Malware utilizes a multitude of techniques to avoid detection, and threat actors are continuously uncovering and exploiting new methods of attack. One of the less common techniques includes the exploitation of the Windows Restart Manager. To stay ahead of malicious authors, it is important to be aware of them and understand how they work.

Raccoon Stealer malware reappears, AI adoption remains low among threat actors, and Monti ransomware targets VMware ESXi servers with new Linux locker.

As an Internet user, you may face various terrible cases of data theft or illegal perversion by third parties into your personal virtual space. Of course, any attack on your device is unpleasant, but in some situations, a ransomware attack can have immense consequences for you and your data. This is why we are talking about one of the possible types of cybercrimes that threaten our digital safety: ransomware attacks. Ransomware is a category of malware that enables hackers to access their target's files.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Akira ransomware, 8base ransomware, and Rorschach (BabLock) ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Today, cyberattacks pose the most significant threat to an organization’s data. The Spring 2023 Rubrik Zero Labs report, based on research from over 1,600 IT and Security professionals, revealed that 99% of IT and security leaders were informed of at least one attack in their own environment in 2022.

Ransomware attacks do not simply start and end with a locked computer screen and a ransom note. They unravel as intricate narratives, leaving a trail of financial wreckage, operational interruptions, and reputational damage in their wake. These attacks bear significant costs. In 2022, the average cost of a ransomware attack was a whopping $4.54 million, per IBM Security and the Ponemon Institute. And that does not include the actual ransom payment itself.

The Sysdig Threat Research Team (TRT) recently discovered a new, financially motivated operation, dubbed LABRAT. This operation set itself apart from others due to the attacker’s emphasis on stealth and defense evasion in their attacks. It is common to see attackers utilize scripts as their malware because they are simpler to create. However, this attacker chose to use undetected compiled binaries, written in Go and.NET, which allowed the attacker to hide more effectively.

The Rhysida ransomware as a service (RaaS) group was first revealed in May 2023. Since then, the group has claimed 41 victims, including some high-profile ones such as the Chilean army and five educational institutions in the U.S. The group is also suspected to be behind the attack against Prospect Medical Holdings, which affected 17 hospitals and 166 clinics in the U.S., although Prospect is not listed as a victim on Rhysida’s website.

Grab a cup of coffee, and let's talk about something that's been making waves in the cybersecurity world: ransomware. You've probably heard about the alarming rise in ransom payments, but did you know that ransom monetization rates have actually fallen to a record low? It's a complex and evolving landscape, and we're here to break down the recent very interesting Coveware report for you.

According to a new report, cybercriminals are making full use of AI to create more convincing phishing emails, generating malware, and more to increase the chances of ransomware attack success. I remember when the news of ChatGPT hit social media – it was everywhere. And, quickly, there were incredible amounts of content providing insight into how to make use of the AI tool to make money.