IBM X-Force researchers dissect ITG23’s crypter operations, revealing a sprawling ecosystem where ITG23 and partner groups crypt, distribute, and deploy malware across Trickbot, Emotet, IcedID, Qakbot, MountLocker, Gozi, and more. The findings show a highly co…
Tag: RAAS
FortiGuard Labs reports a Chaos ransomware variant that appears to side with Russia, delivering destructive payloads and offering no decryption option. The malware encrypts small files with AES-256 (RSA-wrapped keys) and fills larger files with random data, wh…
BlackCat (ALPHV) is a Rust-based ransomware-as-a-service operation linked to BlackMatter and REvil lineage, notable for cross-platform samples and a sophisticated exfiltration workflow using Fendr/ExMatter. Telemetry suggests a close tie to past BlackMatter ac…
Trend Micro’s Managed XDR team uncovered a campaign where SocGholish drops a BLISTER loader that in turn delivers the LockBit ransomware, highlighting layered evasion and loader-to-beacon chaining. The investigation details how these loaders operate together, …
Threat actors exploit timely events with phishing emails to harvest PII and establish footholds, using Emotet delivered through Excel 4.0 macros in tax-season and Ukraine-related scams. Fortinet FortiGuard Labs observed these campaigns and highlights defenses …
ThreatLabz analyzes Thanos-based ransomware variants (Prometheus, Haron, Spook, and Midas) to show how operators shifted tactics in 2021, using RaaS builders, double extortion, and variant revamps to extend campaigns. The Midas variant encrypts files with Sals…
BlackBerry Threat Intelligence identifies LokiLocker as a new RaaS ransomware family that encrypts Windows files using AES-256 and RSA-2048, with virtualization protection via KoiVM/NETGuard to hinder analysis. The campaign also features a possible false-flag …
Talos analyzes how BlackCat/ALPHV operates as a growing ransomware-as-a-service with affiliates linked to prior groups like BlackMatter and DarkSide, outlining how the affiliates evolved the operation and used shared infrastructure. The piece details attack fl…
Trend Micro researchers present evidence that Nokoyawa ransomware is likely connected to Hive, sharing parts of the attack chain, tools, and even infrastructure, with most Nokoyawa targets in Argentina. The analysis also highlights similarities and key differe…
Picus Security analyzes LockBit 2.0 ransomware, detailing its evolution as a RaaS operator, its anti-detection techniques, and its methods to disrupt victim recovery and logging. The post also lists IOCs and maps LockBit 2.0 behaviors to MITRE ATT&CK technique…
Sugar RaaS describes a new ransomware-as-a-service model focusing on individual machines and reusing components from other ransomware families. The article details the crypter, a Delphi-based ransomware sample, ransom notes, and IOCs including domains, an onio…
BlackCat is a Rust-based RaaS that targets Windows and Linux with configurable encryption and extortion features, delivering payloads via third-party frameworks or exposed apps and demanding high ransoms. It markets affiliates on underground forums, maintains …
Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises,…
The post Babuk Ransomware appeared first on McAfee Blog….