The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Black Basta Evolves

Dec 9, 2024 12:32:54 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Black Basta, Emerging Threat, Evolving Threat

0 Comments

Verticals Targeted: Manufacturing, Finance, Transportation, Legal Services, Healthcare, Defense, Business Services

Executive Summary

Black Basta is a ransomware group that rose in the aftermath of the dissolution of Conti ransomware in 2022. In recent months, Black Basta has begun using tactics that are reminiscent of nation-state threat actor tactics and has shifted from opportunistic targeting to more refined, strategic targeting.

Read More

HellDown Ransomware Linux Variant

Nov 25, 2024 1:39:46 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Emerging Threat, ESXi, HellDown

0 Comments

Read More

Ymir Ransomware

Nov 18, 2024 2:19:58 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Extortion, RustyStealer, Ymir

0 Comments

Related Families: RustyStealer

Executive Summary

Ymir is a new ransomware family that was recently observed encrypting systems previously compromised by RustyStealer. PolySwarm analysts consider Ymir to be an emerging threat.

Read More

HellCat Ransomware Targets Energy Giant Schneider Electric

Nov 15, 2024 12:52:13 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Emerging Threat, Evolving Threat

0 Comments

Related Families: HellDown
Verticals Targeted: Energy

Executive Summary

HellCat ransomware recently targeted French energy giant Schneider Electric. PolySwarm analysts consider HellCat to be an emerging threat.

Read More

NotLockBit Ransomware Targets MacOS

Nov 8, 2024 1:45:18 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Windows, LockBit, MacOS, NotLockBit

0 Comments

Executive Summary

NotLockBit is a ransomware family that mimics LockBit. NotLockBit is unique in that it is one of the first fully functional ransomware families to target MacOS systems.

Read More

The Evolution of Akira Ransomware

Nov 1, 2024 12:21:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Akira, Evolving Threat

0 Comments

Verticals Targeted: Aerospace, Manufacturing, Professional Services, Scientific and Technical Services, Retail, Construction, Insurance, Telecommunications, Hospitality, and Legal Services

Executive Summary

Akira ransomware is one of the most prolific ransomware families of 2024. Active in the wild since April 2023, Akira has continued to evolve, maintaining its relevance on the threat landscape.

Read More

BrainCipher Ransomware

Oct 21, 2024 12:07:07 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Lockbit 3.0, Emerging Threat, BrainCipher, BrainCypher

0 Comments

Related Families: LockBit 3.0
Verticals Targeted: Media, Insurance, Legal Services, Healthcare, Retail, Software, Construction, Manufacturing, Real Estate, Education, Government 

Executive Summary

BrainCipher ransomware, which was first observed in June 2024, is an emerging threat. BrainCipher is based on the leaked LockBit 3.0 builder and is functionally similar to LockBit 3.0.  

Read More

Trinity Ransomware

Oct 18, 2024 2:30:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Healthcare, Manufacturing, Emerging Threat, Trinity

0 Comments

Related Families: Venus, 2023Lock
Verticals Targeted: Healthcare, Manufacturing, Business Services 

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts