Sodinokibi, also known as REvil, was one of the most persistent and dangerous ransomware variants throughout 2020 and 2021, having demanded ransoms as high as $70 million. It’s understandable that the cybersecurity community breathed a sigh of relief when Sodinokibi abruptly disappeared in July. Alas, just a few months later, in September of 2021, the…
Major ransomware gangs, including Avaddon, DarkSide, and REvil, dissolved in Q2 2021, but the relief was short-lived. New and potentially more dangerous gangs quickly moved to take their place. Probably the most notable of these new threats is the BlackMatter ransomware gang. BlackMatter recently made headlines by compromising the networks of Japanese medical imaging giant…
As part of our work in ransomware removal and prevention, we conduct detailed investigations into the methods used by ransomware gangs. The Sodinokibi ransomware gang, also known as REvil, is without a doubt one of the most prolific and effective groups currently active. By some estimates, it may be responsible for as many as…
Cobalt Strike is an important tool in the cybersecurity arena. It’s an intensive commercial penetration testing toolkit used for different levels of intrusion. Cobalt Strike gives your pen-testers access to a wide range of attack capabilities and can be used to test your entire network for spear-phishing and other unauthorized access attempts. The toolkit emulates…
If you thought drive-by downloads are a thing of the past, you may be surprised by the increasing number of these attacks in 2020. Drive-by downloads have become a prominent threat primarily due to the current increase in pre-packaged kits used by hackers to launch more sophisticated attacks with little technical skill requirements. In fact,…
Google was recently forced to patch a serious cross-site scripting (XSS) vulnerability on your favorite email client, Gmail. The Gmail vulnerability was discovered by an ethical hacker and chief security researcher at Securitum, Michal Bentkowski. The serious vulnerability was found in one of Gmail’s features known as the Accelerated Mobile Pages for Mail (AMP4Email), which…
Cryptocurrency and the rise in ransomware attacks The vast majority of successful businesses have become an increasingly attractive target for ransom attacks where hackers hold data hostage, and lock entire infrastructures in demand of ransom payment. Unfortunately, until now, many corporate executives consider ransomware attacks to be just “another virus” not realizing the dire consequences…
What is a Leakware? Is it the same as a Ransomware attack? We have already studied what ransomware is and have a detailed blog post on what you should do in case of a ransomware attack. But what exactly is leakware? Let’s study it in depth. Leakware is seemingly a new strategy that is sometimes…
What is the Ransomware as a Service Model? And Why is it so dangerous? As economies have evolved, so have the business models within them. From barter trade to digital currencies, we can now simply purchase whatever, whenever we need. But we haven’t stopped there. Over the centuries, companies have realized that instead of making…
What are Exploits and How Are They Connected To Ransomware? Have you ever heard the term “exploitation”? Nobody likes to get exploited, taken advantage of, and then thrown away like a piece of paper! While we won’t be talking about emotions and relationships in this blog post, you get the idea, right? Exploits and ransomware,…
