SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years.

Cybercrime 136

Cybercrime Banking Malware Ransomware 136

Security Affairs

OCTOBER 13, 2023

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing support for encrypting Linux systems, specifically VMware ESXi servers. This joint CSA updates the advisory published by the US Government on March 17, 2022.

Ransomware 119

Ransomware System Administration Antivirus Malware 119

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running. Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware 216

Ransomware Accountability Cybercrime Backups 216

Krebs on Security

JULY 25, 2023

In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021. com, super-socks[.]com,

Malware 201

Malware VPN Internet Internet 201

Security Affairs

MARCH 14, 2023

Their operations are based on the human operator ransomware practice where most of the intrusion is handled by hands-on keyboard criminals, even in the encryption stage. Makop ransomware gang is classified as a tier-B ransomware actor, but despite this, they keep hitting companies in Europe and Italy.

Ransomware 89

Ransomware Software System Administration Encryption 89

SecureList

AUGUST 12, 2021

The final payload is a remote administration tool that provides full control over the victim machine to its operators. Communication with the server can take place either over raw TCP sockets encrypted with RC4, or via HTTPS. The exploit-chain attempts to install malware in the system through a dropper.

Ransomware 133

Ransomware Malware Banking Encryption 133

Digital Shadows

JULY 5, 2021

On 02 July 2021, details started to emerge of a sophisticated supply-chain attack targeting Kaseya VSA, virtual system administrator software used to manage and monitor customers’ infrastructure. Kaseya’s CEO, Fred Voccola, claimed on 03 July 2021 that “fewer than 40 worldwide” customers were impacted.

Ransomware 52

Ransomware Encryption Cryptocurrency System Administration 52