News • Insights • Analysis
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware Read More …
Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the Read More …
The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024. RansomHub is Read More …
RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware. Analysis of the RansomHub payload by Symantec, revealed a high Read More …
The RaaS group LockBit that has been in operation since early 2020, grew to become one of the largest RaaS groups in the ransomware ecosphere and was responsible for 25% to 33% of all ransomware attacks in 2023. The group Read More …
Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Read More …
Subway has allegedly suffered a data breach at the hands of none other than the notorious LockBit ransomware gang. According to a media report, the ransomware-as-a-service provider added the sandwich makers to its data leak site earlier this week after Read More …
New evidence suggests that the popular Play ransomware is now being rented out to cybercriminals. Known as ransomware-as-a-service (RaaS), cybercriminals can pay to use the malware itself alongside the infrastructure needed to pull off an attack.This is a relatively new Read More …
The Rhysida group was first identified in May 2023, when they claimed their first victim. This group deploys a ransomware variant known as Rhysida and also offers it as Ransomware-as-a-service (RaaS). The group has listed around 50 victims so far Read More …
The Ransomware-as-a-Service (RaaS) market is a fast-moving one. Prominent RaaS or affiliate groups can form, wreak havoc, and disband all within a short period of time. In this blog, Group-IB researchers will detail what they believe to be a new Read More …
