Cisco Talos Intelligence Blog

September 2, 2021 08:09

Translated: Talos' insights from the recently leaked Conti ransomware playbook

Executive summary Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. Talos has a team of dedicated, native-level speakers that translated these documents in their entirety into English. We also transl

July 9, 2021 09:07

Talos Takes Ep. #60: Everything you need to know about the Kaseya situation

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. In this special "XL edition" of Talos Takes, we're bringing you the audio version of our live stream th

July 2, 2021 22:07

REvil ransomware actors attack Kaseya in supply chain attack

Updated on July 6, 2021: As analysis of the ransomware attack affecting organizations using Kaseya VSA has continued, we are sharing an update containing additional information. As new details are identified, this information may be updated as needed. * This event consisted of

June 15, 2021 08:06

What’s past is prologue – A new world of critical infrastructure security

By Caitlin Huey, Joe Marshall and Thomas Pope. Attackers have targeted American critical infrastructure several times over the past few years, putting at risk U.S. electrical grids, oil pipelines and water supply systems. However, we collectively have not responded in a meaningf

February 5, 2021 11:02

A ransomware primer

Ransomware defense Cyber security is continually a relevant topic for Cisco customers and other stakeholders. Ransomware is quickly becoming one of the hottest topics in the technology space as these malware families target high-leverage companies and organizations. We at Cisco a

November 17, 2020 13:11

Nibiru ransomware variant decryptor

Nikhil Hegde developed this tool. Weak encryption The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Ni

July 6, 2020 16:07

WastedLocker Goes "Big-Game Hunting" in 2020

By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary * After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. *

April 23, 2020 11:04

Threat Spotlight: MedusaLocker

By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of

April 16, 2020 00:04

Threat Source newsletter for April 16, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s what — week 5 of this quarantine in the U.S.? Week 6? We’ve lost count. And so did the Beers with Talos guys. B