In today’s business environment, the risk of a ransomware attack is high and continues to grow. Threat actors are well financed, motivated, and very organized. While securing your environment and infrastructure is critically important, preparation to respond to an actual ransomware attack is essential. With an incalculable number of potential vulnerabilities and attack vectors, you have to be prepared to effectively respond to and recover from an attack.

Over the past few months, a new info stealer has emerged. Erbium Stealer is developed by an underground Russian-based group that has been operating since July. The group seems to work very professionally, creating proper documentation and keeping their clients in the loop regarding new features on an almost weekly basis, via their Telegram channel.

The Mirai botnet is infamous for the impact and the everlasting effect it has had on the world. Since the inception and discovery of this malware in 2016, to present day and all the permutations that have spawned as a result, cybersecurity professionals have been keeping a keen eye on this form of Command and Control (C2 or CnC) malware and associated addresses.

Using the ChangeNTLM and SetNTLM commands in Mimikatz, attackers can manipulate user passwords and escalate their privileges in Active Directory. Let’s take a look at these commands and what they do.

2022 began with successful ransomware attacks against global IT and digital transformation providers, no thanks to the notorious LAPSUS$ ransomware gang. Often, any discussion about ransomware impact has mostly centered on affected organizations. Rightly so, as victimized organizations usually suffer significant disruption to their operations. In 2021, the US Federal Bureau of Investigation received 3,729 complaints identified as ransomware.

LockBit (a.k.a. ABCD) emerged in September 2019 and became one of the most relevant RaaS (Ransomware-as-a-Service) groups among others like REvil, BlackMatter, Night Sky, Maze, Conti and Netwalker. The group targets many organizations around the world with a double-extortion scheme, where the attackers steal sensitive data and threaten to leak everything if the ransom is not paid.

‍The NSO Group, the vendor behind Pegasus, is struggling financially, and to solve their money problems, the company is now considering selling their surveillanceware to governments with poor human rights records.

People have become the primary attack vector for cyber attackers around the world. As the Verizon Data Breach Investigations Report 2022 indicates, it is humans rather than technology that now represent the greatest risk to organizations. According to the SANS 2022 Security Awareness Report, the top three security risks that security professionals are concerned about are phishing, business email compromise (BEC) and ransomware, all closely related to human behavior.

Lockbit3.0 is the number one ransomware group in the ransomware industry. The group’s operations are so vast and powerful, that we have witnessed weeks where Lockbit’s victim count was more than all other ransomware families altogether. Ever since Conti’s leaks, Lockbit overtook the ransomware throne without any intention of going down anytime soon.

The State of Ransomware in Government 2021 report finds that government agencies are facing a ransomware “national emergency.” Local governments in particular face higher rates of encryption during cyber attacks due to constrained budgets and organizational pressure to divert funds away from cybersecurity, leaving gaps in their data protection.