MilCyber.org - April 18, 2023
Almost any organization can benefit from threat hunting - whether as part of a full-fledged adversary emulation exercise to determine how implemented security controls hold up against actor-specific TTPs or simply in order to ensure organizational systems are configured as expected. This becomes even more critical for entities that are frequently targeted by both ransomware and state-sponsored threat actors including government organizations, public utilities, hospitals, and schools. As seen in Figure 1, ransomware attacks against these entities may be slowing somewhat, but are very likely to continue. Threat hunting does not require a large team of experts to be effective,...
Ransomware.org - August 15, 2022
The most notable ransomware-as-a-service (RaaS) groups are well-known for the widely publicized attacks they conduct, even outside of the cybersecurity community. However, there also exist smaller, very short-lived groups that use ransomware derived from existing variants. They’re often considered 'unsophisticated' threat groups, and may be taken less seriously than that by a higher-level organization. How you deal with each type is important.
Ransomware.org - July 13, 2022
When discussing the ever-changing ransomware threat landscape, we often talk about what devices threat actors will target next. In addition to mobile devices, the other technology I get asked about the most is 'Internet of Things' (IoT), and whether we should expect threat actors to begin going after the 'smart' products in our homes or businesses.
Ransomware.org - June 16, 2022
With the Russian invasion of Ukraine came the deployment of several destructive malware families, known as 'wipers', against entities in Ukraine, with nine distinct variants observed to date. The first two, WhisperGate and HermeticWiper/PartyTicket, masqueraded as ransomware, but they were actually destructive tools rather than legitimate ransomware. This raises an important question: What’s the difference between true ransomware and these destructive tools?
Ransomware.org - May 13, 2022
Initial access vectors are the methods threat actors use to first gain access to an organization’s systems. They can include exploitation of vulnerabilities, stolen credentials, phishing, or brute-forcing services like RDP or SSH. Many of these accesses can be purchased from threat actors who specialize in obtaining initial access, known as Initial Access Brokers.
Ransomware.org - April 6, 2022
This month, our focus is on living-off-the-land techniques, and why they help ransomware threat actors execute attacks more stealthily. The concept of living-off-the-land (LotL) was first introduced by researchers to the broader security community in 2013, and has remained popular with threat actors ever since.
Ransomware.org - March 8, 2022
I’m Lindsay, a malware analyst and reverse engineer, with a special enthusiasm for obfuscation and anti-reverse engineering techniques used in malware! I am also a woman in the field of cybersecurity. I am often asked 'How did you get into cybersecurity?' or 'What advice would you give young women interested in cybersecurity?'
Ransomware.org - February 3, 2022
Mobile phones are certainly ubiquitous—85% of Americans currently own a smartphone, and in 2020, 3.5 billion people owned a smartphone worldwide. With so many devices out there, it seems like mobile would be an excellent target for ransomware threat actors. However, we don’t hear a lot about devastating ransomware attacks targeting smartphone operating systems, like iOS or Android. Let’s explore why.
Ransomware.org - January 12, 2022
Ransomware attacks have continued to plague organizations over the past few years, especially with the move to big game hunting at the end of 2019, and the debut of 'double extortion' in 2020. Initially, threat actors primarily targeted Windows-based environments, but have more recently expanded capabilities to include Linux-based systems. In 2021, well-known groups including REvil, Conti, RansomExx, and BlackMatter released ransomware specifically designed to target Linux and ESXi, and we expect this trend will continue.
Ransomware.org - January 1, 2022
We talk a lot about ransomware attacks within our own organizations—how to prepare for them, what to do when they happen, and the best way to stop the overall threat. While an ever-popular question is 'should we pay the ransom?'' (which most said they are unlikely to), there are so many other highly impactful aspects to ransomware preparedness and response. We surveyed more than 500 IT and security professionals to look at the impact of ransomware in 2021 and 2022 to begin to answer that question.
Articles Featured In
Dark Reading - May 16, 2023
Wide use and lack of support for malware detection technologies has made VMware's virtualization technology a prime target for cyberattackers.
