Security Research

Trigona ransomware was first observed in June 2022. It has Windows and Linux versions and operates as ransomware as a service.

As of February 19, 2024, ConnectWise has disclosed two critical vulnerabilities within their ScreenConnect remote access software, highlighting the urgent need for users to update their systems to ensure security.

For more than a year, Acronis Cyber Protect Cloud with Advanced Security has achieved a perfect score in every AV-Test regular certification under macOS. The solution's real-time protection mechanisms, coupled with advanced threat detection algorithms, earned it a perfect score in December’s evaluation, where it detected 100% of 1,298 samples of widespread and prevalent malware chosen by AV-Test.

CustomerLoader was first spotted in June 2023, delivering different payloads to its targets. It is a .NET loader, so named from the ‘custom’ string in its C&C communication. In this campaign, it used a .LNK file to bring the DuckTail infostealer to victims' machines. DuckTail is a Vietnamese threat group that became active in May 2023. Using phishing job listings on LinkedIn, DuckTail delivers malicious files to victims.

With cyberthreats becoming more sophisticated, Acronis Cyber Protect Cloud stands out as a robust solution that not only safeguards your data and systems but also revolutionizes incident management through the integration of cutting-edge artificial intelligence (AI) technology. And, as you may know, Acronis recently released Cyber Protect Cloud Advanced Security + EDR, to extend the core product's functionality.

DarkGate was first spotted in 2018. New attacks have used Skype messages with malicious VBA attachments. The main purpose of this script is to download and execute the AutoIt script, which has been observed in DarkGate campaigns since 2020. A user with the name ‘RastaFarEye’ advertised his malware on underground Russian language forums, and it now has numerous capabilities.

This article is the first in the ransomware diaries series. We will provide an in-depth look at some active ransomware families, such as Mallox or encryptors from the Epsilon Gang, revealing the unique picture they occasionally paint, along with commonalities they maintain along the way. Every family will represent a different piece of the current ransomware landscape to showcase how diversified it has become over the years.

AV-Test unveiled their Advanced Threat Protection test results for 10 real-life scenarios they ran in July and August 2023 in Windows 10 Professional. Once again, Acronis Cyber Protect Cloud with Advanced Security received the best possible score, successfully detecting and blocking all 10 attacks in their early stages.

At the end of July 2023, the Cyclops ransomware group announced on underground forums that the 2.0 version of their ransomware was renamed “Knight.” The Knight ransomware group began its ransomware-as-a-service operations in May 2023, targeting Windows, Linux and MacOS operating systems, encrypting files using Curve25519, HC-256 and ChaCha20 algorithms.

Acronis Cyber Protect is a long-time participant in the AV-Test independent evaluation of security products for Apple’s macOS. It is critical that a cybersecurity product is consistent with good results, as new threats emerge. We are proud to report that Cyber Protect has achieved a perfect 6 out of 6 score in each and every test performed in the last year.

In an evaluation performed in May–June by well-known German testing laboratory AV-Test, Acronis Cyber Protect Cloud with Advanced Security achieved a perfect score. Acronis Cyber Protect Cloud blocked 10 out of 10 advanced threats crafted by laboratory experts to test the ability of security products to manage with new and unknown threats.

Ursnif, also known as Gozi or Dreambot, is a banking trojan. Ursnif is typically delivered via phishing emails that contain malicious attachments or links. There has been a surge of Ursnif campaigns led by different individuals with no relation to one another. These campaigns resulted in successful attacks on several Italian banks, stealing user credentials and gathering information from compromised networks.