Related Families: Pandora
Executive Summary
Sentinel One recently reported on CatB ransomware. CatB, also known as CatB99 or Baxtoy, was first seen in the wild in late 2022.
Mar 28, 2023 3:49:33 PM / by The Hivemind posted in Threat Bulletin, Ransomware, CatB, CatB99, Baxtoy, Pandora
Related Families: Pandora
Sentinel One recently reported on CatB ransomware. CatB, also known as CatB99 or Baxtoy, was first seen in the wild in late 2022.
Mar 17, 2023 2:56:51 PM / by The Hivemind posted in Threat Bulletin, Ransomware, IceFire, CVE-2022-47986
Verticals Targeted: media, entertainment
Executive Summary
Sentinel Labs recently reported on a new Linux variant of IceFire ransomware. The threat actors responsible for IceFire exploit CVE-2022-47986 to deploy the ransomware.
Mar 14, 2023 3:30:50 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, RAT, Trojan, SysUpdate, Iron Tiger, Emissary Panda, APT27
Verticals Targeted: Gambling
Trend Micro recently reported on a new Linux variant of Emissary Panda’s SysUpdate. SysUpdate is one of Emissary Panda’s custom tools.
Mar 3, 2023 1:25:10 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Royal
Verticals Targeted: IT, Financial, Materials, Healthcare, Food Production
Trend Micro recently reported on a new Linux variant of Royal ransomware that targets Linux systems and ESXi servers. Royal ransomware is yet another contender among the many ransomware families now targeting Linux systems.
Feb 28, 2023 12:53:32 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cl0p
Verticals Targeted: Education, Various
Executive Summary
SentinelLabs recently reported on a newly discovered Linux variant of Cl0p ransomware. The Linux variant is similar to the Windows variant but uses a flawed encryption logic.
Feb 24, 2023 1:57:55 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Cryptocurrency, Laplas Clipper, MortalKombat, Xorist
Related Families: Xorist, Laplas Clipper
Executive Summary
Cisco Talos recently reported on threat actor activity leveraging MortalKombat ransomware and Laplas Clipper. MortalKombat encrypts files on the infected machine and drops a ransom note instructing victims on how to pay the ransom to recover their files.
Key Takeaways
Feb 21, 2023 1:20:39 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, ESXiArgs, Babuk, CVE-2021-21974
Related Malware: Babuk
Verticals Targeted: Multiple
Executive Summary
Industry researchers recently reported on ESXiArgs ransomware, which targeted VMware ESXi servers around the globe. After CISA released a recovery script, the threat actors behind ESXiArgs distributed a new variant of the ransomware.
Key Takeaways
Feb 7, 2023 12:25:08 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Mimic, Everything.exe, Conti
Related Families: Conti
Executive Summary
Trend Micro recently reported on Mimic ransomware, a ransomware family that abuses Everything APIs.
Key Takeaways