Avos ransomware group expands with new attack arsenal
By Flavio Costa, * In a recent customer engagement, we observed a month-long AvosLocker campaign. * The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. * The initial ingress point in this incident was a pa
The BlackByte ransomware group is striking users all over the globe
News summary * Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam. * The FBI released a joint cybersecurity advisory in February 2022 wa
Conti and Hive ransomware operations: What we learned from these groups' victim chats
As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few
From BlackMatter to BlackCat: Analyzing two attacks from one affiliate
* BlackCat is a recent and growing ransomware-as-a-service (RaaS) group that targeted several organizations worldwide over the past few months. * There are rumors of a relationship between BlackCat and the BlackMatter/DarkSide ransomware groups, infamous for attacking the Colon
Translated: Talos' insights from the recently leaked Conti ransomware playbook
Executive summary Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. Talos has a team of dedicated, native-level speakers that translated these documents in their entirety into English. We also transl
Talos Takes Ep. #60: Everything you need to know about the Kaseya situation
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. In this special "XL edition" of Talos Takes, we're bringing you the audio version of our live stream th
REvil ransomware actors attack Kaseya in supply chain attack
Updated on July 6, 2021: As analysis of the ransomware attack affecting organizations using Kaseya VSA has continued, we are sharing an update containing additional information. As new details are identified, this information may be updated as needed. * This event consisted of
What’s past is prologue – A new world of critical infrastructure security
By Caitlin Huey, Joe Marshall and Thomas Pope. Attackers have targeted American critical infrastructure several times over the past few years, putting at risk U.S. electrical grids, oil pipelines and water supply systems. However, we collectively have not responded in a meaningf
A ransomware primer
Ransomware defense Cyber security is continually a relevant topic for Cisco customers and other stakeholders. Ransomware is quickly becoming one of the hottest topics in the technology space as these malware families target high-leverage companies and organizations. We at Cisco a