CyberSecurityDive - May 16, 2023
Ransomware groups continue to target VMware because they know the virtualization infrastructure is vulnerable and lacks security tools, threat researchers said.
CyberSecurityDive - February 13, 2023
Recorded Future analysis underscores a growing ransomware threat confronting organizations using VMware ESXi.
Politico Pro - October 19, 2022
This article is available to Politico Pro subscribers.
LeMag IT - June 30, 2022
Le monde de la cybersécurité est marqué par un jargon qui lui est bien propre. Certains termes peuvent manquer de clarté pour le non-initié. Lindsay Kaye, de Recorded Future, nous aide à décoder le concept d’accès initial.
LeMag IT - June 21, 2022
Le monde de la cybersécurité est marqué par un jargon qui lui est bien propre. Certains termes peuvent manquer de clarté pour le non-initié. Lindsay Kaye, de Recorded Future, nous aide à décoder le concept de déplacement latéral.
CSO - February 21, 2021
Egregor is one of the most rapidly growing ransomware families. Its name comes from the occult world and is defined as “the collective energy of a group of people, especially when aligned with a common goal,” according to Recorded Future’s Insikt Group. Although descriptions of the malware vary from security firm to security firm, the consensus is that Egregor is a variant of the Sekhmet ransomware family.
The Record - January 22, 2021
Over the last year, the COVID-19 pandemic has been punctuated by a series of crises and developments: In February, the U.S. declared a public health emergency; In March, the economy contracted and unemployment skyrocketed; Relief packages were both passed and stalled in Congress throughout the year; And by December, vaccines were given emergency approval.
Reuters - January 5, 2021
As millions of people await their turn to get a COVID-19 vaccine that could be months away, scammers online, in emails and on messaging apps are luring victims with claims they can deliver shots within days for as little as $150.
ComputerWeekly - December 4, 2020
Researchers at Recorded Future’s Insikt Group highlight links between the emerging Egregor ransomware and other strains, and offer guidance on defending against it
CSO - November 9, 2020
RATs were first created to prank friends. Today, they’re cheaply available and used by everyone from cybercriminals to espionage groups.
CyberScoop - October 29, 2020
At issue are the obligations of health care organizations to defend their data, and victims’ ability to hold them accountable for failing to do so.
CoinTelegraph - June 11, 2020
Recorded Future says that Thanos deploys a particular encryption technique in its attack and offers a revenue-sharing scheme for external hackers.
ThreatPost - June 10, 2020
Thanos is the first ransomware family to feature the weaponized RIPlace tactic, enabling it to bypass ransomware protections.
DanPatterson - May 29, 2020
Threat researcher Lindsay Kaye of Recorded Future explains how scammers profit from coronavirus.
ITWeb - March 19, 2020
The South African Banking Risk Information Centre (Sabric) is warning bank consumers of cyber criminals exploiting the coronavirus (COVID-19) outbreak to spread an array of online scams.
The Telegraph - March 17, 2020
Security experts warn that global concern over coronavirus risks creating a fertile hunting ground for cybercriminals
Hackers are exploiting the coronavirus crisis by posing as World Health Organisation officials in order to steal bank details and target government infrastructure
Business Insider - March 16, 2020
Hackers are exploiting growing anxiety over the coronavirus crisis by posing as officials from the World Health Organisation and government officials in order to steal the personal details of people online.
Forbes Mexico - March 16, 2020
Cibercriminales envían archivos referentes al coronavirus por email, que ocultan un spyware para robar los datos personales de usuarios y empresas.
NBC News - March 13, 2020
Intelligence agencies around the world are sending out fake coronavirus information to hack and spy on their targets, cybersecurity researchers say.
Forbes - March 12, 2020
Cybercriminals and nation state-sponsored spies didn't take long to catch onto the coronavirus panic. Research released Thursday shows crooks and snoops have been rapidly registering vast numbers of potentially-malicious websites and sending out masses of scam emails as they try to make money from the pandemic.