RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware.
Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. Despite shared origins, it is unlikely that Knight’s creators are now operating RansomHub.
Read more…
Source: Symantec
Related:
- TA505 Crime Gang Debuts Brand-New ServHelper Backdoor
January 11, 2019
The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions. A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has ...
- New tool automates phishing attacks that bypass 2FA
January 9, 2019
A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). Named Modlishka –the English pronunciation of the Polish word for mantis– this new tool was created ...
- Ransomware MongoLock Immediately Deletes Files, Formats Backup Drives
January 8, 2019
We have been following a new wave of MongoLock ransomware attacks that immediately deletes files upon infection instead of encrypting it, and further scans for other available folders and drives for file deletion. In the wild since December 2018, the ransomware demands a payment of 0.1 bitcoin from victims within 24 hours to retrieve the ...
- GandCrab Operators Use Vidar Infostealer as a Forerunner
January 7, 2019
Cybercriminals behind GandCrab have added the infostealer Vidar in the process for distributing the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files. Following the trails of a malvertising campaign targeting users of torrent trackers and video streaming websites, malware researchers found that Fallout Exploit Kit was used to ...
- Your Word is Your Bond: Trust and Ethics in Underground Forums
January 7, 2019
Although the general public thinks of underground forums as a place where scams and suspicious dealings are rampant, the opposite is usually true: the threat actors who inhabit these sites often consider their reputation a major asset. Many of the individuals and groups in underground forums go to great lengths to ensure that transactions go through ...
- Angela Merkel’s personal details leaked on Twitter
January 4, 2019
An unknown hacker has released confidential data linked to the German Chancellor Angela Merkel and hundreds of the country’s other politicians. The stolen details were released on Twitter over the past few weeks in a sort of Advent Calendar and included bills and credit card information, phone numbers, email addresses, photo identification and personal chat histories. The Twitter ...