Ransomware

RA World, an emerging ransomware group, has been increasingly active since March 2024, using a multi-extortion tactic to steal data and threaten to leak it if the ransom is not paid.  Their leak site shows...

Since ESXi servers host multiple virtual machines, which attract the threat actors most, a successful breach of these servers could enable threat actors to gain access to a multitude of valuable data and control...

BianLian emerged in 2022, and after its emergence rapidly, it became one of the three most active ransomware groups.  They started their operations by exploiting RDP, ProxyShell, and SonicWall VPN vulnerabilities.  The cybersecurity researchers at Juniper...

Ransomware continues to loom large over the cybersecurity landscape, causing significant damage to individuals and organizations alike. With the difficulty of recovering encrypted files and the potential exposure of stolen data, it is essential...

Researchers discovered a flaw in the DoNex ransomware's encryption scheme, allowing them to create a decryptor for DoNex and its predecessors (Muse, fake LockBit 3.0, DarkRace).  The decryptor has been secretly provided to victims since...

A novel malware known as Volcano Demon has been observed targeting Windows workstations and servers, obtaining administrative credentials from the network. The threat actor doesn't have a leak site and instead uses phone calls to...

Linux servers often provide hosting for critical applications, websites, and databases, which makes them a lucrative target for intruders to get unauthorized access to steal data and manipulate services. Exploiting security holes in Linux servers...

CSHARP-STREAMER, a Remote Access Trojan (RAT), was identified during an investigation of a ransomware attack using Metaencryptor, with a Powershell loader deploying CSHARP-STREAMER, which utilizes publicly available techniques, including AMSI-Memory-Bypass and XOR-decryption.   These parts were...

The Health Sector Cybersecurity Coordination Center (HC3) has issued a critical alert regarding a new ransomware strain, Qilin, which is targeting healthcare organizations worldwide. This revelation underscores the escalating cyber threats facing the healthcare...

Hackers often attack ESXi systems, as they are widely used in enterprise environments to manage virtualized infrastructure, making them lucrative targets. Threat actors can exploit security flaws in ESXi to deploy ransomware and perform other...