…
Search Results for: ransomhub
offered for sale on underground forums in February 2024 after Knight’s developers decided to shut down their operation. It is possible that other actors bought
[Update] April 8, 2024: “From ALPHV to RansomHub: Change Healthcare” A new threat actor has emerged in the ransomware landscape, distinguishing themselves by making claims
The ransomware landscape in 2025 is marked by the collapse and absorption of established groups like RansomHub, LockBit, Everest, and BlackLock, creating instability within the criminal ecosystem. Meanwhile, the new ransomware group Qilin is rising rapidly with advanced cross-platform malware, comprehensive affiliate services, and innovative features redefining ransomware-as-a-service models. #RansomHub #LockBit…
In the Take Command 2025 session, experts highlighted how ransomware operations have evolved into organized businesses using sophisticated tactics like secondary extortion and affiliate networks. They emphasized the need for defenders to move beyond static indicators toward context-rich, behavioral threat intelligence and proactive attacker-informed strategies. #RansomHub #RansomwareEconomics
Ransomware campaigns increasingly use the SocGholish loader, infecting websites and delivering malware via fake browser updates. This enables credential theft through legacy protocols and spreads
UNC3944 is a financially-motivated threat actor targeting various sectors with tactics including social engineering, ransomware, and data theft. Their operations have broadened since 2023, affecting
Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates have been found as of March 2025. As many other ransomware groups, Interlock has a […]
La publication suivante Interlock ransomware evolving under the radar est un article de Sekoia.io Blog.
ReliaQuest’s report analyzed incidents from December 2024 to February 2025, revealing a surge in attacks by financially motivated actors targeting vulnerabilities in external remote services
Ransomware attacks continue to be a significant threat worldwide, with victims facing average ransom demands of .5 million in 2024. A report has identified 10
Ransomware attacks, specifically the so-called Babuk Locker 2.0, have resurfaced in 2025, attributed to groups named Skywave and Bjorka. Investigations reveal that Babuk Locker 2.0
This week’s threat intelligence report reveals an analysis of multiple cyber threat reports. Key highlights include espionage tactics from APT groups, sophisticated malware deployments, and
This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape.
La publication suivante Cyber threats impacting the financial sector in 2024 – focus on the main actors est un article de Sekoia.io Blog.
This report analyzes various cyber threats targeting diverse sectors, with a focus on malicious campaigns and tools utilized by actors from different regions. Notably, the