ThreatsHub.org
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
The post Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity appeared first on Microsoft Security Blog. READ MORE HERE…
In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society.
The post DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector appeared first on Microsoft Security Blog. READ MORE HERE…
The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.
The post Defenders beware: A case for post-ransomware investigations appeared first on Microsoft Security Blog. READ MORE HERE…
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.
The post New “Prestige” ransomware impacts organizations in Ukraine and Poland appeared first on Microsoft Security Blog. READ MORE HERE…
Join the Stop Ransomware with Microsoft Security digital event on September 15, 2022, to learn how to safeguard your organization from today’s attacks—and be ready for tomorrow’s.
The post Stop Ransomware with Microsoft Security digital event presents threat intelligence in action appeared first on Microsoft Security Blog. READ MORE HERE…
New Cyber Signals shows more than 80 percent of ransomware attacks can be traced to common configuration errors. Here’s how we can get ahead of these attacks together as a cyber defender community.
The post Cyber Signals: 3 strategies for protection against ransomware appeared first on Microsoft Security Blog. READ MORE HERE…
A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.
The post North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware appeared first on Microsoft Security Blog. READ MORE HERE…
With its latest variant carrying several major upgrades, Hive proves it’s one of the fastest evolving ransomware payload, exemplifying the continuously changing ransomware ecosystem.
The post Hive ransomware gets upgrades in Rust appeared first on Microsoft Security Blog. READ MORE HERE…
The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.
The post The many lives of BlackCat ransomware appeared first on Microsoft Security Blog. READ MORE HERE…
