The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

IceFire Ransomware Linux Variant

Mar 17, 2023 2:56:51 PM / by The Hivemind posted in Threat Bulletin, Ransomware, IceFire, CVE-2022-47986

0 Comments

Verticals Targeted: media, entertainment

Executive Summary

Sentinel Labs recently reported on a new Linux variant of IceFire ransomware. The threat actors responsible for IceFire exploit CVE-2022-47986 to deploy the ransomware. 

Read More

SysUpdate Linux Variant

Mar 14, 2023 3:30:50 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, RAT, Trojan, SysUpdate, Iron Tiger, Emissary Panda, APT27

0 Comments

Verticals Targeted: Gambling

Executive Summary

Trend Micro recently reported on a new Linux variant of Emissary Panda’s SysUpdate. SysUpdate is one of Emissary Panda’s custom tools. 

Read More

Royal Ransomware Linux Variant

Mar 3, 2023 1:25:10 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Royal

0 Comments

Verticals Targeted: IT, Financial, Materials, Healthcare, Food Production 

Executive Summary

Trend Micro recently reported on a new Linux variant of Royal ransomware that targets Linux systems and  ESXi servers. Royal ransomware is yet another contender among the many ransomware families now targeting Linux systems.

Read More

Cl0p Linux Variant

Feb 28, 2023 12:53:32 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cl0p

0 Comments

Verticals Targeted: Education, Various

Executive Summary

SentinelLabs recently reported on a newly discovered Linux variant of Cl0p ransomware. The Linux variant is similar to the Windows variant but uses a flawed encryption logic.

Read More

MortalKombat Ransomware Used in Recent Campaign

Feb 24, 2023 1:57:55 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Cryptocurrency, Laplas Clipper, MortalKombat, Xorist

0 Comments

Related Families: Xorist, Laplas Clipper

Executive Summary

Cisco Talos recently reported on threat actor activity leveraging MortalKombat ransomware and Laplas Clipper. MortalKombat encrypts files on the infected machine and drops a ransom note instructing victims on how to pay the ransom to recover their files.

Key Takeaways

Read More

ESXiArgs Ransomware

Feb 21, 2023 1:20:39 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, ESXiArgs, Babuk, CVE-2021-21974

0 Comments

Related Malware: Babuk
Verticals Targeted: Multiple

Executive Summary

Industry researchers recently reported on ESXiArgs ransomware, which targeted VMware ESXi servers around the globe. After CISA released a recovery script, the threat actors behind ESXiArgs distributed a new variant of the ransomware.

Key Takeaways

Read More

Mimic Ransomware

Feb 7, 2023 12:25:08 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Mimic, Everything.exe, Conti

0 Comments

Related Families: Conti

Executive Summary

Trend Micro recently reported on Mimic ransomware, a ransomware family that abuses Everything APIs.

Key Takeaways

Read More

Consulate Health Ransomware attack

Jan 18, 2023 2:35:50 PM / by The Hivemind posted in Malware, Ransomware, Hive, Cybercriminals

0 Comments



Ransomware attacks have become a major concern for businesses and organizations in recent years, with devastating consequences for those who fall victim. The Hive ransomware gang, which recently targeted Consulate Health Care, is one example of cybercriminals constructing sophisticated and ruthless tactics to steal sensitive data and extort money from their victims. But how can you protect yourself from these kinds of attacks in the future?

One solution is PolySwarm. Our platform uses advanced threat intelligence to stop ransomware attacks before they happen.

PolySwarm is a next-generation malware intelligence marketplace that connects businesses with a network of security experts and threat intelligence providers. Our platform can detect and analyze malware in real-time using cutting-edge technology, identifying potential threats before they can strike. This is achieved through our proprietary threat-scoring algorithm, PolyScore, which rates the probability that a given file contains malware. It weights engines’ determinations based on previous performance, history with similar file confidence levels, and other indicators.

One of the key features of PolySwarm is our ability to detect unknown or zero-day threats. These threats have yet to become known to the cybersecurity community and can be missed by traditional security solutions. However, PolySwarm's network of experts identifies these threats by analyzing the behavior of the malware rather than relying on signature-based detection methods.

In the case of the Hive ransomware gang attack and others like it, PolySwarm can detect the incident early on, allowing organizations to act before costly data is stolen. Receiving early alerts is the key to allowing your organization to take action and prevent theft.

Another benefit of PolySwarm is its ability to provide businesses with actionable intelligence. Once a threat has been identified, our platform can provide a detailed analysis of the malware, including information on its origins, targets, and potential consequences. This information can be used to improve an organization's overall security protocols, as well as to inform incident response and recovery teams.

Ransomware attacks are a serious and growing threat to businesses and organizations. The Hive ransomware gang is just one example of the devastating consequences of such attacks. However, by using advanced threat intelligence platforms like PolySwarm, organizations can protect themselves from future ransomware attacks and mitigate the damage caused by those that do occur.


Don’t have a PolySwarm account? Go here to sign up for a free Community plan or to subscribe.

Contact us at hivemind@polyswarm.io | Check out our blog | Subscribe to our reports

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts