In the first 2 weeks of September, we saw the LockFile is a new ransomware family that emerged in July 2021 following the discovery in April 2021 of the ProxyShell vulnerabilities in Microsoft Exchange servers. Also, ransomware groups have shown no signs of slowing down their assault on hospitals,
Â
For more articles, check out our #onpatrol4malware blog.
LockFile ransomware’s box of tricks: intermittent encryption and evasion
Source: NewsSophos
LockFile is a new ransomware family that emerged in July 2021 following the discovery in April 2021 of the ProxyShell vulnerabilities in Microsoft Exchange servers. Read more.
QakBot technical analysis
Source: SecureList
MakerBot, also known as QBot, QuackBot, and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in 2007 and since then it has been continually maintained and developed. Read more.
MÄ“ris botnet, climbing to the record
Source: QratorLabs
During this period, the industry has learned how to cope with the high bandwidth network layer attacks, including amplification-based ones. It does not mean that botnets are now harmless. Read more.
The Ideal Ransomware Victim: What Attackers Are Looking For
Victoria Kivilevich, Threat Intelligence Analyst
Source: Kela
In July 2021, KELA observed threat actors creating multiple threads where they claimed they are ready to buy accesses and described their conditions. Read more.
StrongPity APT Group Deploys Android Malware for the First Time
Source: TrendMicro
We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. Read more.
Vice Society leverages PrintNightmare in ransomware attacks
Source: Talos
Another threat actor is actively exploiting the so-called PrintNightmare vulnerability in Windows’ print spooler service to spread laterally across a victim’s network as part of a recent ransomware attack. Read more.
Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase
Source: ZDNet
Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant. Read more.