First observed in January 2018, GandCrab ransomware quickly began to proliferate and receive regular updates from its developer, PINCHY SPIDER, which over the course of the year established a RaaS operation with a dedicated set of affiliates.
CrowdStrike Intelligence has recently observed PINCHY SPIDER affiliates deploying GandCrab ransomware in enterprise environments, using lateral movement techniques and tooling commonly associated with nation-state adversary groups and penetration testing teams. This change in tactics makes PINCHY SPIDER and its affiliates the latest eCrime adversaries to join the growing trend of targeted, low-volume/high-return ransomware deployments known as “big game hunting.”
PINCHY SPIDER is the criminal group behind the development of the ransomware most commonly known as GandCrab, which has been active since January 2018. PINCHY SPIDER sells access to use GandCrab ransomware under a partnership program with a limited number of accounts. The program is operated with a 60-40 split in profits (60 percent to the customer), as is common among eCrime actors, but PINCHY SPIDER is also willing to negotiate up to a 70-30 split for “sophisticated” customers.
2021-03-29 ⋅ The DFIR Report ⋅ The DFIR Report @online{report:20210329:sodinokibi:4c63e20,
author = {The DFIR Report},
title = {{Sodinokibi (aka REvil) Ransomware}},
date = {2021-03-29},
organization = {The DFIR Report},
url = {https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/},
language = {English},
urldate = {2021-03-30}
}
Sodinokibi (aka REvil) Ransomware Cobalt Strike IcedID REvil |
2021-03-24 ⋅ Cisco ⋅ David Liebenberg, Caitlin Huey @online{liebenberg:20210324:quarterly:4707c30,
author = {David Liebenberg and Caitlin Huey},
title = {{Quarterly Report: Incident Response trends from Winter 2020-21}},
date = {2021-03-24},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2021/03/ctir-trends-winter-2020-21.html},
language = {English},
urldate = {2021-03-25}
}
Quarterly Report: Incident Response trends from Winter 2020-21 Egregor REvil WastedLocker |
2021-03-24 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez @online{kremez:20210324:revil:ae29dd2,
author = {Vitali Kremez},
title = {{Tweet on REvil ransomware}},
date = {2021-03-24},
organization = {Twitter (@VK_intel)},
url = {https://twitter.com/VK_Intel/status/1374571480370061312?s=20},
language = {English},
urldate = {2021-03-31}
}
Tweet on REvil ransomware REvil |
2021-03-19 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20210319:revil:32f2221,
author = {Lawrence Abrams},
title = {{REvil ransomware has a new ‘Windows Safe Mode’ encryption mode}},
date = {2021-03-19},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/},
language = {English},
urldate = {2021-03-24}
}
REvil ransomware has a new ‘Windows Safe Mode’ encryption mode REvil |
2021-03-17 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42 @techreport{unit42:20210317:ransomware:504cc32,
author = {Unit42},
title = {{Ransomware Threat Report 2021}},
date = {2021-03-17},
institution = {Palo Alto Networks Unit 42},
url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-ransomware-threat-report-2021.pdf},
language = {English},
urldate = {2021-03-19}
}
Ransomware Threat Report 2021 RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos Ransomware RansomEXX REvil Ryuk WastedLocker Zeppelin Ransomware |
2021-03-16 ⋅ The Record ⋅ Dmitry Smilyanets @online{smilyanets:20210316:i:cf06d4f,
author = {Dmitry Smilyanets},
title = {{‘I scrounged through the trash heaps… now I’m a millionaire:’ An interview with REvil’s Unknown}},
date = {2021-03-16},
organization = {The Record},
url = {https://therecord.media/i-scrounged-through-the-trash-heaps-now-im-a-millionaire-an-interview-with-revils-unknown/},
language = {English},
urldate = {2021-03-19}
}
‘I scrounged through the trash heaps… now I’m a millionaire:’ An interview with REvil’s Unknown REvil |
2021-03-11 ⋅ Flashpoint ⋅ Flashpoint @online{flashpoint:20210311:cl0p:666bd6f,
author = {Flashpoint},
title = {{CL0P and REvil Escalate Their Ransomware Tactics}},
date = {2021-03-11},
organization = {Flashpoint},
url = {https://www.flashpoint-intel.com/blog/cl0p-and-revil-escalate-their-ransomware-tactics/},
language = {English},
urldate = {2021-03-12}
}
CL0P and REvil Escalate Their Ransomware Tactics Clop REvil |
2021-03 ⋅ Techtarget ⋅ Rob Wright @online{wright:202103:ransomware:815ba76,
author = {Rob Wright},
title = {{Ransomware negotiations: An inside look at the process}},
date = {2021-03},
organization = {Techtarget},
url = {https://searchsecurity.techtarget.com/feature/Ransomware-negotiations-An-inside-look-at-the-process},
language = {English},
urldate = {2021-03-31}
}
Ransomware negotiations: An inside look at the process REvil |
2021-03 ⋅ Group-IB ⋅ Oleg Skulkin, Roman Rezvukhin, Semyon Rogachev @techreport{skulkin:202103:ransomware:992ca10,
author = {Oleg Skulkin and Roman Rezvukhin and Semyon Rogachev},
title = {{RANSOMWARE UNCOVERED 2020—2021}},
date = {2021-03},
institution = {Group-IB},
url = {https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf},
language = {English},
urldate = {2021-04-16}
}
RANSOMWARE UNCOVERED 2020—2021 RansomEXX BazarBackdoor Buer Clop Conti Ransomware DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
2021-02-28 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Ransomware Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Ransomware Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare |
2021-02-26 ⋅ CrowdStrike ⋅ Eric Loui, Sergei Frankoff @online{loui:20210226:hypervisor:8dadf9c,
author = {Eric Loui and Sergei Frankoff},
title = {{Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact}},
date = {2021-02-26},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout},
language = {English},
urldate = {2021-03-02}
}
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact RansomEXX Griffon Carbanak Cobalt Strike IcedID MimiKatz PyXie RansomEXX REvil |
2021-02-24 ⋅ IBM ⋅ IBM SECURITY X-FORCE @online{xforce:20210224:xforce:ac9a90e,
author = {IBM SECURITY X-FORCE},
title = {{X-Force Threat Intelligence Index 2021}},
date = {2021-02-24},
organization = {IBM},
url = {https://ibm.ent.box.com/s/hs5pcayhbbhjvj8di5sqdpbbd88tsh89},
language = {English},
urldate = {2021-03-02}
}
X-Force Threat Intelligence Index 2021 Emotet QakBot Ramnit REvil TrickBot |
2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20210223:2021:bf5bc4f,
author = {CrowdStrike},
title = {{2021 Global Threat Report}},
date = {2021-02-23},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf},
language = {English},
urldate = {2021-02-25}
}
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon Ransomware BazarBackdoor Clop Cobalt Strike Conti Ransomware Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet Ransomware ShadowPad SmokeLoader Snake Ransomware SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader |
2021-02-11 ⋅ CTI LEAGUE ⋅ CTI LEAGUE @techreport{league:20210211:ctil:69c2ab8,
author = {CTI LEAGUE},
title = {{CTIL Darknet Report – 2021}},
date = {2021-02-11},
institution = {CTI LEAGUE},
url = {https://cti-league.com/wp-content/uploads/2021/02/CTI-League-Darknet-Report-2021.pdf},
language = {English},
urldate = {2021-02-20}
}
CTIL Darknet Report – 2021 Conti Ransomware Mailto Maze REvil Ryuk |
2021-02-02 ⋅ CRONUP ⋅ Germán Fernández @online{fernndez:20210202:de:6ff4f3a,
