ransomware Tag

Ransomware crime group known as UNC1878

On the Trail of UNC1878

Context, Uncategorized

Since October 28th, Prevailion has been investigating current and potential future victims of the ransomware crime group known as UNC1878. While our investigation is still underway, we have so far identified hundreds of organizations worldwide that show compromise activity by this threat actor, and which may be in the early- to mid-stages of a Ryuk ransomware attack. As of November 3rd, there are approximately 1,400 organizations that show beacon activity to the UNC1878 C2 domains, with a total of 340 organizations that are showing a substantial amount of this beaconing, indicating...

Share Post

Ransomware as a Data Breach Decoy

Context, Uncategorized

Gone are the days of small-time cybercriminals using ransomware to earn a quick buck. Ransomware--and the criminals who use it--have certainly evolved. Though it initially made a name for itself as a tactic of the lesser-skilled criminal, malicious actors are now exploiting the established expectations of its impact and limitations in order to hide inside a network.  For those organizations with robust security strategies, ransomware had become little more than an annoyance. They were able to recover rather quickly using backups. More often, though, that’s not the case. In the past...

Share Post

Ransomware Gangs Continue to Shame Victims

Context, Uncategorized

Everyone has something to hide. The beauty of that truth for hackers is that even if they don’t know their target’s dirty little secrets, they know that no one wants their secrets exposed. The mere threat of being publicly shamed may be enough to make some victims pay. Businesses, though, don’t have personal secrets. They have customer data and intellectual property, which they are responsible for protecting.  So when the malicious actors operating the Maze Ransomware launched “Maze News” in November, they may have seen a spike in the number of...

Share Post

TA 505 – Global Ransomware Criminals

Ransomware, Tailored Intelligence

Prevailion’s Tailored Intelligence Team has continued to follow an evolving threat actor group dubbed TA505 - a known cyber criminal organization that has likely been active since at least 2017, whose motives are speculated to be financial in nature. This group has been known to infect victims through business email compromise. Once a victim’s system is initially compromised, TA505 has been observed utilizing a wide variety of commercially available and custom remote access trojans. Upon gaining access, with a trojan in the network, they have been observed stealing sensitive financial data...

Share Post