Cisco Talos Blog

September 7, 2022 11:00

Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues

Cisco Talos has been monitoring suspected distributed denial-of-service (DDoS) attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites.

June 28, 2022 08:00

De-anonymizing ransomware domains on the dark web

* We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups. * The methods we used to identify

June 21, 2022 07:58

Avos ransomware group expands with new attack arsenal

By Flavio Costa, * In a recent customer engagement, we observed a month-long AvosLocker campaign. * The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. * The initial ingress point in this incident was a pa

May 18, 2022 02:00

The BlackByte ransomware group is striking users all over the globe

News summary * Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam. * The FBI released a joint cybersecurity advisory in February 2022 wa

May 3, 2022 08:00

Conti and Hive ransomware operations: What we learned from these groups' victim chats

As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few

March 17, 2022 07:58

From BlackMatter to BlackCat: Analyzing two attacks from one affiliate

* BlackCat is a recent and growing ransomware-as-a-service (RaaS) group that targeted several organizations worldwide over the past few months. * There are rumors of a relationship between BlackCat and the BlackMatter/DarkSide ransomware groups, infamous for attacking the Colon

September 2, 2021 08:02

Translated: Talos' insights from the recently leaked Conti ransomware playbook

Executive summary Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. Talos has a team of dedicated, native-level speakers that translated these documents in their entirety into English. We also transl

July 9, 2021 09:55

Talos Takes Ep. #60: Everything you need to know about the Kaseya situation

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. In this special "XL edition" of Talos Takes, we're bringing you the audio version of our

July 2, 2021 22:03

REvil ransomware actors attack Kaseya in supply chain attack

Updated on July 6, 2021: As analysis of the ransomware attack affecting organizations using Kaseya VSA has continued, we are sharing an update containing additional information. As new details are identified, this information may be updated as needed. * This event consisted of