LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.
Read More
Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise
Nemty developers have created a new, flawed update to the Karma ransomware variant in a bid to avoid detection and mislead attribution.
Read More
Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp
What really happened to Evil Corp after the OFAC sanctions? Did they cut and run, or are they still operating with impunity?
Read More
BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims
With victims in the US, Australia and India, BlackCat is a new RaaS making a big impact. Learn more about this unique ransomware's behavior and IoCs.
Read More
New Rook Ransomware Feeds Off the Code of Babuk
Scavenging code leaked from Babuk, Rook's first victim was a bank and the theft of 1123 GB of data. Learn more about this new ransomware operator.
Read More
Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t
New ransomware operator publishes victim details even if they pay. Our technical analysis shows how Spook is connected to other well-known malware families.
Read More
Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree
Exploring the links between Karma and other well-known malware families such as NEMTY and JSWorm, we find further IoCs and an evolving threat.
Read More
Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms
A new ZLoader campaign abuses Google Ads to target European banking institutions with signed MSI payloads and more than 300 domains.
Read More
Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare
Hive is a double-extortion ransomware group that’s hit over 30 organizations. Read our deep-dive into the ransomware toolkit.
Read More
Conti Unpacked | Understanding Ransomware Development As a Response to Detection
Conti’s rapid encryption speed is matched only by its rapid evolution. SentinelLabs’ deep dive explores its development in unprecedented detail.
Read More