In recent months, news outlets have reported a surge in double extortion ransomware attacks by Black Basta, a notorious ransomware-as-a-service (RaaS) threat group first identified in early 2022. The actor is sophisticated, often utilizing a unique set of tactics, techniques and procedures (TTPs) to gain a foothold, spread laterally, exfiltrate data and drop ransomware. However, Kroll has observed Black Basta sometimes utilizing similar TTPs across multiple incidents.

Ransomware attacks are rising. Verizon’s 2022 Data Breach Investigation Report found that nearly a quarter of all cyber attacks in the manufacturing industry are ransomware attacks. Why the surge? While the world is still recovering from the pandemic, global markets are dealing with massive economic uncertainty and recession fears. And cybercriminals sense an opportunity.

This week, UK’s Postal Service, Royal Mail has been hit with a Ransomware attack, which put the countries sensitive data at risk. In this blog post, we’ll take a look at what ransomware is, how it can affect businesses and individuals, and what we’ve learnt from this huge scale attack. Stay tuned for more updates on this developing story.

This blog post will provide an analysis of the malicious Redline Infostealer payloads which have been taken from a real life malware incident, responded to and triaged by the ThreatSpike SOC team. This analysis will be broken down to demonstrate, describe and explain the various stages of the attack chain.

Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active campaign, launched by a threat actor named Earth Bogle.

It's no surprise if you have heard about LockBit. It is the world's most active ransomware group - responsible for an estimated 40% of all ransomware infections worldwide. I guess LockBit does the usual bad stuff - encrypt your data, steal your files, dump a ransom note on your PC... Yes.

Ransomware has gone global. While 2022 saw a reprieve in the sheer number of ransomware attacks (the attack rate dropped at the same time as the war between Russia and Ukraine began), it also saw the rise of ransomware-as-a-service, the proliferation of attacks of major organizations, and attacks that stretched across time zones and borders. In 2022, nine of our top 20 breaches involved ransomware (45%), affecting millions of individuals and their private data. That is up 15% over 2021.

PyPI packages use Cloudflare tunnels to bypass firewalls, new Raspberry Robin malware variant targets financial institutions in Portugal and Spain, and IcedID malware strikes again.

Recovery Time Objectives (RTOs) are on everyone’s mind. It bears repeating, one of the most fundamental ways to reduce recovery time from a ransomware or cybersecurity attack is being well prepared and ready to take actions quickly and effectively. This is one of the many variables firmly within a customer’s control and key to a faster and more efficient recovery process. A ransomware attack can be one of the most stressful events an organization and its employees will encounter.

It's incredibly important that you learn the latest cybersecurity threats that can threaten a business in 2023. Learn them here.