Hamburger Menu Icon
Yoroi Background

Tag: ransomware

Money Ransomware: The Latest Double Extortion Group

Introduction Ransomware attacks have emerged as a predominant menace in recent years, with the strategies employed by malicious actors constantly evolving. Among the most effective and worrisome tactics is the "double extortion" model, which has rapidly gained popularity as a preferred business model for threat actors. Financially motivated perpetrators particularly favor the double extortion model, […]

Read More

Reconstructing the last activities of Royal Ransomware 

Introduction Royal Ransomware is a new group first spotted on Bleeping Computer last September, where the cybersecurity news site revealed a connection with another malware known as Zeon.   At the moment, we don’t have much information about the group and all its actual TTPs, but we know that they use the Double Extortion model to […]

Read More

Dissecting BlueSky Ransomware Payload

Introduction BlueSky is a ransomware firstly spotted in May 2022 and it gained the attention of the threat researchers for two main reasons: the first one is that the group behind the ransomware doesn’t adopt the double-extortion model; the second one is that their targets are even normal users because the ransomware has been discovered […]

Read More

A deep dive into Eternity Group: A new emerging Cyber Threat

For months, we at Yoroi Malware ZLab have studied and tracked the evolution of a new emerging cyber-criminal group which has attracted the attention of everyone inside the cyber security threat landscape. This threat actor calls itself “Eternity Group”, previously “Jester Group”, which we internally tracked it as “TH-320”. This threat has also recently been […]

Read More

Conti Ransomware source code: a well-designed COTS ransomware 

Introduction  Since 27 February 2022, a few days after the apparition of the Conti’s gang support to the Russian invasion of the Ukrainian national territory, a new mysterious Twitter account appeared, “@ContiLeaks”. Nobody knows for sure who operates it, maybe a reluctant Conti gang member, some foreign intelligence, or police officer, but does not matter […]

Read More

Hunting the LockBit Gang's Exfiltration Infrastructures

Introduction  Nowadays ransomware operators have consolidated the double extortion practice by mastering data exfiltration techniques. From time to time, we observed many threat actors approach the data theft in diverse ways, some prefeed to rely on legit services and tools such as RClone, FTP sites, and some through VPN channels, but others also with customized tools.   Also, during the last months the LockBit gang (TH-276) decided to develop and evolve a custom tool specialized in data exfiltration and used as a peculiar element to distinguish their criminal brand. In fact, the StealBit 2.0 tool is part of the […]

Read More

Esposizione Massiva di Credenziali Aziendali Compromesse

Proto: N020921. Con la presente CERT-Yoroi desidera informarla riguardo alla recente pubblicazione di credenziali aziendali all'interno del circuito criminale Groove (TH-306). Groove è un gruppo cyber criminale specializzato in attacchi ransomware  a doppia estorsione (double extortion) comparso nello scenario underground ad Agosto 2021.  Recentemente, il gruppo ha rilasciato una serie di dati relativi a credenziali aziendali potenzialmente utilizzabili per l'autenticazione a servizi SSL VPN esposti ad internet. Potenzialmente, le credenziali […]

Read More

Ransomware micro-criminals are still out here (and growing)

Introduction  Ransomware confirms to be one of the most pervasive threats of the last years. We saw during these last years the infamous phenomenon of Double Extorsion, where well-organized cyber-criminal groups perform highly sophisticated red team operations to achieve the highest level of privileges inside the perimeter of victim networks and, before releasing the ransomware, they steal all the sensitive data to extort the target the payment […]

Read More

JSWorm: The 4th Version of the Infamous Ransomware

Introduction The ransomware attacks have no end. These cyber weapons are supported by a dedicated staff that constantly update and improve the malware in order to make harder detection and decryption. As the popular GandCrab, which was carried on up to version 5 until its shutdown, also other ransomware are continuously supported with the purpose […]

Read More
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram