RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware.
Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. Despite shared origins, it is unlikely that Knight’s creators are now operating RansomHub.
Read more…
Source: Symantec
Related:
- Cybercrime: Ransomware remains a ‘key’ malware threat says Europol
September 18, 2018
Targeted attacks replace spam campaigns, but Europol’s annual cybercrime report also warns that cryptojacking malware “may overtake ransomware as a future threat”. Ransomware remains the top malware threat to organisations, causing millions of dollars of damage and remaining a potent tool for cyber criminals and nation-state attackers. The rise of highly targeted file-locking malware campaigns and the ...
- US State Department confirms: Unclassified staff email boxes hacked
September 18, 2018
The US State Department has confirmed one of its email systems was attacked, potentially exposing the personal information of some of its employees. Uncle Sam’s officials said in a statement to The Register on Tuesday that “suspicious activity” in its email system led it to send out warnings to a number of employees whose personal information may have ...
- Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras
September 17, 2018
Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug. Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware. According to a Tenable Research Advisory issued Monday, the bugs are ...
- Bristol Airport blames hackers for three day technical meltdown
September 16, 2018
A cyber attack was the cause behind a three day technical meltdown, according to Bristol Airport. The airport’s information screens were out of service on both Friday and Saturday, with holidaymakers having to read departure times off whiteboards scattered around the airport. An airport spokesman said several systems were taken offline on Friday in a bid to ...
- Crooks Combine Phishing and Impersonation For Higher Success Rate
September 12, 2018
While phishing continues to be the prevalent threat in malware-less email-based attacks, cybercriminals refine their methods by adding an impersonation component to increase the success rate against company employees. Phishing emails are easy to deploy and do not require other preparation from the attacker than crafting a vague message that is sufficiently convincing for a large ...
- Osiris Banking Trojan Displays Modern Malware Innovation
September 12, 2018
Osiris’ fundamental makeup positions it in the fore of malware trends, despite being based on old source code that’s been knocking around for years. After staying dormant for few years, the Kronos banking trojan resurfaced in July in a form dubbed Osiris. A wider analysis of how the banking trojan is evolving shows innovative development on ...