RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware.
Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. Despite shared origins, it is unlikely that Knight’s creators are now operating RansomHub.
Read more…
Source: Symantec
Related:
- Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
November 13, 2018
Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security. Reports of unauthorized network intrusions that have compromised enterprise security, resources, and data, plague experts on a day-to-day basis, and will continue to do so if not prevented by a more efficient detection system or method. Currently, attackers use polymorphism, ...
- Cathay Pacific hack: Airline admits techies fought off cyber-siege for months
November 12, 2018
Fresh from belatedly admitting that 9.4 million passengers’ personal data was stolen by hackers, Hong Kong airline Cathay Pacific has now admitted that it was under attack for three solid months before it took half a year to tell anyone. In its initial public statement on the hack, which saw names, nationalities, dates of birth, addresses, ...
- EUROPOL: Internet Organised Crime Threat Assessment 2018
November 12, 2018
It is my pleasure to introduce the 2018 Internet Organised Crime Threat Assessment (IOCTA), not only as it is the fifth anniversary edition of the report, but also my first as the Executive Director of Europol. The IOCTA has been and continues to be a flagship strategic product for Europol. It provides a unique law enforcement ...
- Emotet Campaign Ramps Up with Mass Email Harvesting Module
November 12, 2018
The new variant can exfiltrate emails for a period going back 180 days, en masse. A large-scale spam campaign has launched, spreading the Emotet banking trojan. Worryingly, the offensive has launched about a week after a fresh module for mass email-harvesting was detected for the malware. Emotet is technically a banking trojan, but it’s most often used ...
- Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw
November 7, 2018
A sophisticated proxy code has infected hundreds of thousands of devices already. A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam. The botnet first emerged in September, according to 360Netlab telemetry, ...
- Healthcare Targeted by 37 Percent of All Ransomware Attacks in Q3 2018
November 7, 2018
During the third quarter of 2018 ransomware attacks were at an all-time high and the ransoms asked from organizations to decrypt the locked files were also on the rise according to a report from Beazley Breach Response (BBR) Services. According to their analysis, the number of ransomware attacks more than doubled during September when compared to ...