Displaying items by tag: Egregor

GUEST RESEARCH: On 29 August 2023, US law enforcement announced a multinational operation that disrupted the Qakbot botnet (also known as Qbot) and associated infrastructure. Secureworks Counter Threat Unit (CTU) researchers have long maintained active monitoring of the botnet and detected the disruption activity on 25 August.

GUEST RESEARCH: Venafi investigation of 35 million dark web URLs shows macro-enabled ransomware is widely available at bargain prices.

Zscaler's latest ransomware report says manufacturing is the industry most targeted by double-extortion ransomware.

Law enforcement authorities in France and Ukraine have joined forces to arrest a number of people in Ukraine who were using the Windows Egregor ransomware to make money.

One of the many tools used by multiple ransomware groups in a similar way — suggesting that they are being used by ransomware-as-a-service affiliates — is the Windows backdoor SystemBC, global cyber security vendor Sophos claims.

Two banks in India have been reported to be among the latest businesses to suffer from Windows ransomware attacks, with Nav Jeevan Co-operative Bank taking a hit from the Egregor ransomware while the IDFC First Bank was attacked by a gang using the Everest ransomware. But the latter has now denied it was affected.

New York-based global minerals-based company Minerals Technologies appears to have been attacked by cyber criminals using the Egregor ransomware that runs only on Microsoft's Windows operating system.

Global human resources giant Randstad has taken a hit from cyber criminals using the Windows Egregor ransomware, with the company saying it is trying what data the attackers have stolen and placed on their site on the dark web.

Ransomware has changed from being just about encrypting a victim's data and become primarily about data exfiltration, the Russian security firm Kaspersky says.

Two companies involved in research connected with vaccines for the coronavirus and both based in India have been hit by ransomware.

The use of improperly secured Remote Desktop Protocol connections on Windows machines has been found to be the biggest entry point for ransomware, according to a quarterly evaluation by Coveware, a company that is intimately involved in handling such attacks.

The news that the Windows Maze ransomware operators are shutting shop should not be a cause for celebration for anyone, the global security firm Sophos has cautioned.