author = {Germán Fernández},
title = {{De ataque con Malware a incidente de Ransomware}},
date = {2021-02-02},
organization = {CRONUP},
url = {https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware},
language = {Spanish},
urldate = {2021-03-02}
}
De ataque con Malware a incidente de Ransomware Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
2021-02-01 ⋅ AhnLab ⋅ ASEC Analysis Team @online{team:20210201:bluecrab:df21c0a,
author = {ASEC Analysis Team},
title = {{BlueCrab ransomware, CobaltStrike hacking tool installed in corporate environment}},
date = {2021-02-01},
organization = {AhnLab},
url = {https://asec.ahnlab.com/ko/19860/},
language = {English},
urldate = {2021-02-06}
}
BlueCrab ransomware, CobaltStrike hacking tool installed in corporate environment Cobalt Strike REvil |
2021-01-28 ⋅ AhnLab ⋅ ASEC Analysis Team @online{team:20210128:bluecrab:44d2e64,
author = {ASEC Analysis Team},
title = {{BlueCrab ransomware constantly trying to bypass detection}},
date = {2021-01-28},
organization = {AhnLab},
url = {https://asec.ahnlab.com/ko/19640/},
language = {Korean},
urldate = {2021-02-04}
}
BlueCrab ransomware constantly trying to bypass detection Cobalt Strike REvil |
2021-01-26 ⋅ Trend Micro ⋅ Trend Micro Research @online{research:20210126:examining:c893112,
author = {Trend Micro Research},
title = {{Examining a Sodinokibi Attack}},
date = {2021-01-26},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/a/sodinokibi-ransomware.html},
language = {English},
urldate = {2021-01-27}
}
Examining a Sodinokibi Attack REvil |
2021-01-21 ⋅ InfoSec Handlers Diary Blog ⋅ Xavier Mertens @online{mertens:20210121:powershell:904be1b,
author = {Xavier Mertens},
title = {{Powershell Dropping a REvil Ransomware}},
date = {2021-01-21},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/27012},
language = {English},
urldate = {2021-01-21}
}
Powershell Dropping a REvil Ransomware REvil |
2021-01-04 ⋅ KELA ⋅ Almog Zoosman, Victoria Kivilevich @online{zoosman:20210104:darknet:f6708c0,
author = {Almog Zoosman and Victoria Kivilevich},
title = {{Darknet Threat Actors Are Not Playing Games with the Gaming Industry}},
date = {2021-01-04},
organization = {KELA},
url = {https://ke-la.com/darknet-threat-actors-are-not-playing-games-with-the-gaming-industry/},
language = {English},
urldate = {2021-01-10}
}
Darknet Threat Actors Are Not Playing Games with the Gaming Industry REvil |
2020-12-16 ⋅ Accenture ⋅ Paul Mansfield @online{mansfield:20201216:tracking:25540bd,
author = {Paul Mansfield},
title = {{Tracking and combatting an evolving danger: Ransomware extortion}},
date = {2020-12-16},
organization = {Accenture},
url = {https://www.accenture.com/us-en/blogs/cyber-defense/evolving-danger-ransomware-extortion},
language = {English},
urldate = {2020-12-17}
}
Tracking and combatting an evolving danger: Ransomware extortion DarkSide Egregor Maze Nefilim Ransomware RagnarLocker REvil Ryuk SunCrypt |
2020-12-16 ⋅ Dragos ⋅ Selena Larson, Camille Singleton, IBM SECURITY X-FORCE @techreport{larson:20201216:assessing:9a5adb8,
author = {Selena Larson and Camille Singleton and IBM SECURITY X-FORCE},
title = {{Assessing Ransomware and Extortion Activities Impacting Industrial Organizations: Ransomware in ICS Environments}},
date = {2020-12-16},
institution = {Dragos},
url = {https://f.hubspotusercontent10.net/hubfs/5943619/Whitepaper-Downloads/Ransomware_in_ICS_Environments_Whitepaper_10_12_20.pdf},
language = {English},
urldate = {2020-12-17}
}
Assessing Ransomware and Extortion Activities Impacting Industrial Organizations: Ransomware in ICS Environments REvil |
2020-12-10 ⋅ US-CERT ⋅ US-CERT, FBI, MS-ISAC @online{uscert:20201210:alert:a5ec77e,
author = {US-CERT and FBI and MS-ISAC},
title = {{Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data}},
date = {2020-12-10},
organization = {US-CERT},
url = {https://us-cert.cisa.gov/ncas/alerts/aa20-345a},
language = {English},
urldate = {2020-12-11}
}
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim Ransomware REvil Ryuk Zeus |
2020-12-09 ⋅ FireEye ⋅ Mitchell Clarke, Tom Hall @techreport{clarke:20201209:its:c312acc,
author = {Mitchell Clarke and Tom Hall},
title = {{It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES)}},
date = {2020-12-09},
institution = {FireEye},
url = {https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations-wp.pdf},
language = {English},
urldate = {2020-12-15}
}
It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES) Cobalt Strike DoppelPaymer QakBot REvil |
2020-12-03 ⋅ KELA ⋅ Victoria Kivilevich @online{kivilevich:20201203:easy:bae365d,
author = {Victoria Kivilevich},
title = {{Easy Way In? 5 Ransomware Victims Had Their Pulse Secure VPN Credentials Leaked}},
date = {2020-12-03},
organization = {KELA},
url = {https://ke-la.com/easy-way-in-5-ransomware-victims-had-their-pulse-secure-vpn-credentials-leaked/},
language = {English},
urldate = {2021-01-01}
}
Easy Way In? 5 Ransomware Victims Had Their Pulse Secure VPN Credentials Leaked REvil |
2020-12-01 ⋅ Trend Micro ⋅ Ryan Flores @online{flores:20201201:impact:415bf2e,
author = {Ryan Flores},
title = {{The Impact of Modern Ransomware on Manufacturing Networks}},
date = {2020-12-01},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/20/l/the-impact-of-modern-ransomware-on-manufacturing-networks.html},
language = {English},
urldate = {2020-12-08}
}
The Impact of Modern Ransomware on Manufacturing Networks Maze Petya REvil |
2020-11-30 ⋅ Malwarebytes ⋅ hasherezade, Jérôme Segura @online{hasherezade:20201130:german:72b40c6,
author = {hasherezade and Jérôme Segura},
title = {{German users targeted with Gootkit banker or REvil ransomware}},
date = {2020-11-30},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/},
language = {English},
urldate = {2020-12-03}
}
German users targeted with Gootkit banker or REvil ransomware GootKit REvil |
2020-11-30 ⋅ FireEye ⋅ Mitchell Clarke, Tom Hall @techreport{clarke:20201130:its:1b6b681,
author = {Mitchell Clarke and Tom Hall},
title = {{It's not FINished The Evolving Maturity in Ransomware Operations}},
date = {2020-11-30},
institution = {FireEye},
url = {https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations.pdf},
language = {English},
urldate = {2020-12-14}
}
It's not FINished The Evolving Maturity in Ransomware Operations Cobalt Strike DoppelPaymer MimiKatz QakBot REvil |
2020-11-18 ⋅ KELA ⋅ Victoria Kivilevich @online{kivilevich:20201118:zooming:f28a9c1,
author = {Victoria Kivilevich},
title = {{Zooming into Darknet Threats Targeting Japanese Organizations}},
date = {2020-11-18},
organization = {KELA},
url = {https://ke-la.com/zooming-into-darknet-threats-targeting-jp-orgs-kela/},
language = {English},
urldate = {2020-11-19}
}
Zooming into Darknet Threats Targeting Japanese Organizations Conti Ransomware DoppelPaymer Egregor LockBit Maze REvil Snake Ransomware |
2020-11-18 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20201118:revil:fda480b,
author = {Lawrence Abrams},
title = {{REvil ransomware hits Managed.com hosting provider, 500K ransom}},
date = {2020-11-18},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-managedcom-hosting-provider-500k-ransom/},
language = {English},
urldate = {2020-11-19}
}
REvil ransomware hits Managed.com hosting provider, 500K ransom REvil |
2020-11-16 ⋅ Intel 471 ⋅ Intel 471 @online{471:20201116:ransomwareasaservice:11a5a8b,
author = {Intel 471},
