Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over the last two years, CrowdStrike Services has run several incident response (IR) engagements — in both pre- and post-ransomware situations — in which different ALPHA SPIDER affiliates demonstrated novel offensive techniques coupled with more commonly observed techniques. The events described in this blog have been attributed to ALPHA SPIDER affiliates by CrowdStrike Counter Adversary Operations.

Weak passwords can lead to ransomware attacks because they can be easily compromised through password-cracking techniques, allowing cybercriminals to gain access to an organization’s network where they can then inject ransomware. Often, when people think of the causes of ransomware infections, their first thought is it was caused by a phishing email.

Sugarlocker Summary On February 23, 2022, the operator linked to the SugarLocker ransomware, utilizing the pseudonym "gustavedore," was conspicuously seeking new partnerships on the Dark Web. SugarLocker operates through a highly flexible Ransomware-as-a-Service (RaaS) framework, facilitating extensive customization for its users in the clandestine corners of the Dark Web.

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the hacker/malware space since I began. The same threats that were a problem then are the same problems now. Social engineering and unpatched software (and firmware) have long been the two biggest initial root causes for hacking…for decades.

Some of the most common ways ransomware is delivered are through phishing emails, drive-by downloads, exploit kits and RDP exploits. According to Malwarebytes’ 2024 State of Malware report, in 2023 the number of known ransomware attacks increased by 68% from the previous year. The report also found that the largest ransom demanded in 2023 was $80 million.

February 28, 2024 | By Sagi Brody As the Chief Technology Officer at Opti9, I’ve spent over two decades navigating the ever-evolving landscape of digital infrastructure. According to the Ransomware Trends Report 2023, at least 93% of cyberattacks targeted backup infrastructure. Clearly, cyber criminals are becoming more proficient in the ability to take your data for ransom.

Since July 2022, Bitsight has been tracking PrivateLoader, the widespread malware downloader behind the Russian Pay-Per-Install (PPI) service called InstallsKey. At the time, this malware was powering the now decommissioned ruzki PPI service. Figure 1 presents a brief description of the service, which was found in their sales telegram channel. Fig. 1 - Service description on telegram channel profile (Russian and English).