The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Cicada3301 Ransomware

Sep 20, 2024 11:04:36 AM / by The Hivemind posted in Threat Bulletin, Ransomware, BlackCat, ALPHV, Cicada3301

0 Comments

Related Families: ALPHV/BlackCat
Verticals Targeted: Construction, IT, Legal Services, Retail, Healthcare, Transportation, Telecommunications, Hospitality, Finance, Real Estate, Manufacturing

Executive Summary

Cicada3301 is a new ransomware as a service (RaaS) that uses sophisticated TTPs to target vulnerabilities within network infrastructures to deploy its ransomware attacks.

Read More

RansomHub

Sep 6, 2024 11:35:47 AM / by The Hivemind posted in Threat Bulletin, Ransomware, RansomHub, Knight

0 Comments

Related Families: Knight
Verticals Targeted: Healthcare, Financial, Auction House, Technology, Government

Executive Summary

RansomHub, a ransomware as a service (RaaS), is an offshoot of Knight and has quickly become one of the most active ransomware families in 2024.

Read More

Recent Ransomware Attacks on the Healthcare Vertical

Aug 19, 2024 12:54:46 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Healthcare, Disbuk, Rhysida, INC

0 Comments

Related Families: Rhysida, INC
Verticals Targeted: Healthcare

Executive Summary

Since late July, at least two ransomware groups have allegedly targeted healthcare vertical entities. The attacks were attributed to INC and Rhysida ransomware groups.

Read More

BlackSuit Confirmed as Royal Ransomware Rebrand

Aug 12, 2024 2:08:09 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Royal, BlackSuit

0 Comments

Verticals Targeted: Critical Infrastructure, Healthcare, Government, Manufacturing 

Executive Summary

BlackSuit is a ransomware family that targets both Windows and Linux systems. A recent joint advisory published by CISA and the FBI confirmed BlackSuit is a rebrand of Royal. The advisory also highlighted new BlackSuit ransomware activity.

Read More

Play Ransomware Linux Variant Discovered

Jul 26, 2024 3:02:38 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Play, ESXi

0 Comments

Executive Summary

A Linux variant of Play ransomware has been observed that is capable of targeting ESXi environments.

Read More

GhostLocker Ransomware

Jul 5, 2024 2:05:23 PM / by The Hivemind posted in Threat Bulletin, Ransomware, GhostLocker, GhostSec, Stormous

0 Comments

Verticals Targeted: Technology, Education, Manufacturing, Transportation, Government

Executive Summary

GhostLocker, a ransomware family that has been in the wild since late 2023, is now under new management. Stormous, the new GhostLocker operators, have stated they are updating the program and will offer some ransomware services for free.

Read More

RansomHub

Jun 14, 2024 2:22:45 PM / by The Hivemind posted in Threat Bulletin, Ransomware, RansomHub, Knight

0 Comments

Related Families: Knight
Verticals Targeted: Healthcare, Financial, Auction House, Technology, Government

Executive Summary

RansomHub, a ransomware as a service (RaaS), is an offshoot of Knight and has quickly become one of the most active ransomware families in 2024.

Read More

TargetCompany Ransomware Linux Variant

Jun 10, 2024 2:25:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Asia, APAC, TargetCompany, ESXi

0 Comments

Verticals Targeted: Healthcare, Finance, Government, Manufacturing, Education, Information Technology, Retail, Transportation, Utilities, Telecommunications

Executive Summary

A new Linux variant of TargetCompany ransomware was recently discovered that uses a custom shell script to deliver and execute payloads in ESXi environments.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts