In the first 2 weeks of September, we saw the LockFile is a new ransomware family that emerged in July 2021 following the discovery in April 2021 of the ProxyShell vulnerabilities in Microsoft Exchange servers. Also, ransomware groups have shown no signs of slowing down their assault on hospitals,

 

For more articles, check out our #onpatrol4malware blog.

LockFile ransomware’s box of tricks: intermittent encryption and evasion

Source: NewsSophos

LockFile is a new ransomware family that emerged in July 2021 following the discovery in April 2021 of the ProxyShell vulnerabilities in Microsoft Exchange servers. Read more.

QakBot technical analysis

Source: SecureList

MakerBot, also known as QBot, QuackBot, and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in 2007 and since then it has been continually maintained and developed. Read more.

Mēris botnet, climbing to the record

Source: QratorLabs

During this period, the industry has learned how to cope with the high bandwidth network layer attacks, including amplification-based ones. It does not mean that botnets are now harmless. Read more.

The Ideal Ransomware Victim: What Attackers Are Looking For
Victoria Kivilevich, Threat Intelligence Analyst

Source: Kela

In July 2021, KELA observed threat actors creating multiple threads where they claimed they are ready to buy accesses and described their conditions. Read more.

StrongPity APT Group Deploys Android Malware for the First Time

Source: TrendMicro

We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. Read more.

Vice Society leverages PrintNightmare in ransomware attacks

Source: Talos

Another threat actor is actively exploiting the so-called PrintNightmare vulnerability in Windows’ print spooler service to spread laterally across a victim’s network as part of a recent ransomware attack. Read more.

Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase

Source: ZDNet

Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant. Read more.