Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal
During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we’ve named NETXLOADER. Read More HERE…
Trend Micro Research : Ransomware
FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE
This blog details our investigation of malware samples that conceal within them a FOG ransomware payload. Read More HERE…
CrazyHunter Campaign Targets Taiwanese Critical Sectors
This blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwan’s essential services. Read More HERE…
Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations
Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation. Read More HERE…
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines. Read More HERE…
MITRE ATT&CK 2024 Results for Enterprise Security
Enterprise 2024 will incorporate multiple, smaller emulations for a more nuanced and targeted evaluation of defensive capabilities. We’re excited to offer two distinct adversary focus areas: Ransomware targeting Windows and Linux, and the Democratic People’s Republic of Korea’s targeting macOS. Read More HERE…
Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data
This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions. Read More HERE…
Fake LockBit, Real Damage: Ransomware Samples Abuse Amazon S3 to Steal Data
This article uncovers a Golang ransomware abusing Amazon S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions. Read More HERE…
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections
Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions. Read More HERE…
How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack
Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt. Read More HERE…