-
Darkside Ransomware: Caviar Taste on Your Big-Game Budget
By Arete Cyber Threat Intelligence Team Executive summary By all appearances, the proprietors of Darkside ransomware mean business. Big business. With their sights set on organizations with US$4M+ in revenue, they’re all about high-value, big-game targets. And they’ve got the skills and experience
-
Good Europol Hunting: How Do You Like Them Apples, Emotet?
On January 27, 2021, Europol announced that it had led a coordinated takedown of the Emotet infrastructure in collaboration with law enforcement authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine. According to Europol,
-
Egregor: The Ghost of Soviet Bears Past Haunts On
By Adam Brown and Harold Rodriguez, Arete Cyber Threat Intelligence Team Ransomware variants come. Ransomware variants go. And while Egregor may have only recently surfaced, it is by no means a fly-by-night operation. In fact, one could argue that the foundation
-
WastedLocker Ransomware Insights
Background On the December 5th, 2019 the U.S. Department of Justice announced indictments against 17 individuals including 2 Russian nationals Maksim Yakubets and Igor Turashev that were the primary ring-leaders of the Russian hacking group known as “Evil Corp”. The Treasury
-
The Road Back: Recovery from a Malware Attack in the Long Term
Arete's recommendations for recovering from a malware attack and prevent a future attack
-
Ransomware Decryptors for a (varying) fee
Ransomware attacks wreak havoc on business operations. Destroying recovery options, instilling fear and panic, and most often creating high levels of stress for IT staff, owners, and operators. A simple, but often costly fix is to just pay the Threat
-
No One Is Immune to Cyberattacks
On December 8, 2020, the New York Times reported that FireEye (NASDAQ:FEYE) was hacked. Moments later, almost every major news outlet, security blogger, U.S. government agency, and security company released additional articles and opinions on the breaking news. It’s not
-
Anti-virus or AI driven Endpoint Protection?
Stephen Ramey Arete investigates a lot of ransomware attacks. In fact, 90% of our business is helping organizations big and small, recover from and investigate ransomware attacks. Variants like Maze, Sodinokibi, WastedLocker, Ryuk, Conti, Dopplepaymer, Dharma and countless others are extremely
-
Sodinokibi Labels Keys with “Black Lives Matter”
Arete's updated analysis of the Sodinokibi malware and observations of the threat actors touting the Black Lives Matter (BLM) movement by saving their configuration data in BLM labeled registry keys.
-
US Government Alerts of Imminent Attacks Against the Healthcare Sector by Trickbot Group
Arete's response to the CISA, FBI, and the Department of Health and Human Services alert: AA20-302A - Ransomware. RYUK Attacking the public health sector
-
AKO Ransomware – Analysis
Executive Summary Since January 2020, Arete’s incident response (IR) team has responded to various AKO ransomware engagements. Recently, we have encountered these specific attacks against the Finance, Healthcare, and Manufacturing sectors. This article is meant to provide information on the ransomware
-
Conti Ransomware is the new Ryuk?
Article by Stephen Ramey comparing Anti- Virus and AI driven endpoint protection
-
Is Conti the New Ryuk?
Arete's analysis into the Conti ransomware variant and suggestion that it came from the same group is RYUK
-
Universal Encryption
Ransomware variants like Ryuk, WastedLocker, and Dopplepaymer are also file level encryption. These groups will gain access to the network and perform reconnaissance to identify the victim, understand their business, identify critical systems, and delete backups to force their victims
-
System Specific Encryption
Ransomware variants like Phobos, Dharma or CryLock are file level encryption. The TA gains access to the system, copies specific encryption executables onto the systems then runs the executables to encrypt the files. The results are files with a new
-
Full Disk Encryption
Arete's analysis of full disk encryption and the groups that use it.
-
Sodinokibi/REvil Ransomware attacks against the Education Sector
Arete's deep technical dive into the Sodinokibi/Revil ransomware
-
Sodinokibi/REvil Ransomware Attacks
Arete's one page technical overview of the Sodinokibi/Revil ransomware variant
-
Remote Access and IoT Search Engines
Arete's analysis into how threat actors target business that allow employees that remotely access documents
-
Monero- Overview & Quick Facts
Overview Recently, the threat group behind Sodinokibi ransomware publicly announced the switch from Bitcoin to accepting only Monero payments. The switch was motivated largely by the fact that Monero is inherently more difficult for law enforcement to track payments as well
-
Maze Ransomware: Is Posting Data Counterproductive?
Arete's analysis into why Maze and other ransomware variants publishing data might be counterproductive
-
Cyber Insurers: Vital Partners in the Battle Against Ransomware
This article discusses the rise in ransomware cases in the past year and how Cyber Insurers are an ally in the battle against ransomware