title = {{Ransomware-as-a-service: The pandemic within a pandemic}},
date = {2020-11-16},
organization = {Intel 471},
url = {https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/},
language = {English},
urldate = {2020-11-17}
}
Ransomware-as-a-service: The pandemic within a pandemic Avaddon Ransomware Clop Conti Ransomware DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX Ransomware |
2020-11-10 ⋅ AP News ⋅ Ashish Gahlot @online{gahlot:20201110:threat:e9c7a9c,
author = {Ashish Gahlot},
title = {{Threat Hunting for REvil Ransomware}},
date = {2020-11-10},
organization = {AP News},
url = {https://awakesecurity.com/blog/threat-hunting-for-revil-ransomware/},
language = {English},
urldate = {2020-11-12}
}
Threat Hunting for REvil Ransomware REvil |
2020-11-04 ⋅ ZDNet ⋅ Catalin Cimpanu @online{cimpanu:20201104:revil:02ca78c,
author = {Catalin Cimpanu},
title = {{REvil ransomware gang 'acquires' KPOT malware}},
date = {2020-11-04},
organization = {ZDNet},
url = {https://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/},
language = {English},
urldate = {2020-11-06}
}
REvil ransomware gang 'acquires' KPOT malware KPOT Stealer REvil |
2020-10-29 ⋅ Bleeping Computer ⋅ Ionut Ilascu @online{ilascu:20201029:revil:e6b68d1,
author = {Ionut Ilascu},
title = {{REvil ransomware gang claims over $100 million profit in a year}},
date = {2020-10-29},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/revil-ransomware-gang-claims-over-100-million-profit-in-a-year/},
language = {English},
urldate = {2020-11-02}
}
REvil ransomware gang claims over $100 million profit in a year REvil |
2020-10-28 ⋅ Intel 471 ⋅ Intel 471 @online{471:20201028:alleged:46a2bb1,
author = {Intel 471},
title = {{Alleged REvil member spills details on group’s ransomware operations}},
date = {2020-10-28},
organization = {Intel 471},
url = {https://public.intel471.com/blog/revil-ransomware-interview-russian-osint-100-million/},
language = {English},
urldate = {2020-11-02}
}
Alleged REvil member spills details on group’s ransomware operations REvil |
2020-10-26 ⋅ Checkpoint ⋅ Itay Cohen, Eyal Itkin @online{cohen:20201026:exploit:9ec173c,
author = {Itay Cohen and Eyal Itkin},
title = {{Exploit Developer Spotlight: The Story of PlayBit}},
date = {2020-10-26},
organization = {Checkpoint},
url = {https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/},
language = {English},
urldate = {2020-10-27}
}
Exploit Developer Spotlight: The Story of PlayBit Dyre Maze PyLocky Ramnit REvil |
2020-10-23 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab @online{lab:20201023:leakwareransomwarehybrid:ae1de8e,
author = {Hornetsecurity Security Lab},
title = {{Leakware-Ransomware-Hybrid Attacks}},
date = {2020-10-23},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/},
language = {English},
urldate = {2020-12-08}
}
Leakware-Ransomware-Hybrid Attacks Avaddon Ransomware Clop Conti Ransomware DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim Ransomware RagnarLocker REvil Sekhmet Ransomware SunCrypt |
2020-10-20 ⋅ Bundesamt für Sicherheit in der Informationstechnik ⋅ BSI @online{bsi:20201020:die:0683ad4,
author = {BSI},
title = {{Die Lage der IT-Sicherheit in Deutschland 2020}},
date = {2020-10-20},
organization = {Bundesamt für Sicherheit in der Informationstechnik},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2020.pdf?__blob=publicationFile&v=2},
language = {German},
urldate = {2020-10-21}
}
Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
2020-10-06 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team @online{team:20201006:double:bb0f240,
author = {The Crowdstrike Intel Team},
title = {{Double Trouble: Ransomware with Data Leak Extortion, Part 2}},
date = {2020-10-06},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-2/},
language = {English},
urldate = {2020-10-12}
}
Double Trouble: Ransomware with Data Leak Extortion, Part 2 Maze MedusaLocker REvil |
2020-09-29 ⋅ Microsoft ⋅ Microsoft @techreport{microsoft:20200929:microsoft:6e5d7b0,
author = {Microsoft},
title = {{Microsoft Digital Defense Report}},
date = {2020-09-29},
institution = {Microsoft},
url = {https://download.microsoft.com/download/f/8/1/f816b8b6-bee3-41e5-b6cc-e925a5688f61/Microsoft_Digital_Defense_Report_2020_September.pdf},
language = {English},
urldate = {2020-10-05}
}
Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
2020-09-25 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team @online{team:20200925:double:fe3b093,
author = {The Crowdstrike Intel Team},
title = {{Double Trouble: Ransomware with Data Leak Extortion, Part 1}},
date = {2020-09-25},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/},
language = {English},
urldate = {2020-10-02}
}
Double Trouble: Ransomware with Data Leak Extortion, Part 1 DoppelPaymer FriedEx LockBit Maze MedusaLocker RagnarLocker REvil RobinHood SamSam WastedLocker |
2020-09-24 ⋅ Kaspersky Labs ⋅ Kaspersky Lab ICS CERT @techreport{cert:20200924:threat:2d7986d,
author = {Kaspersky Lab ICS CERT},
title = {{Threat landscape for industrial automation systems - H1 2020}},
date = {2020-09-24},
institution = {Kaspersky Labs},
url = {https://ics-cert.kaspersky.com/media/KASPERSKY_H1_2020_ICS_REPORT_EN.pdf},
language = {English},
urldate = {2020-10-04}
}
Threat landscape for industrial automation systems - H1 2020 Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake Ransomware |
2020-08-21 ⋅ RiskIQ ⋅ Steve Ginty @online{ginty:20200821:pinchy:24fe21a,
author = {Steve Ginty},
title = {{Pinchy Spider: Ransomware Infrastructure Connected to Dark Web Marketplace}},
date = {2020-08-21},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/3315064b},
language = {English},
urldate = {2020-09-01}
}
Pinchy Spider: Ransomware Infrastructure Connected to Dark Web Marketplace REvil |
2020-08-21 ⋅ Vimeo (RiskIQ) ⋅ Josh Burgess, Steve Ginty @online{burgess:20200821:evolution:6d5c407,
author = {Josh Burgess and Steve Ginty},
title = {{The Evolution of Ransomware & Pinchy Spider's Shot at the Title}},
date = {2020-08-21},
organization = {Vimeo (RiskIQ)},
url = {https://vimeo.com/449849549},
language = {English},
urldate = {2020-08-25}
}
The Evolution of Ransomware & Pinchy Spider's Shot at the Title Gandcrab REvil |
2020-08-20 ⋅ sensecy ⋅ cyberthreatinsider @online{cyberthreatinsider:20200820:global:34ee2ea,
author = {cyberthreatinsider},
title = {{Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities}},
date = {2020-08-20},
organization = {sensecy},
url = {https://blog.sensecy.com/2020/08/20/global-ransomware-attacks-in-2020-the-top-4-vulnerabilities/},
language = {English},
urldate = {2020-11-04}
}
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities Clop Maze REvil Ryuk |
2020-08-20 ⋅ DomainTools ⋅ Chad Anderson @online{anderson:20200820:revealing:7a1da00,
author = {Chad Anderson},
title = {{Revealing REvil Ransomware With DomainTools and Maltego}},
date = {2020-08-20},
organization = {DomainTools},
url = {https://www.domaintools.com/resources/blog/revealing-revil-ransomware-with-domaintools-and-maltego},
language = {English},
urldate = {2020-08-24}
}
Revealing REvil Ransomware With DomainTools and Maltego REvil |
2020-08-03 ⋅ Bitdefender ⋅ Filip Truta @online{truta:20200803:belarus:42f9175,
author = {Filip Truta},
title = {{Belarus Authorities Arrest GandCrab Ransomware Operator}},
date = {2020-08-03},
organization = {Bitdefender},
