TRU Security

At the end of July 2023, the Cyclops ransomware group announced on underground forums that the 2.0 version of their ransomware was renamed “Knight.” The Knight ransomware group began its ransomware-as-a-service operations in May 2023, targeting Windows, Linux and MacOS operating systems, encrypting files using Curve25519, HC-256 and ChaCha20 algorithms.

Acronis Cyber Protect is a long-time participant in the AV-Test independent evaluation of security products for Apple’s macOS. It is critical that a cybersecurity product is consistent with good results, as new threats emerge. We are proud to report that Cyber Protect has achieved a perfect 6 out of 6 score in each and every test performed in the last year.

In an evaluation performed in May–June by well-known German testing laboratory AV-Test, Acronis Cyber Protect Cloud with Advanced Security achieved a perfect score. Acronis Cyber Protect Cloud blocked 10 out of 10 advanced threats crafted by laboratory experts to test the ability of security products to manage with new and unknown threats.

Ursnif, also known as Gozi or Dreambot, is a banking trojan. Ursnif is typically delivered via phishing emails that contain malicious attachments or links. There has been a surge of Ursnif campaigns led by different individuals with no relation to one another. These campaigns resulted in successful attacks on several Italian banks, stealing user credentials and gathering information from compromised networks.

Nokoyawa ransomware was first discovered in February 2022, and it initially shared similarities to the Hive ransomware. As this threat has evolved, it's become more dangerous, and appears to have claimed numerous victims already.

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here — including malware, URL and ransomware statistics — were gathered in September of this year and reflect threats that we detected as well as news stories from the public domain.

BlackByte is an example of ‘ransomware-as-a-service‘ (RaaS), and the threat actors behind it constantly upgrade their malware to keep customers satisfied. Recent changes have increased the complexity of cybersecurity analytics, while also introducing new anti-analysis and anti-debugging techniques.