Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Malware

AsyncRAT loader: Obfuscation, DGAs, decoys and Govno

AT&T Alien Labs has identified a campaign to deliver AsyncRAT onto unsuspecting victim systems. During at least 11 months, this threat actor has been working on delivering the RAT through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat actor is persistent in their intentions.

Black Basta Ransomware Decryptor Released to Help Some Victims

A flaw found by security researchers in the encryption software allows victim organizations to use “Black Basta Buster” to recover some of their data – but there’s a catch. We’ve all heard – for as long as ransomware attacks have been happening, you either need to pay the ransom or recover from backups. But a third option has now sprouted up on GitHub.

Microsoft Turns Off a Significant Windows App Install Mechanism Known for Spreading Malware

This mechanism is intended to simplify installing Windows apps after cybercriminals started using it to spread malware loaders that resulted in ransomware and backdoor outbreaks. The feature in question is called the ms-appinstaller consistent resource identifier plan, and its initial purpose was to make deploying Windows programs to devices simpler.

Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware

Arctic Wolf Labs is aware of several instances of ransomware cases where the victim organizations were contacted after the original compromise for additional extortion attempts. In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organizations, offering to hack into the server infrastructure of the original ransomware groups involved to.

Lockbit 3.0 Ransomware Disrupts Emergency Care at Multiple German Hospitals

Hitting three hospitals within a Germany-based hospital network, the extent of the damage in this confirmed ransomware attack remains undetermined but has stopped parts of operations. It appears that affiliates of ransomware gangs have forgotten the golden rule – you don’t hit hospitals. It’s one thing to disrupt operations at a regular brick and mortar business. But hitting a business where someone’s life could be literally placed in jeopardy because a system is unavailable?

Boston-Based Community College, Bunker Hill, Updates on 2023 Ransomware Event

Bunker Hill Community College (BHCC) serves a population of about 13,000 across two campuses and dispersed locations. BHCC offers over 100 degrees, including arts, sciences, business, health, law, and STEM opportunities. In May 2023, BHCC experienced a ransomware event—officials responded by taking their systems offline—but the threat was successful nonetheless. The assailants stole an estimated 195,588 records in their attack.

Computer Worm vs Virus: What's the Difference?

The main differences between a worm and a virus are how they spread and how they are activated. Worms spread automatically to devices through a network by self-replicating, whereas viruses spread by attaching themselves to files or programs. Worms don’t need human interaction to activate and infect a device, whereas viruses do. Continue reading to learn more key differences between worms and viruses and how to keep your devices and data safe from both types of malware.

The Nature of the Beast Ransomware

Monster, a novel Ransomware-as-a-Service (RaaS) built on Delphi, surfaced in March 2022 and caught the attention of the BlackBerry Incident Response (IR) team during an incident investigation. After its initial appearance, Monster’s capabilities and its ransomware partnership program were promoted on the Russian Anonymous Marketplace (RAMP) in June. The mastermind behind Monster ransomware later introduced an enhanced version named Beast Ransomware, incorporating advanced features.