Ransomware attacks continue to plague organizations globally regardless of their size. In a press release by the NCC group that preceded the Annual Threat Monitor Report 2021 published for the year 2021, there were an estimated 2,690 ransomware attacks, a 92.7% increase from 2020s figures of 1,389. The increase of ransomware attacks builds upon the general gradual rise in cyber-attacks in the wake of the COVID-19 pandemic. Ransomware accounted for roughly 65.4% of global cyber incidents in 2021.

The first quarter of 2022 was rich with many unusual incidents of new ransomware groups, and new techniques. The most notable event of Q1 was without a doubt the ContiLeaks incident, courtesy of the Russia-Ukraine conflict, which lasted till not long ago, at the end of Q2. As the shockwaves of the Russia-Ukraine conflict have faded, when it comes to the ransomware industry, we have seen many families going “back to business”.

As the cyber world grows day by day and makes our lives easier and more efficient, hidden threats and risks also increase. One of them is Ransomware, an expensive and ever-growing cyber threat on organizations’ critical data, files, or any other critical information from the past few years. Here the victim pays the ransom amount for his data locked by the attacker.

During the recent Rootedcon conference in Spain, we delivered a talk about ransomware, and this blog post serves as a commentary of the insights presented about Ransomware as a Service (RaaS): how it really works; how the threat actors operate these attacks; and how organizations can analyze the attacks and take preemptive measures in the event of future attacks.

In January 2022, Microsoft announced that Excel 4.0 macros would be restricted by default, to protect users from malicious macros. In February 2022, Microsoft announced that VBA macros would also be blocked for files downloaded from the internet. Cybersecurity professionals and enthusiasts rejoiced at the news! Malicious Office documents were running rampant. Attackers abused Microsoft Office macros to deliver BazarLoader and Trickbot, and remote access trojans like AveMaria and AgentTesla.

Today CrowdStrike sent the following Tech Alert to our customers: On July 8, 2022, CrowdStrike Intelligence identified a callback phishing campaign impersonating prominent cybersecurity companies, including CrowdStrike. The phishing email implies the recipient’s company has been breached and insists the victim call the included phone number.

Microsoft SharePoint Online is one of the most widely used content management platforms. Unfortunately, Proofpoint recently discovered that threat actors can abuse a feature in SharePoint Online and OneDrive for Business to encrypt all of your files and hold them ransom.

Due to the proliferation of cloud-native environments, ransomware attacks have increased dramatically in recent years. Cybercriminals can access a variety of ransomware tools from anywhere in the world at a moment’s notice. This capability has produced an entire economy of Ransomware-as-a-service (RaaS). Despite significant investment in real-time infrastructure security tools, organizations are failing to quickly identify and recover from an attack.

WatchGuard has obtained OPSWAT's GOLD distinctive insignia as a certified provider, demonstrating that its applications are powerful, reliable, and efficient. Products that receive the OPSWAT GOLD certification, such as WatchGuard EPDR, are highly compatible with the industry's leading NAC and SSL-VPN solutions, such as Citrix Access Gateway, Juniper Host Checker, F5 FirePass, etc. Gold-certified products can be detected by these solutions, and some remediation and evaluation actions are supported.

Read also: RansomHouse extortion gang allegedly stole 450GB of data from AMD, one of Iran’s major steel companies was hit by a cyberattack, and more.