url = {https://hotforsecurity.bitdefender.com/blog/belarus-authorities-arrest-gandcrab-ransomware-operator-23860.html},
language = {English},
urldate = {2020-08-10}
}
Belarus Authorities Arrest GandCrab Ransomware Operator Gandcrab |
2020-08 ⋅ Temple University ⋅ CARE @online{care:202008:critical:415c34d,
author = {CARE},
title = {{Critical Infrastructure Ransomware Attacks}},
date = {2020-08},
organization = {Temple University},
url = {https://sites.temple.edu/care/ci-rw-attacks/},
language = {English},
urldate = {2020-09-15}
}
Critical Infrastructure Ransomware Attacks CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor |
2020-07-31 ⋅ PRODAFT Threat Intelligence ⋅ Yusuf Arslan Polat @online{polat:20200731:opblueraven:9e58e0c,
author = {Yusuf Arslan Polat},
title = {{OpBlueRaven: Unveiling Fin7/Carbanak - Part 1 : Tirion}},
date = {2020-07-31},
organization = {PRODAFT Threat Intelligence},
url = {https://threatintel.blog/OPBlueRaven-Part1/},
language = {English},
urldate = {2020-08-05}
}
OpBlueRaven: Unveiling Fin7/Carbanak - Part 1 : Tirion Carbanak REvil Anunak |
2020-07-31 ⋅ BleepingComputer ⋅ Ionut Ilascu @online{ilascu:20200731:gandcrab:f2cd6ef,
author = {Ionut Ilascu},
title = {{GandCrab ransomware operator arrested in Belarus}},
date = {2020-07-31},
organization = {BleepingComputer},
url = {https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-operator-arrested-in-belarus/},
language = {English},
urldate = {2020-08-05}
}
GandCrab ransomware operator arrested in Belarus Gandcrab |
2020-07-29 ⋅ AmosSys ⋅ Nicolas Guillois @online{guillois:20200729:sodinokibi:6d76347,
author = {Nicolas Guillois},
title = {{Sodinokibi / REvil Malware Analysis}},
date = {2020-07-29},
organization = {AmosSys},
url = {https://blog.amossys.fr/sodinokibi-malware-analysis.html},
language = {English},
urldate = {2020-08-31}
}
Sodinokibi / REvil Malware Analysis REvil |
2020-07-29 ⋅ ESET Research ⋅ welivesecurity @techreport{welivesecurity:20200729:threat:496355c,
author = {welivesecurity},
title = {{THREAT REPORT Q2 2020}},
date = {2020-07-29},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf},
language = {English},
urldate = {2020-07-30}
}
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos Ransomware PlugX Pony REvil Socelars STOP Ransomware Tinba TrickBot WannaCryptor |
2020-07-22 ⋅ TEHTRIS ⋅ TEHTRIS @online{tehtris:20200722:peuton:472b0cd,
author = {TEHTRIS},
title = {{Peut-on neutraliser un ransomware lancé en tant que SYSTEM sur des milliers de machines en même temps?}},
date = {2020-07-22},
organization = {TEHTRIS},
url = {https://tehtris.com/fr/peut-on-neutraliser-un-ransomware-lance-en-tant-que-system-sur-des-milliers-de-machines-en-meme-temps/},
language = {French},
urldate = {2020-07-23}
}
Peut-on neutraliser un ransomware lancé en tant que SYSTEM sur des milliers de machines en même temps? REvil |
2020-07-17 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200717:malware:5c58cdf,
author = {CERT-FR},
title = {{The Malware Dridex: Origins and Uses}},
date = {2020-07-17},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf},
language = {English},
urldate = {2020-07-20}
}
The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-07-15 ⋅ Advanced Intelligence ⋅ Yelisey Boguslavskiy, Samantha van de Ven @online{boguslavskiy:20200715:inside:f9b95b1,
author = {Yelisey Boguslavskiy and Samantha van de Ven},
title = {{Inside REvil Extortionist “Machine”: Predictive Insights}},
date = {2020-07-15},
organization = {Advanced Intelligence},
url = {https://www.advanced-intel.com/post/inside-revil-extortionist-machine-predictive-insights},
language = {English},
urldate = {2020-07-16}
}
Inside REvil Extortionist “Machine”: Predictive Insights Gandcrab REvil |
2020-07-10 ⋅ Advanced Intelligence ⋅ Advanced Intelligence @online{intelligence:20200710:dark:a29ccb4,
author = {Advanced Intelligence},
title = {{The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel}},
date = {2020-07-10},
organization = {Advanced Intelligence},
url = {https://www.advanced-intel.com/post/the-dark-web-of-intrigue-how-revil-used-the-underground-ecosystem-to-form-an-extortion-cartel},
language = {English},
urldate = {2020-07-13}
}
The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel Gandcrab REvil |
2020-06-30 ⋅ AppGate ⋅ The Immunity Team @online{team:20200630:electric:823676a,
author = {The Immunity Team},
title = {{Electric Company Ransomware Attack Calls for $14 Million in Ransom}},
date = {2020-06-30},
organization = {AppGate},
url = {https://www.appgate.com/blog/electric-company-ransomware-attack-calls-for-14-million-in-ransom},
language = {English},
urldate = {2020-07-21}
}
Electric Company Ransomware Attack Calls for $14 Million in Ransom REvil |
2020-06-23 ⋅ Symantec ⋅ Critical Attack Discovery and Intelligence Team @online{team:20200623:sodinokibi:7eff193,
author = {Critical Attack Discovery and Intelligence Team},
title = {{Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike}},
date = {2020-06-23},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sodinokibi-ransomware-cobalt-strike-pos},
language = {English},
urldate = {2020-06-23}
}
Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike Cobalt Strike REvil |
2020-06-22 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200622:volution:fba1cfa,
author = {CERT-FR},
title = {{Évolution De Lactivité du Groupe Cybercriminel TA505}},
date = {2020-06-22},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-006.pdf},
language = {French},
urldate = {2020-06-24}
}
Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot |
2020-06-02 ⋅ ZDNet ⋅ Catalin Cimpanu @online{cimpanu:20200602:revil:883c59f,
author = {Catalin Cimpanu},
title = {{REvil ransomware gang launches auction site to sell stolen data}},
date = {2020-06-02},
organization = {ZDNet},
url = {https://www.zdnet.com/article/revil-ransomware-gang-launches-auction-site-to-sell-stolen-data/},
language = {English},
urldate = {2020-06-03}
}
REvil ransomware gang launches auction site to sell stolen data REvil |
2020-06 ⋅ Arete ⋅ Arete Incident Response @techreport{response:202006:sodinokibi:06e3a79,
author = {Arete Incident Response},
title = {{Sodinokibi / REvil Ransomware attacks against the Education Sector}},
date = {2020-06},
institution = {Arete},
url = {https://areteir.com/wp-content/uploads/2020/07/Arete_Insight_Sodino-Ransomware_June-2020.pdf},
language = {English},
urldate = {2020-07-30}
}
Sodinokibi / REvil Ransomware attacks against the Education Sector REvil |
2020-05-21 ⋅ Intel 471 ⋅ Intel 471 @online{471:20200521:brief:048d164,
author = {Intel 471},
title = {{A brief history of TA505}},
date = {2020-05-21},
organization = {Intel 471},
url = {https://blog.intel471.com/2020/05/21/a-brief-history-of-ta505/},
language = {English},
urldate = {2020-05-23}
}
A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot |
2020-05-07 ⋅ REDTEAM.PL ⋅ Adam Ziaja @online{ziaja:20200507:sodinokibi:f5c5cd1,
author = {Adam Ziaja},
title = {{Sodinokibi / REvil ransomware}},
date = {2020-05-07},
organization = {REDTEAM.PL},
url = {https://blog.redteam.pl/2020/05/sodinokibi-revil-ransomware.html},
language = {English},
urldate = {2020-05-13}
}
Sodinokibi / REvil ransomware Maze MimiKatz REvil |
2020-04-28 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team @online{team:20200428:ransomware:3205f3a,
author = {Microsoft Threat Protection Intelligence Team},
