A malicious live software service named TrickGate has been used by numerous threat actors to bypass endpoint detection and response (EDR) protection software for over six years.
The long-running cybercrime group FIN7, known for breaking into payment systems and corporate networks, has been moving into ransomware operations, according to researchers at security firm Mandiant.
The master decryption keys for Maze, Egregor, and Sekhmet ransomware victims were released, as claimed, by one of the developers of the three ransomware. The poster on the forum said that this was a planned leak and did not have any relation to law enforcement operations. Though, experts suspect th ...Read More
The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums by the alleged malware developer.
Of the 34 operations tracked by DarkTracer, the top five active operations are Conti (338 leaks), Sodinokibi/REvil (222 leaks), DoppelPaymer (200 leaks), Avaddon (123 leaks), and Pysa (103 leaks).
In the first months of the year, researchers noticed a malicious email campaign spreading weaponized Office documents that was delivering QBot trojan, and changing the payload after a short while.
The group behind the Maze and Egregor ransomware operations are believed to have earned at least $75 million worth of Bitcoin from ransom payments following intrusions at companies all over the world.
More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption.
The infamous Maze ransomware gang announced its retirement from November 1, 2020. In a notice shared on its darknet site, the gang called an end to its operation saying, ‘This project is now closed.’
Researchers suspect that previous customers of Maze may not quit the market, and that "many of their affiliates have moved to a new family" known as Egregor, a spin-off of Ransom.Sekhmet.
At the end of 2019, the Maze ransomware implemented data harvesting capabilities and started threatening the victims to release the stolen data for all those victims who refuse to pay the ransom.
The Maze ransomware gang could be shutting down its operations after only being active for a year and a half. Maze's double-extortion technique has become very popular among other similar groups.
Growing ransomware attacks are shaping the cybercrime market like never before. The evolution in attack tactics used to pressure victims into paying a ransom is particularly noteworthy.
In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations, including LG, Southwire, and the City of Pensacola.
Over the last three months, 80% of ransomware attacks combined with data dumps were associated with four families of ransomware – Maze, Sodinokibi, Conti, and Netwalker, according to Digital Shadows.
Data from Check Point referring to the third quarter of the year shows that Maze and Ryuk were the most prevalent ransomware families, with the latter attacking, on average, 20 companies per week.
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.