Crimeware

Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.

Crimeware

Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise

Antonis Terefos / April 21, 2022

Nemty developers have created a new, flawed update to the Karma ransomware variant in a bid to avoid detection and mislead attribution.

Crimeware

Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp

Antonio Pirozzi / February 23, 2022

What really happened to Evil Corp after the OFAC sanctions? Did they cut and run, or are they still operating with impunity?

Crimeware

BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims

Jim Walter / January 18, 2022

With victims in the US, Australia and India, BlackCat is a new RaaS making a big impact. Learn more about this unique ransomware's behavior and IoCs.

Crimeware

New Rook Ransomware Feeds Off the Code of Babuk

Jim Walter / December 23, 2021

Scavenging code leaked from Babuk, Rook's first victim was a bank and the theft of 1123 GB of data. Learn more about this new ransomware operator.

Crimeware

Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t

Jim Walter / October 28, 2021

New ransomware operator publishes victim details even if they pay. Our technical analysis shows how Spook is connected to other well-known malware families.

Crimeware

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Antonis Terefos / October 18, 2021

Exploring the links between Karma and other well-known malware families such as NEMTY and JSWorm, we find further IoCs and an evolving threat.

Crimeware

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms

Antonio Pirozzi / September 13, 2021

A new ZLoader campaign abuses Google Ads to target European banking institutions with signed MSI payloads and more than 300 domains.

Crimeware

Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare

Jim Walter / August 23, 2021

Hive is a double-extortion ransomware group that’s hit over 30 organizations. Read our deep-dive into the ransomware toolkit.

Crimeware

Conti Unpacked | Understanding Ransomware Development As a Response to Detection

Idan Weizman / July 8, 2021

Conti’s rapid encryption speed is matched only by its rapid evolution. SentinelLabs’ deep dive explores its development in unprecedented detail.

Category

Crimeware

LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility

Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise

Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp

BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims

New Rook Ransomware Feeds Off the Code of Babuk

Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms

Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare

Conti Unpacked | Understanding Ransomware Development As a Response to Detection