title = {{Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk}},
date = {2020-04-28},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/},
language = {English},
urldate = {2020-05-05}
}
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk LockBit Mailto Maze MedusaLocker Paradise Ransomware RagnarLocker REvil RobinHood |
2020-04-11 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200411:sodinokibi:82f9f79,
author = {Lawrence Abrams},
title = {{Sodinokibi Ransomware to stop taking Bitcoin to hide money trail}},
date = {2020-04-11},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/},
language = {English},
urldate = {2020-04-26}
}
Sodinokibi Ransomware to stop taking Bitcoin to hide money trail REvil |
2020-04-09 ⋅ Graham Cluley Blog ⋅ Graham Cluley @online{cluley:20200409:travelex:bb5a2d7,
author = {Graham Cluley},
title = {{Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack}},
date = {2020-04-09},
organization = {Graham Cluley Blog},
url = {https://www.grahamcluley.com/travelex-paid-ransom/},
language = {English},
urldate = {2020-04-26}
}
Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack REvil |
2020-03-31 ⋅ Intel 471 ⋅ Intel 471 @online{471:20200331:revil:0e5226a,
author = {Intel 471},
title = {{REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation}},
date = {2020-03-31},
organization = {Intel 471},
url = {https://blog.intel471.com/2020/03/31/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/},
language = {English},
urldate = {2020-04-01}
}
REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation Gandcrab REvil |
2020-03-24 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200324:three:fb92d03,
author = {Lawrence Abrams},
title = {{Three More Ransomware Families Create Sites to Leak Stolen Data}},
date = {2020-03-24},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/},
language = {English},
urldate = {2020-03-26}
}
Three More Ransomware Families Create Sites to Leak Stolen Data Clop DoppelPaymer Maze Nefilim Ransomware Nemty REvil |
2020-03-07 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200307:ransomware:f839049,
author = {Lawrence Abrams},
title = {{Ransomware Threatens to Reveal Company's 'Dirty' Secrets}},
date = {2020-03-07},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ransomware-threatens-to-reveal-companys-dirty-secrets/},
language = {English},
urldate = {2020-03-11}
}
Ransomware Threatens to Reveal Company's 'Dirty' Secrets REvil |
2020-03-05 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team @online{team:20200305:humanoperated:d90a28e,
author = {Microsoft Threat Protection Intelligence Team},
title = {{Human-operated ransomware attacks: A preventable disaster}},
date = {2020-03-05},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/},
language = {English},
urldate = {2020-03-06}
}
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
2020-03-03 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom |
2020-02-29 ⋅ Security Affairs ⋅ Pierluigi Paganini @online{paganini:20200229:sodinokibi:799a623,
author = {Pierluigi Paganini},
title = {{Sodinokibi Ransomware gang threatens to disclose data from Kenneth Cole fashion firm}},
date = {2020-02-29},
organization = {Security Affairs},
url = {https://securityaffairs.co/wordpress/98694/malware/sodinokibi-kenneth-cole-data-breach.html},
language = {English},
urldate = {2020-03-11}
}
Sodinokibi Ransomware gang threatens to disclose data from Kenneth Cole fashion firm REvil |
2020-02-26 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200226:sodinokibi:7d730ac,
author = {Lawrence Abrams},
title = {{Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices}},
date = {2020-02-26},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/},
language = {English},
urldate = {2020-03-02}
}
Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices REvil |
2020-02-25 ⋅ RSA Conference ⋅ Joel DeCapua @online{decapua:20200225:feds:423f929,
author = {Joel DeCapua},
title = {{Feds Fighting Ransomware: How the FBI Investigates and How You Can Help}},
date = {2020-02-25},
organization = {RSA Conference},
url = {https://www.youtube.com/watch?v=LUxOcpIRxmg},
language = {English},
urldate = {2020-03-04}
}
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Ransomware Rapid Ransom REvil Ryuk SamSam Zeus |
2020-02-10 ⋅ Malwarebytes ⋅ Adam Kujawa, Wendy Zamora, Jérôme Segura, Thomas Reed, Nathan Collier, Jovi Umawing, Chris Boyd, Pieter Arntz, David Ruiz @techreport{kujawa:20200210:2020:3fdaf12,
author = {Adam Kujawa and Wendy Zamora and Jérôme Segura and Thomas Reed and Nathan Collier and Jovi Umawing and Chris Boyd and Pieter Arntz and David Ruiz},
title = {{2020 State of Malware Report}},
date = {2020-02-10},
institution = {Malwarebytes},
url = {https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf},
language = {English},
urldate = {2020-02-13}
}
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
2020-02-02 ⋅ Nullteilerfrei Blog ⋅ Lars Wallenborn @online{wallenborn:20200202:defeating:95aa07e,
author = {Lars Wallenborn},
title = {{Defeating Sodinokibi/REvil String-Obfuscation in Ghidra}},
date = {2020-02-02},
organization = {Nullteilerfrei Blog},
url = {https://blag.nullteilerfrei.de/2020/02/02/defeating-sodinokibi-revil-string-obfuscation-in-ghidra/},
language = {English},
urldate = {2020-02-09}
}
Defeating Sodinokibi/REvil String-Obfuscation in Ghidra REvil |
2020-01-30 ⋅ Under The Breach ⋅ Under The Breach @online{breach:20200130:tracking:bfa4550,
author = {Under The Breach},
title = {{Tracking Down REvil’s “Lalartu” by utilizing multiple OSINT methods}},
date = {2020-01-30},
organization = {Under The Breach},
url = {https://medium.com/@underthebreach/tracking-down-revils-lalartu-by-utilizing-multiple-osint-methods-2bf3a6c65a80},
language = {English},
urldate = {2020-01-31}
}
Tracking Down REvil’s “Lalartu” by utilizing multiple OSINT methods REvil |
2020-01-30 ⋅ Digital Shadows ⋅ Photon Research Team @online{team:20200130:competitions:90773f4,
author = {Photon Research Team},
title = {{Competitions on Russian-language cybercriminal forums: Sharing expertise or threat actor showboating?}},
date = {2020-01-30},
organization = {Digital Shadows},
url = {https://www.digitalshadows.com/blog-and-research/competitions-on-russian-language-cybercriminal-forums-sharing-expertise-or-threat-actor-showboating/},
language = {English},
urldate = {2020-02-03}
}
Competitions on Russian-language cybercriminal forums: Sharing expertise or threat actor showboating? REvil |
2020-01-29 ⋅ ANSSI ⋅ ANSSI @techreport{anssi:20200129:tat:3d59e6e,
author = {ANSSI},
title = {{État de la menace rançongiciel}},
date = {2020-01-29},
institution = {ANSSI},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-001.pdf},
language = {English},
urldate = {2020-02-03}
}
État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
2020-01-28 ⋅ KPN ⋅ KPN @online{kpn:20200128:tracking:6c628f3,
author = {KPN},
title = {{Tracking REvil}},
date = {2020-01-28},
organization = {KPN},
url = {https://www.kpn.com/security-blogs/Tracking-REvil.htm},
language = {English},
urldate = {2020-01-28}
}
Tracking REvil REvil |
2020-01-26 ⋅ Youtube (OALabs) ⋅ Sergei Frankoff, Sean Wilson @online{frankoff:20200126:ida:a8194b4,
author = {Sergei Frankoff and Sean Wilson},
title = {{IDA Pro Automated String Decryption For REvil Ransomware}},
date = {2020-01-26},
organization = {Youtube (OALabs)},
url = {https://www.youtube.com/watch?v=l2P5CMH9TE0},
