New ransomware operator publishes victim details even if they pay. Our technical analysis shows how Spook is connected to other well-known malware families.
Exploring the links between Karma and other well-known malware families such as NEMTY and JSWorm, we find further IoCs and an evolving threat.
A new ZLoader campaign abuses Google Ads to target European banking institutions with signed MSI payloads and more than 300 domains.
Hive is a double-extortion ransomware group that’s hit over 30 organizations. Read our deep-dive into the ransomware toolkit.
Conti’s rapid encryption speed is matched only by its rapid evolution. SentinelLabs’ deep dive explores its development in unprecedented detail.
A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.
Gootloader expands its scope to target military, pharmaceutical and energy sectors, operating on an Initial Access As a Service model.
This crypto mining campaign doesn’t use notable exploit components but leverages shell scripts to infect cloud containers and bypass AVs.
Unbreakable encryption, a data leak site and threats of DDoS attacks, Avaddon has all the tricks of a modern RaaS. And now version 2 is on the way.
HelloKitty lacks the stealth of Ryuk, REvil and Conti, but has still struck some notable targets, including CEMIGO. Ransomware overview and IoCs here.
