could send specially crafted requests to execute arbitrary code (ACE) or commands. Affected organisations are encouraged to review Fortinet PSIRT Advisory ...
- RDDoS Attack: What to Do if Hackers Demand a Ransom
October 10, 2024
DDoS attacks have evolved from simple disruptions into serious threats, with cybercriminals using them to demand ransoms and fill their cryptocurrency wallets. These attackers often operate like modern-day mafiosi, issuing threats and demanding payments. Pay up, or face two outcomes: either the attacks will start, or they simply won’t stop. In this article, StormWall researchers will ...
- FBI: Update on SVR Cyber Operations and Vulnerability Exploitation
October 10, 2024
The Federal Bureau of Investigation (FBI) and pertners are releasing this joint Cybersecurity Advisory (CSA) to highlight the tactics, techniques, and procedures (TTPs) employed by the Russian Federation’s Foreign Intelligence Service (SVR) in recent cyber operations and provide network defenders with information to help counter SVR cyber threats. Since at least 2021, Russian SVR cyber actors ...
- Lynx Ransomware: A Rebranding of INC Ransomware
October 10, 2024
In July 2024, researchers from Palo Alto Networks discovered a successor to INC ransomware named Lynx. Since its emergence, the group behind this ransomware has actively targeted organizations in various sectors such as retail, real estate, architecture, and financial and environmental services in the U.S. and UK. Lynx ransomware shares a significant portion of its source ...