Cyber Protection Operation Center

Acronis Security Team

Latest stories from Acronis Security Team

October 02, 2023 — 9 min read

Acronis

October 02, 2023 — 9 min read

BlackByte 3.0 uses vulnerable drivers to compromise systems

BlackByte is an example of ‘ransomware-as-a-service‘ (RaaS), and the threat actors behind it constantly upgrade their malware to keep customers satisfied. Recent changes have increased the complexity of cybersecurity analytics, while also introducing new anti-analysis and anti-debugging techniques.

September 08, 2023 — 4 min read

Acronis

September 08, 2023 — 4 min read

Acronis Cyberthreats Update, September 2023

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here — including malware, URL and ransomware statistics — were gathered in August of this year and reflect threats that we detected as well as news stories from the public domain.

August 08, 2023 — 8 min read

Acronis

August 08, 2023 — 8 min read

Acronis Cyberthreats Report, August 2023

The Acronis Cyberthreats Report covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here — including malware, URL and ransomware statistics — were gathered in July of this year and reflect threats that we detected as well as news stories from the public domain.

July 17, 2023 — 9 min read

Acronis

July 17, 2023 — 9 min read

8Base ransomware stays unseen for a year

8Base ransomware was first spotted in June 2023, with a massive number of targeted victims. It was later discovered that 8Base originated in March 2022 with the launch of an associated data leak site.

May 16, 2023 — 11 min read

Acronis

May 16, 2023 — 11 min read

RedLine Stealer: A malware-as-a-service info-stealer

Redline Stealer is a malware-as-a-service (MAAS) info-stealer that is offered in cybercriminal forums and on Telegram channels. The malware was first observed in February 2020 for Windows systems.

May 04, 2023 — 9 min read

Acronis

May 04, 2023 — 9 min read

Raccoon Stealer: A popular and dangerous threat

Raccoon Stealer, also known as Mohazo or Racealer, is an info-stealer malware that first appeared in 2019, and is available as malware-as-a-service (MAAS). Available as MaaS, it has already infected over 100,000 devices in the wild, across organizations and individuals, and became one of the most-mentioned attacks on underground forums.

April 28, 2023 — 9 min read

Acronis

April 28, 2023 — 9 min read

Malware with a “Money Message”

The purpose of Money Message ransomware is to encrypt files on a targeted computer, rendering the victim's system unusable. It was first reported on Twitter by the Zscaler ThreatLabZ research team.

April 26, 2023 — 5 min read

Acronis

April 26, 2023 — 5 min read

Maui: An active and dangerous data wiper

Maui is a wiper that is designed to delete or overwrite data on a computer or digital device, causing damage and disrupting operations. This malware was first discovered by the FBI in May 2021, and is presumed to have been developed under the guidance of North Korea.

March 29, 2023 — 9 min read

Acronis

March 29, 2023 — 9 min read

SwiftSlicer: A simple yet dangerous data wiper

On January 25, 2023, ESET Research found a new data wiper in the network of Ukrinform, Ukraine’s national news agency. Later, the Computer Emergency Response Team of Ukraine (CERT-UA) added that as of January 27, five additional, different malware samples were spotted in the network.

March 06, 2023 — 15 min read

Acronis

March 06, 2023 — 15 min read

IcedID (BokBot): From banking trojan to backdoor

IcedID, also known as BokBot, was initially a banking trojan when it was discovered in 2017. Now it is mostly used as an initial access broker for other malware. This malware typically uses malicious email attachments to infect victims' machines. It has been known to use various types of attachments — such as archives, Word and Excel files — but the latest attacks used OneNote files.

January 05, 2023 — 9 min read

Acronis

January 05, 2023 — 9 min read

Royal ransomware’s actors make high demands

Royal ransomware was first spotted in January 2022, targeting different corporations. This group does not provide ransomware-as-a-service. The attackers demand figures ranging from $250,000 to over $2 million from their victims.

December 09, 2022 — 9 min read

Acronis

December 09, 2022 — 9 min read

KmsdBot: DDoS and cryptomining combined

On November 10, 2022, the Akamai Security Intelligence Response Team published an article with the description of the newly spotted KmsdBot, which infected their honeypot. Gaming company FiveM, which provides software for GTA V for hosting custom private servers (and happens to be Akamai’s client), became the first victim. During their investigation, researchers found many samples that were built for different architectures.

November 28, 2022 — 9 min read

Acronis

November 28, 2022 — 9 min read

AXLocker ransomware doesn’t change files’ extensions

AXLocker is a ransomware that was found by malware researcher ‘S!ri,’ who posted it on Twitter. Later, it was discovered that AXLocker does not only encrypt files but also steals victims’ Discord credentials and uploads them to its own Discord server. Specifically, the AXLocker ransomware steals tokens stored on a local computer when the user logs in to Discord. It’s not packed or obfuscated.