Security Research

In our daily work, we are constantly facing various attacks that can be directed at different organizations. One of these cases was the reason for an in-depth study of LNK files.

Detected at the end of 2024, Frea ransomware is a new variant in the Chaos ransomware family. Our latest malware analysis explores Frea in depth, with technical details on the execution and the encryption and post-encryption process.

From cybersecurity and backup to ticketing and billing, MSPs find themselves cobbling together tools and juggling multiple siloed consoles.

Trigona ransomware was first observed in June 2022. It has Windows and Linux versions and operates as ransomware as a service.

As of February 19, 2024, ConnectWise has disclosed two critical vulnerabilities within their ScreenConnect remote access software, highlighting the urgent need for users to update their systems to ensure security.

For more than a year, Acronis Cyber Protect Cloud with Advanced Security has achieved a perfect score in every AV-Test regular certification under macOS. The solution's real-time protection mechanisms, coupled with advanced threat detection algorithms, earned it a perfect score in December’s evaluation, where it detected 100% of 1,298 samples of widespread and prevalent malware chosen by AV-Test.

CustomerLoader was first spotted in June 2023, delivering different payloads to its targets. It is a .NET loader, so named from the ‘custom’ string in its C&C communication. In this campaign, it used a .LNK file to bring the DuckTail infostealer to victims' machines. DuckTail is a Vietnamese threat group that became active in May 2023. Using phishing job listings on LinkedIn, DuckTail delivers malicious files to victims.

With cyberthreats becoming more sophisticated, Acronis Cyber Protect Cloud stands out as a robust solution that not only safeguards your data and systems but also revolutionizes incident management through the integration of cutting-edge artificial intelligence (AI) technology. And, as you may know, Acronis recently released Cyber Protect Cloud Advanced Security + EDR, to extend the core product's functionality.

DarkGate was first spotted in 2018. New attacks have used Skype messages with malicious VBA attachments. The main purpose of this script is to download and execute the AutoIt script, which has been observed in DarkGate campaigns since 2020. A user with the name ‘RastaFarEye’ advertised his malware on underground Russian language forums, and it now has numerous capabilities.

This article is the first in the ransomware diaries series. We will provide an in-depth look at some active ransomware families, such as Mallox or encryptors from the Epsilon Gang, revealing the unique picture they occasionally paint, along with commonalities they maintain along the way. Every family will represent a different piece of the current ransomware landscape to showcase how diversified it has become over the years.

AV-Test unveiled their Advanced Threat Protection test results for 10 real-life scenarios they ran in July and August 2023 in Windows 10 Professional. Once again, Acronis Cyber Protect Cloud with Advanced Security received the best possible score, successfully detecting and blocking all 10 attacks in their early stages.

At the end of July 2023, the Cyclops ransomware group announced on underground forums that the 2.0 version of their ransomware was renamed “Knight.” The Knight ransomware group began its ransomware-as-a-service operations in May 2023, targeting Windows, Linux and MacOS operating systems, encrypting files using Curve25519, HC-256 and ChaCha20 algorithms.