language = {English},
urldate = {2020-01-27}
}
IDA Pro Automated String Decryption For REvil Ransomware REvil |
2020-01-23 ⋅ Bleeping Computer ⋅ Sergiu Gatlan @online{gatlan:20200123:sodinokibi:86b1d46,
author = {Sergiu Gatlan},
title = {{Sodinokibi Ransomware Threatens to Publish Data of Automotive Group}},
date = {2020-01-23},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/},
language = {English},
urldate = {2020-01-23}
}
Sodinokibi Ransomware Threatens to Publish Data of Automotive Group REvil |
2020-01-20 ⋅ Virus Bulletin ⋅ AhnLab Security Analysis Team @online{team:20200120:behind:edefc01,
author = {AhnLab Security Analysis Team},
title = {{Behind the scenes of GandCrab’s operation}},
date = {2020-01-20},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2020/01/behind-scenes-gandcrabs-operation/},
language = {English},
urldate = {2020-01-20}
}
Behind the scenes of GandCrab’s operation Gandcrab |
2020-01-18 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200118:new:4ad3c25,
author = {Lawrence Abrams},
title = {{New Jersey Synagogue Suffers Sodinokibi Ransomware Attack}},
date = {2020-01-18},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/new-jersey-synagogue-suffers-sodinokibi-ransomware-attack/},
language = {English},
urldate = {2020-01-22}
}
New Jersey Synagogue Suffers Sodinokibi Ransomware Attack REvil |
2020-01-17 ⋅ Secureworks ⋅ Tamada Kiyotaka, Keita Yamazaki, You Nakatsuru @techreport{kiyotaka:20200117:is:969ff38,
author = {Tamada Kiyotaka and Keita Yamazaki and You Nakatsuru},
title = {{Is It Wrong to Try to Find APT Techniques in Ransomware Attack?}},
date = {2020-01-17},
institution = {Secureworks},
url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_1_tamada-yamazaki-nakatsuru_en.pdf},
language = {English},
urldate = {2020-04-06}
}
Is It Wrong to Try to Find APT Techniques in Ransomware Attack? Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos Ransomware REvil Ryuk SamSam Scarab Ransomware |
2020-01-11 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200111:sodinokibi:8fe0ebe,
author = {Lawrence Abrams},
title = {{Sodinokibi Ransomware Publishes Stolen Data for the First Time}},
date = {2020-01-11},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-publishes-stolen-data-for-the-first-time/},
language = {English},
urldate = {2020-01-20}
}
Sodinokibi Ransomware Publishes Stolen Data for the First Time REvil |
2020-01-10 ⋅ BleepingComputer ⋅ Sergiu Gatlan @online{gatlan:20200110:sodinokibi:73cbf66,
author = {Sergiu Gatlan},
title = {{Sodinokibi Ransomware Hits New York Airport Systems}},
date = {2020-01-10},
organization = {BleepingComputer},
url = {https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/},
language = {English},
urldate = {2020-01-20}
}
Sodinokibi Ransomware Hits New York Airport Systems REvil |
2020-01-10 ⋅ CSIS ⋅ CSIS @techreport{csis:20200110:threat:7454f36,
author = {CSIS},
title = {{Threat Matrix H1 2019}},
date = {2020-01-10},
institution = {CSIS},
url = {https://gallery.mailchimp.com/c35aef82661dad887b8162a4f/files/e24e8206-a157-4796-a8cb-2b7262cc76e8/CSIS_Threat_Matrix_H1_2019.pdf},
language = {English},
urldate = {2020-01-22}
}
Threat Matrix H1 2019 Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
2020-01-09 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200109:sodinokibi:c0204cc,
author = {Lawrence Abrams},
title = {{Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another}},
date = {2020-01-09},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-says-travelex-will-pay-one-way-or-another/},
language = {English},
urldate = {2020-01-13}
}
Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another REvil |
2020-01-06 ⋅ Bleeping Computer ⋅ Ionut Ilascu @online{ilascu:20200106:sodinokibi:1feb8a3,
author = {Ionut Ilascu},
title = {{Sodinokibi Ransomware Hits Travelex, Demands $3 Million}},
date = {2020-01-06},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-travelex-demands-3-million/},
language = {English},
urldate = {2020-01-13}
}
Sodinokibi Ransomware Hits Travelex, Demands $3 Million REvil |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:bc28839,
author = {SecureWorks},
title = {{GOLD SOUTHFIELD}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-southfield},
language = {English},
urldate = {2020-05-23}
}
GOLD SOUTHFIELD REvil |
2020 ⋅ Blackberry ⋅ Blackberry Research @techreport{research:2020:state:e5941af,
author = {Blackberry Research},
title = {{State of Ransomware}},
date = {2020},
institution = {Blackberry},
url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/wp-spark-state-of-ransomware.pdf},
language = {English},
urldate = {2021-01-01}
}
State of Ransomware Maze MedusaLocker Nefilim Ransomware Phobos Ransomware REvil Ryuk STOP Ransomware Zeppelin Ransomware |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:c7d5baf,
author = {SecureWorks},
title = {{GOLD GARDEN}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-garden},
language = {English},
urldate = {2020-05-23}
}
GOLD GARDEN Gandcrab |
2019-12-18 ⋅ Hatching.io ⋅ Pete Cowman @online{cowman:20191218:understanding:d629d14,
author = {Pete Cowman},
title = {{Understanding Ransomware Series: Detecting Sodin}},
date = {2019-12-18},
organization = {Hatching.io},
url = {https://hatching.io/blog/ransomware-part2},
language = {English},
urldate = {2020-01-08}
}
Understanding Ransomware Series: Detecting Sodin REvil |
2019-12-12 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20191212:another:77246f4,
author = {Lawrence Abrams},
title = {{Another Ransomware Will Now Publish Victims' Data If Not Paid}},
date = {2019-12-12},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/},
language = {English},
urldate = {2020-01-05}
}
Another Ransomware Will Now Publish Victims' Data If Not Paid REvil |
2019-12-04 ⋅ Elastic ⋅ David French @online{french:20191204:ransomware:92a6fae,
author = {David French},
title = {{Ransomware, interrupted: Sodinokibi and the supply chain}},
date = {2019-12-04},
organization = {Elastic},
url = {https://www.elastic.co/blog/ransomware-interrupted-sodinokibi-and-the-supply-chain},
language = {English},
urldate = {2020-06-30}
}
Ransomware, interrupted: Sodinokibi and the supply chain REvil |
2019-11-09 ⋅ Lars Wallenborn @online{wallenborn:20191109:apihashing:ec59534,
author = {Lars Wallenborn},
title = {{API-Hashing in the Sodinokibi/Revil Ransomware - Why and How?}},
date = {2019-11-09},
url = {https://blag.nullteilerfrei.de/2019/11/09/api-hashing-why-and-how/},
language = {English},
urldate = {2019-12-18}
}
API-Hashing in the Sodinokibi/Revil Ransomware - Why and How? REvil |
2019-11 ⋅ Virus Bulletin ⋅ Alexandre Mundo Alguacil, John Fokker @online{alguacil:201911:vb2019:a565e76,
author = {Alexandre Mundo Alguacil and John Fokker},
title = {{VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth}},
date = {2019-11},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2019/11/vb2019-paper-different-ways-cook-crab-gandcrab-ransomware-service-raas-analysed-indepth/},
language = {English},
urldate = {2020-01-08}
}
VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth Gandcrab |
2019-10-20 ⋅ McAfee ⋅ Jessica Saavedra-Morales, Ryan Sherstobitoff, Christiaan Beek @online{saavedramorales:20191020:mcafee:237cd1b,
author = {Jessica Saavedra-Morales and Ryan Sherstobitoff and Christiaan Beek},
title = {{McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo}},
