DearCry ransomware uses the recently disclosed zero-day ProxyLogon vulnerabilities to hack into Microsoft Exchange servers. Its file encryption scheme leaves no chance of decryption without the correct key, and data overwriting techniques may complicate recovery. The first DearCry attack was discovered on March 9, 2021.
In February 2021, the public was shocked by the news of the hacking of Bombardier, a giant in the aerospace industry. During the investigation of the incident, analysts established that the threat group TA505, using the Cl0p ransomware, were responsible for the attack.
While its current name may be fairly new, Ranzy Locker is simply the latest evolution in a line of ransomware variants that began with MedusaLocker. Many of its details have since changed, including a shift in encryption algorithms from AES-256 to Salsa20. The distribution vectors for Ranzy Locker remain somewhat unclear, though spam campaigns have been indicated as one method.
Following reports that SolarWinds’ Orion business software was compromised and used in a supply-chain attack by SUNBURST malware. The distributed malware then used elevated credentials gained by compromising network traffic management systems to target FireEye, a cybersecurity firm, and several U.S. government agencies. Details of the attack are available from the Cybersecurity and Infrastructure Security Agency (CISA). While not affected by this event, Acronis wants to reassure partners and customers that we have a strict, secure software development life cycle (SDLC) in place, which we continuously strengthen, to ensure our solutions are safe, secure, and reliable.
WastedLocker ransomware was supposedly used by the Evil Corp group, which is known to have delivered Dridex banking malware to attack at least 31 U.S.-based corporations since May 2020. Here we provide an in-depth analysis of WastedLocker, which employs numerous defensive evasion techniques such as digital signing, DLL side-loading, auto-elevation and alternate data streams .
The Nefilim ransomware group, known to be active since February 2020, adopts the Nemty ransomware code written in the Delphi programming language. It uses a Citrix vulnerability/RDP to access corporate networks. Nefilim started its own data leak site called ‘Corporate Leaks,’ where the operators publish exfiltrated data from compromised organizations if they refuse to pay.
The SunCrypt ransomware family was first spotted in October 2019, but it was not very active at that time. The group behind it was independent in the beginning, but they recently joined the so-called Maze cartel – combining forces to rob individuals and companies around the world. This cartel included Maze and LockBit when it first started, but later welcomed Ragnar Locker and now SunCrypt.
NetWalker ransomware was discovered in August 2019 in the wild. It implements a ransomware-as-a-service model, targeting both organizations and individual users. Since March 2020, the operators have managed to extort approximately $25 million.
The first examples of the Shlayer malware family were discovered in February 2018. Since then, it has become the most popular macOS first-stage trojan-downloader.