AvosLocker Ransomware (RaaS): A New Ransomware Group Emerges

AvosLocker recently made headlines as a new ransomware-as-a-service (RaaS) that commenced operations in June, represented by a purple bug brand logo. Operating based on a similar modus operandi to most RaaS, AvosLocker has started promoting its RaaS program via various forums on the dark web in its search for affiliates. AvosLocker’s primary mode of malware …

Conti Ransomware (RaaS): A New Wage-Paying Affiliate Model

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Sep 22 around the CONTI Ransomware Group, providing detailed information regarding its exploits and affiliates. Together with the Federal Bureau of Investigation (FBI), they have seen Conti ransomware in over 400 attacks targeted on international enterprises. A PDF version of the advisory which contains …

BlackMatter Ransomware: A New Ransomware-as-a-Service (RaaS)

Following the recent trend in ransomware affiliates, BlackMatter has emerged as the latest ransomware-as-service (RaaS). According to Threat Intelligence company Recorded Future, BlackMatter has announced that they have “incorporated in itself the best features of DarkSide, REvil, and LockBit” as mentioned in an interview. Black Matter cited the following inspirations from each of their partner …

The resurgence of RansomEXX

RansomEXX recently gained notoriety due to its attack on Gigabyte, a well-known hardware manufacturer from Taiwan and an attack against Italy’s Lazio Region. The result of the first attack was the theft of 112GB of business data, and the second crippled the national COVID-19 Vaccination Registration Portal for 6 million people. Though it initially started …

A New Era of Ransomware and its Affiliates: LockBit 2.0

Following REvil’s sudden disappearance, the empty niche in the RaaS (Ransomware as a Service) ecosystem has quickly been occupied by a new actor: LockBit that recently unveiled their LockBit 2.0 ransomware, capable of impressive encryption speeds – according to their own benchmarks – a full-fledged exfiltration service and a new affiliate program. Soon after its …

The rising danger of ransomware: the Kaseya case, how it happened, and how to defend yourself

By Alberto Pelliccione, CEO – ReaQta The Revil hacker group managed to obtain a 0-Day to gain access to Kaseya VSA, a management software for IT infrastructures, using it as a conduit to spread ransomware to those MSPs using the platform. Supply-chain attacks are extremely effective and such threats are rising in frequency and complexity. …

Understanding the Avaddon Ransomware: Is your organization equipped to stop zero-day threats?

Recently, The Financial Times reported that Asian subsidiaries of a French Global insurance company were hit by a latest ransomware attack known as Avaddon. Attackers seized 3TB of data, impacting IT operations in Thailand, Malaysia, Hong Kong and the Philippines, taking hold of sensitive information like medical records and hospital data. What is Avaddon ransomware …

Detecting HAFNIUM Exchange Exploitation Campaign with ReaQta-Hive

A hunting query to identify post-exploitation activities Customized Detection Strategy (DeStra) to detect future exploitation attempts On the 11th of March, Microsoft reported an active exploitation campaign of several zero-day vulnerabilities affecting on-premise versions of Microsoft Exchange Servers allegedly from a state-sponsored adversary, HAFNIUM. The attack starts by exploiting vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and …

Leonardo S.p.A. Data Breach Analysis

ReaQta Threat Intelligence Team identified the malware used in an exfiltration operation against the defence contractor Leonardo S.p.A. The analysis of the malware, which we dubbed Fujinama, highlights its capabilities for data theft and exfiltration while maintaining a reasonably low-profile.

Close Bitnami banner
Bitnami