date = {2019-10-20},
organization = {McAfee},
url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/},
language = {English},
urldate = {2020-01-09}
}
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo REvil |
2019-10-02 ⋅ McAfee ⋅ McAfee Labs @online{labs:20191002:mcafee:1a04182,
author = {McAfee Labs},
title = {{McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us}},
date = {2019-10-02},
organization = {McAfee},
url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/},
language = {English},
urldate = {2019-12-22}
}
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us Gandcrab REvil |
2019-09-24 ⋅ Secureworks ⋅ CTU Research Team @online{team:20190924:revil:3f165f3,
author = {CTU Research Team},
title = {{REvil: The GandCrab Connection}},
date = {2019-09-24},
organization = {Secureworks},
url = {https://www.secureworks.com/blog/revil-the-gandcrab-connection},
language = {English},
urldate = {2020-01-08}
}
REvil: The GandCrab Connection REvil |
2019-09-24 ⋅ Secureworks ⋅ CTU Research Team @online{team:20190924:revilsodinokibi:646c88c,
author = {CTU Research Team},
title = {{REvil/Sodinokibi Ransomware}},
date = {2019-09-24},
organization = {Secureworks},
url = {https://www.secureworks.com/research/revil-sodinokibi-ransomware},
language = {English},
urldate = {2020-01-08}
}
REvil/Sodinokibi Ransomware REvil |
2019-08-30 ⋅ Bleeping Computer ⋅ Ionut Ilascu @online{ilascu:20190830:look:9a976c7,
author = {Ionut Ilascu},
title = {{A Look Inside the Highly Profitable Sodinokibi Ransomware Business}},
date = {2019-08-30},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/a-look-inside-the-highly-profitable-sodinokibi-ransomware-business/},
language = {English},
urldate = {2019-12-20}
}
A Look Inside the Highly Profitable Sodinokibi Ransomware Business REvil |
2019-08-23 ⋅ The New York Times ⋅ Manny Fernandez, David E. Sanger, Marina Trahan Martinez @online{fernandez:20190823:ransomware:dffa5db,
author = {Manny Fernandez and David E. Sanger and Marina Trahan Martinez},
title = {{Ransomware Attacks Are Testing Resolve of Cities Across America}},
date = {2019-08-23},
organization = {The New York Times},
url = {https://www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html},
language = {English},
urldate = {2020-01-13}
}
Ransomware Attacks Are Testing Resolve of Cities Across America REvil |
2019-08-10 ⋅ Dissecting Malware ⋅ Marius Genheimer @online{genheimer:20190810:germanwipers:96d9745,
author = {Marius Genheimer},
title = {{GermanWiper's big Brother? GandGrab's kid ? Sodinokibi!}},
date = {2019-08-10},
organization = {Dissecting Malware},
url = {https://dissectingmalwa.re/germanwipers-big-brother-gandgrabs-kid-sodinokibi.html},
language = {English},
urldate = {2020-03-27}
}
GermanWiper's big Brother? GandGrab's kid ? Sodinokibi! REvil |
2019-07-15 ⋅ KrebsOnSecurity ⋅ Brian Krebs @online{krebs:20190715:is:4e715d7,
author = {Brian Krebs},
title = {{Is ‘REvil’ the New GandCrab Ransomware?}},
date = {2019-07-15},
organization = {KrebsOnSecurity},
url = {https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/},
language = {English},
urldate = {2020-01-06}
}
Is ‘REvil’ the New GandCrab Ransomware? REvil |
2019-07-08 ⋅ KrebsOnSecurity ⋅ Brian Krebs @online{krebs:20190708:whos:54977ab,
author = {Brian Krebs},
title = {{Who’s Behind the GandCrab Ransomware?}},
date = {2019-07-08},
organization = {KrebsOnSecurity},
url = {https://krebsonsecurity.com/2019/07/whos-behind-the-gandcrab-ransomware/},
language = {English},
urldate = {2020-01-07}
}
Who’s Behind the GandCrab Ransomware? Gandcrab |
2019-07-03 ⋅ Kaspersky Labs ⋅ Orkhan Mamedov, Artur Pakulov, Fedor Sinitsyn @online{mamedov:20190703:sodin:74c101f,
author = {Orkhan Mamedov and Artur Pakulov and Fedor Sinitsyn},
title = {{Sodin ransomware exploits Windows vulnerability and processor architecture}},
date = {2019-07-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/sodin-ransomware/91473/},
language = {English},
urldate = {2019-12-20}
}
Sodin ransomware exploits Windows vulnerability and processor architecture REvil |
2019-06-24 ⋅ Fortinet ⋅ Joie Salvio @online{salvio:20190624:gandcrab:6120cb2,
author = {Joie Salvio},
title = {{GandCrab Threat Actors Retire...Maybe}},
date = {2019-06-24},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/gandcrab-threat-actors-retire.html},
language = {English},
urldate = {2020-01-08}
}
GandCrab Threat Actors Retire...Maybe Gandcrab |
2019-06-24 ⋅ VirIT ⋅ Gianfranco Tonello, Michele Zuin, Federico Girotto @online{tonello:20190624:ransomware:d1922b8,
author = {Gianfranco Tonello and Michele Zuin and Federico Girotto},
title = {{Ransomware REvil - Sodinokibi: Technical analysis and Threat Intelligence Report}},
date = {2019-06-24},
organization = {VirIT},
url = {https://www.tgsoft.it/english/news_archivio_eng.asp?id=1004},
language = {English},
urldate = {2020-01-08}
}
Ransomware REvil - Sodinokibi: Technical analysis and Threat Intelligence Report REvil |
2019-06-17 ⋅ Bitdefender ⋅ Bogdan Botezatu @online{botezatu:20190617:good:c24ed06,
author = {Bogdan Botezatu},
title = {{Good riddance, GandCrab! We’re still fixing the mess you left behind}},
date = {2019-06-17},
organization = {Bitdefender},
url = {https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind},
language = {English},
urldate = {2020-01-10}
}
Good riddance, GandCrab! We’re still fixing the mess you left behind Gandcrab |
2019-06-14 ⋅ Certego ⋅ Matteo Lodi @online{lodi:20190614:malware:c93f3de,
author = {Matteo Lodi},
title = {{Malware Tales: Sodinokibi}},
date = {2019-06-14},
organization = {Certego},
url = {https://www.certego.net/en/news/malware-tales-sodinokibi/},
language = {English},
urldate = {2019-12-17}
}
Malware Tales: Sodinokibi REvil |
2019-06-03 ⋅ SC Magazine ⋅ Doug Olenick @online{olenick:20190603:gandcrab:9ed3174,
author = {Doug Olenick},
title = {{GandCrab ransomware operators put in retirement papers}},
date = {2019-06-03},
organization = {SC Magazine},
url = {https://www.scmagazine.com/home/security-news/ransomware/gandcrab-ransomware-operators-put-in-retirement-papers/},
language = {English},
urldate = {2020-01-08}
}
GandCrab ransomware operators put in retirement papers Gandcrab |
2019-06-01 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20190601:gandcrab:cb581e3,
author = {Lawrence Abrams},
title = {{GandCrab Ransomware Shutting Down After Claiming to Earn $2 Billion}},
date = {2019-06-01},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-shutting-down-after-claiming-to-earn-25-billion/},
language = {English},
urldate = {2019-12-20}
}
GandCrab Ransomware Shutting Down After Claiming to Earn $2 Billion Gandcrab |
2019-05-08 ⋅ Verizon Communications Inc. ⋅ Verizon Communications Inc. @techreport{inc:20190508:2019:3c20a3b,
author = {Verizon Communications Inc.},
title = {{2019 Data Breach Investigations Report}},
date = {2019-05-08},
institution = {Verizon Communications Inc.},
url = {https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf},
language = {English},
urldate = {2020-05-10}
}
2019 Data Breach Investigations Report BlackEnergy Cobalt Strike DanaBot Gandcrab GreyEnergy Mirai Olympic Destroyer SamSam |
2019-04-30 ⋅ Cisco Talos ⋅ Pierre Cadieux, Colin Grady, Jaeson Schultz, Matt Valites @online{cadieux:20190430:sodinokibi:d04e315,
author = {Pierre Cadieux and Colin Grady and Jaeson Schultz and Matt Valites},
