Mar 07, 2025Ravie Lakshmanan Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in … [Read more...] about FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
ransomware
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Mar 04, 2025Ravie LakshmananCybercrime / Threat Intelligence Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants … [Read more...] about Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
CrowdStrike Falcon Earns Perfect Score in SE Labs’ Ransomware Evaluation
In the 2024 SE Labs Enterprise Advanced Security (EDR) Ransomware Test, the CrowdStrike Falcon platform achieved a perfect score of 100% in detection, protection, and accuracy, earning the prestigious AAA Award for Advanced Security EDR Protection for the third time in a row. The Falcon platform detected and blocked 100% of ransomware files and protected endpoints across … [Read more...] about CrowdStrike Falcon Earns Perfect Score in SE Labs’ Ransomware Evaluation
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice … [Read more...] about LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
CrowdStrike Named a Leader in GigaOm Radar for Ransomware Prevention
GigaOm noted in its report that a broad platform approach is often required to protect customers from ransomware — and CrowdStrike delivers. “CrowdStrike offers a broad security platform that covers endpoint protection, identity protection, cloud security, IT automation, next-gen SIEM and more. [The] Falcon platform enables comprehensive ransomware detection, prevention, and … [Read more...] about CrowdStrike Named a Leader in GigaOm Radar for Ransomware Prevention
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
Dec 09, 2024Ravie LakshmananThreat Intelligence / Malware The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by … [Read more...] about Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
Nov 30, 2024Mohit KumarRansomware / Cybercrime A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt … [Read more...] about Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Oct 30, 2024Ravie LakshmananRansomware / Threat Intelligence Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, … [Read more...] about North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions
Oct 26, 2024Ravie LakshmananCybercrime / Malware Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg … [Read more...] about Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
Oct 24, 2024Ravie LakshmananRansomware / Cybercrime Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI … [Read more...] about New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics