A ransomware attack can demoralize or debilitate organizations quite like no other. Not only does ransomware strike a company's morale, but it also causes massive financial losses along with reputational damage that could prove difficult to repair. Cybersecurity Ventures predicted global ransomware damage costs to reach $20 billion annually in 2021, up from $325 million in 2015. In eight years from now, the costs will exceed $265 billion.

In today's rapidly evolving cyber landscape, modern adversaries constantly advance their methods to circumvent traditional defenses. At Trustwave, recent observations have unveiled the resurgence of the BlackCat group following its disruption by the US Justice Department on December 19, 2023.

An alternate point of view to the one you are hearing My first reaction when I heard the news of the merger between Veritas and Cohesity was one of jubilation. I've personally battled Cohesity and Veritas. I thought to myself, this is actually great news for all three companies.

The Kroll CTI team observed a campaign using a new malware that appears to be very similar to BABYSHARK, previously reported to have been developed and used by the APT group Kimsuky (KTA082). The malware was deployed as part of an attempted compromise that was detected and stopped by the Kroll Responder team. The activity started with exploitation of a recently addressed authentication bypass in the remote desktop software ScreenConnect, developed by ConnectWise.

In today’s digital age, ransomware attacks have emerged as one of the most formidable threats to organizations worldwide. These malicious software attacks encrypt files on a device, rendering them inaccessible to users, and demand a ransom for decryption keys. The impact of ransomware can be devastating, leading to significant financial losses, operational downtime, and reputational damage.

Organizations worldwide use Active Directory (AD) as their primary identity service, which makes it a top target for ransomware attacks. This article explains how adversaries exploit Active Directory during ransomware attacks and provides strategies and tools for defending against this modern menace.

Weak passwords can lead to ransomware attacks because they can be easily compromised through password-cracking techniques, allowing cybercriminals to gain access to an organization’s network where they can then inject ransomware. Often, when people think of the causes of ransomware infections, their first thought is it was caused by a phishing email.

Over the last two years, CrowdStrike Services has run several incident response (IR) engagements — in both pre- and post-ransomware situations — in which different ALPHA SPIDER affiliates demonstrated novel offensive techniques coupled with more commonly observed techniques. The events described in this blog have been attributed to ALPHA SPIDER affiliates by CrowdStrike Counter Adversary Operations.

Qilin operates as an affiliate program for Ransomware-as-a-Service, employing a Rust-based ransomware to target victims. Qilin ransomware attacks are often tailored for each victim to maximize their impact, utilizing tactics like altering filename extensions of encrypted files and terminating specific processes and services.

Sugarlocker Summary On February 23, 2022, the operator linked to the SugarLocker ransomware, utilizing the pseudonym "gustavedore," was conspicuously seeking new partnerships on the Dark Web. SugarLocker operates through a highly flexible Ransomware-as-a-Service (RaaS) framework, facilitating extensive customization for its users in the clandestine corners of the Dark Web.