title = {{Sodinokibi ransomware exploits WebLogic Server vulnerability}},
date = {2019-04-30},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html},
language = {English},
urldate = {2019-12-17}
}
Sodinokibi ransomware exploits WebLogic Server vulnerability REvil |
2019-03-13 ⋅ MyOnlineSecurity ⋅ MyOnlineSecurity @online{myonlinesecurity:20190313:fake:b89ed04,
author = {MyOnlineSecurity},
title = {{Fake CDC Flu Pandemic Warning delivers Gandcrab 5.2 ransomware}},
date = {2019-03-13},
organization = {MyOnlineSecurity},
url = {https://web.archive.org/web/20190331091056/https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/},
language = {English},
urldate = {2020-11-26}
}
Fake CDC Flu Pandemic Warning delivers Gandcrab 5.2 ransomware Cold$eal Gandcrab |
2019-03-06 ⋅ CrowdStrike ⋅ Brendon Feeley, Bex Hartley, Sergei Frankoff @online{feeley:20190306:pinchy:f5060bd,
author = {Brendon Feeley and Bex Hartley and Sergei Frankoff},
title = {{PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware}},
date = {2019-03-06},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/pinchy-spider-adopts-big-game-hunting/},
language = {English},
urldate = {2019-12-20}
}
PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware Gandcrab Phorpiex Pinchy Spider Zombie Spider |
2019-02-19 ⋅ Bitdefender ⋅ Bogdan Botezatu @online{botezatu:20190219:new:21079a9,
author = {Bogdan Botezatu},
title = {{New GandCrab v5.1 Decryptor Available Now}},
date = {2019-02-19},
organization = {Bitdefender},
url = {https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/},
language = {English},
urldate = {2019-10-15}
}
New GandCrab v5.1 Decryptor Available Now Gandcrab |
2019-01-07 ⋅ Bleeping Computer ⋅ Ionut Ilascu @online{ilascu:20190107:gandcrab:8167b7f,
author = {Ionut Ilascu},
title = {{GandCrab Operators Use Vidar Infostealer as a Forerunner}},
date = {2019-01-07},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/gandcrab-operators-use-vidar-infostealer-as-a-forerunner/},
language = {English},
urldate = {2019-12-20}
}
GandCrab Operators Use Vidar Infostealer as a Forerunner Gandcrab vidar |
2019 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:2019:2019:4e50c97,
author = {CrowdStrike},
title = {{2019 CrowdStrike Global Threat Report}},
date = {2019},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2019GlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-15}
}
2019 CrowdStrike Global Threat Report Boss Spider Flash Kitten Guru Spider Leviathan Lunar Spider Nomad Panda Pinchy Spider Ratpak Spider Salty Spider Skeleton Spider Tiny Spider |
2019 ⋅ CrowdStrike ⋅ CrowdStrike @online{crowdstrike:2019:2019:2c268c8,
author = {CrowdStrike},
title = {{2019 CrowdStrike Global Threat Report}},
date = {2019},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/},
language = {English},
urldate = {2020-07-16}
}
2019 CrowdStrike Global Threat Report Boss Spider Flash Kitten Guru Spider Leviathan Lunar Spider Nomad Panda Pinchy Spider Ratpak Spider Salty Spider Skeleton Spider Tiny Spider |
2018-11-08 ⋅ TC Contre ⋅ tcontre @online{tcontre:20181108:re:c143721,
author = {tcontre},
title = {{R.E.: Gandcrab Downloader.. 'There's More To This Than Meets The Eye'}},
date = {2018-11-08},
organization = {TC Contre},
url = {https://tccontre.blogspot.com/2018/11/re-gandcrab-downloader-theres-more-to.html},
language = {English},
urldate = {2020-01-09}
}
R.E.: Gandcrab Downloader.. 'There's More To This Than Meets The Eye' Gandcrab |
2018-10-25 ⋅ Bitdefender ⋅ Bogdan Botezatu @online{botezatu:20181025:gandcrab:4e85fe9,
author = {Bogdan Botezatu},
title = {{GandCrab Ransomware decryption tool}},
date = {2018-10-25},
organization = {Bitdefender},
url = {https://labs.bitdefender.com/2018/02/gandcrab-ransomware-decryption-tool-available-for-free/},
language = {English},
urldate = {2020-01-10}
}
GandCrab Ransomware decryption tool Gandcrab |
2018-10-25 ⋅ Europol ⋅ Europol @online{europol:20181025:pay:d82bbfc,
author = {Europol},
title = {{Pay No More: universal GandCrab decryption tool released for free on No More Ransom}},
date = {2018-10-25},
organization = {Europol},
url = {https://www.europol.europa.eu/newsroom/news/pay-no-more-universal-gandcrab-decryption-tool-released-for-free-no-more-ransom},
language = {English},
urldate = {2019-11-26}
}
Pay No More: universal GandCrab decryption tool released for free on No More Ransom Gandcrab |
2018-07-19 ⋅ Sensors Tech Forum ⋅ Ventsislav Krastev @online{krastev:20180719:killswitch:487a882,
author = {Ventsislav Krastev},
title = {{Killswitch File Now Available for GandCrab v4.1.2 Ransomware}},
date = {2018-07-19},
organization = {Sensors Tech Forum},
url = {https://sensorstechforum.com/killswitch-file-now-available-gandcrab-v4-1-2-ransomware/},
language = {English},
urldate = {2020-01-07}
}
Killswitch File Now Available for GandCrab v4.1.2 Ransomware Gandcrab |
2018-07-18 ⋅ ASEC ⋅ AhnLab ASEC Analysis Team @online{team:20180718:gandcrab:dc09385,
author = {AhnLab ASEC Analysis Team},
title = {{GandCrab v4.1.2 Encryption Blocking Method (Kill Switch)}},
date = {2018-07-18},
organization = {ASEC},
url = {http://asec.ahnlab.com/1145},
language = {Korean},
urldate = {2020-01-08}
}
GandCrab v4.1.2 Encryption Blocking Method (Kill Switch) Gandcrab |
2018-05-09 ⋅ Cisco Talos ⋅ Nick Biasini, Nick Lister, Christopher Marczewski @online{biasini:20180509:gandcrab:50296a6,
author = {Nick Biasini and Nick Lister and Christopher Marczewski},
title = {{Gandcrab Ransomware Walks its Way onto Compromised Sites}},
date = {2018-05-09},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2018/05/gandcrab-compromised-sites.html},
language = {English},
urldate = {2019-10-21}
}
Gandcrab Ransomware Walks its Way onto Compromised Sites Gandcrab |
2018-03-07 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan @online{duncan:20180307:ransomware:504a693,
author = {Brad Duncan},
title = {{Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there}},
date = {2018-03-07},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/23417},
language = {English},
urldate = {2020-01-06}
}
Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there Gandcrab GlobeImposter |
2018-02-08 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20180208:gandcrab:40fb494,
author = {Lawrence Abrams},
title = {{GandCrab Ransomware Being Distributed Via Malspam Disguised as Receipts}},
date = {2018-02-08},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-being-distributed-via-malspam-disguised-as-receipts/},
language = {English},
urldate = {2019-12-20}
}
GandCrab Ransomware Being Distributed Via Malspam Disguised as Receipts Gandcrab |
2018-01-30 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20180130:gandcrab:86c30cb,
author = {Malwarebytes Labs},
title = {{GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated)}},
date = {2018-01-30},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/},
language = {English},
urldate = {2019-12-20}
}
GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated) Gandcrab |
2018-01-29 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20180129:gandcrab:9e003f9,
author = {Lawrence Abrams},
title = {{GandCrab Ransomware Distributed by Exploit Kits, Appends GDCB Extension}},
date = {2018-01-29},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/},
language = {English},
urldate = {2019-12-20}
}
GandCrab Ransomware Distributed by Exploit Kits, Appends GDCB Extension Gandcrab |