RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware.
Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. Despite shared origins, it is unlikely that Knight’s creators are now operating RansomHub.
Read more…
Source: Symantec
Related:
- DDoS Attacks Get Bigger, Smarter and More Diverse
July 17, 2018
DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet’s oldest nemeses. Distributed denial of service attacks, bent on taking websites offline by overwhelming domains or specific application infrastructure with massive traffic flows, continue to pose a major challenge to businesses of all stripes. Being ...
- 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat
July 12, 2018
Old banking malware called Dorkbot has reemerged in 2018 to become a serious threat. The banking malware called Dorkbot is back. Samples of the 6-year-old malware are now ranked the second biggest banking malware headache in 2018 so far, according to new data from Check Point. “Dorkbot, known malware that dates back to 2012, has entered back the ...
- Ticketmaster breach ‘part of massive card-skimming campaign’
July 12, 2018
The Ticketmaster breach was not a one-off, but part of a massive digital credit card-skimming campaign. Threat intel firm RiskIQ reckons the hacking group Magecart hit Ticketmaster only as part of a massive credit card card hacking campaign affecting more than 800 ecommerce sites. Magecart has evolved tactically from hacking sites directly, to targeting widely used third-party ...
- Deceased Patient Data Being Sold on Dark Web
July 11, 2018
Why are hackers selling medical records of deceased patients? It is no shocker medical records are a prime target for cybercriminals. But less intuitive is the market for medical records of the deceased on the dark web. We took a closer look at the reason behind this strange trend. Here is what we found. First off, despite ...
- China-based hackers take an interest in Cambodia’s elections
July 11, 2018
A US-based security researcher has accused China of interfering in Cambodia’s forthcoming national election. Security vendor FireEye says it has spotted a large-scale Chinese phishing, intrusion, remote access trojan (RAT), and data exfiltration operation targeting the poll. FireEye attributed the activity to a group dubbed “TEMP.Periscope”, previously more closely associated with targeting American engineering and maritime operations. The FireEye post ...
- Cyber attacks are now a matter of when not if for UK businesses
July 2, 2018
For a growing number of UK companies, being hit by a cyber breach is not a matter of ‘if’ – it’s a matter of ‘when’. This is according to a new report by KPMG based on a poll of 150 UK leaders. When compared to the rest of the world, though, the UK is performing well, as according to ...