Posted on Feb 17, 2023 4 minutes
All About Hive Ransomware
One of the most prolific ransomware groups to affect healthcare facilities, nonprofits, retailers, energy providers, and other sectors, with a total of more than 1,300 institutions hit by the ransomware group worldwide and a profit of $100 million in ransom payments, Hive Ransomware has been ruling the roost since June 2021. Read on to find out what Securin experts uncovered when they revisited HIVE and their attack tactics and techniques, and what organizations can do to remain safe from future attacks.
Posted on Dec 23, 2022 | Updated on February 3, 2023 4 minutes
All About Vice Society Ransomware
Vice Society has been recently observed employing multiple ransomware variants, similar to the Russian Sandworm Team and TA505 threat actors, apart from its double extortion tactics. After its recent attacks on the US K-12 education and healthcare sectors, Vice Society has garnered a lot of media attention. Read on to learn how to protect your network from Vice Society attacks.
Posted on Sep 28, 2022 | Updated on September 29, 2022 6 minutes
All about LockBit Ransomware
Read all about the CVEs exploited, attack methodology, and techniques used by the LockBit ransomeareKnow the CVEs exploited, attack methodology, and techniques used by the LockBit ransomeare
Posted on Jul 14, 2022 | Updated on Sep 06, 2022 5 minutes
All about BlackCat (ALPHV)
Did you know that the BlackCat ransomware group breached 60+ organizations in a single month? Read on to know about CSW's research into the ransomware group, the vulnerabilities they use, and their attack techniques and tactics.
Posted on Jul 12, 2022 | Updated on Sep 09, 2022 3 minutes
How safe are storage devices from a ransomware attack?
Does your organization use Network Attached Storage (NAS) devices? If you think that backing up data in these devices will keep you safe from a ransomware attack, you might have to revisit your security strategy.
Posted on Jun 13, 2022 2 minutes
CISA Adds Vulnerabilities Warned by CSW’s Ransomware Reports
In a recent update of KEV on May 23, 2022, CISA has added three of four vulnerabilities that were called out in the CSW’s Q1 2022 Ransomware Report (May 18, 2022) thereby validating our research and recommendations.
Posted on May 30, 2022 3 minutes
43 APT Groups Use Ransomware to Attack Their Targets
CSW’s quarterly report on ransomware metrics reveals that three new APT groups are using ransomware to mount attacks on their targets, bringing the total number of APT groups using ransomware to 43. Read more on them here.
Posted on Feb 23, 2022 | Updated on June 29, 2022 5 minutes
All About Conti
The Conti Group has been one of the most prolific ransomware groups in 2022, second only to REvil. However, Conti has been on a roll with the widespread of attacks against US and now has 44 vulnerability associations. Organizations need to set a patching priority for these vulnerabilities in order to avoid large-scale attacks.
Posted on Feb 4, 2022 3 minutes
CSW Analysis: Top Scanners Missed Vulnerabilities Tied to Ransomware in 2021
Cyber Security Works researchers analyzed the data further by comparing the CVEs with some of the popular scanners (Nessus, Qualys, and Nexpose) and observed that they missed to detect 21 vulnerabilities tied to ransomware strains.
Posted on Jan 13, 2022 3 min
We Need Cyber Safety For Our Schools!
Cybersecurity is a priority in education due to the lack of resources and continual ransomware attacks. CISA’s new K-12 Cybersecurity Act will research and develop tools to help schools become more secure against cyberattacks. However, schools are not required to use any cybersecurity plan which leaves them vulnerable.
Posted on Oct 21, 2021 | Updated on Mar 23, 2022 4 minutes
Ragnar Locker Ransomware hits Customer Care Giant TTEC
US-based customer support and sales representative company handling the world’s largest brands, TTEC, faces a network outage following a ransomware attack and sparks fears of a supply-chain attack. Read on to find out more about the attack.
Posted on Sep 15, 2021 4 minutes
Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities chained in New Attack
The newly minted LockFile ransomware group has been actively exploiting the Microsoft Exchange ProxyShell vulnerabilities since early August. In a recent attack, they chained a faultily-patched PetitPotam vulnerability with the ProxyShell vulnerabilities to take over and encrypt Windows domains and spread their ransomware through target networks. Read our analysis of the vulnerabilities to understand how you can protect yourself from a potential ransomware attack.
Posted on Aug 19, 2021 | Updated on June 29, 2022 4 minutes
CSW Analysis: Accenture attacked by LockBit 2.0 Ransomware
On Aug 11, 2021, Accenture, a multinational IT Consulting and Services company, became the latest victim of LockBit 2.0 Ransomware. Our researchers investigated the vulnerabilities that LockBit exploits to compromise their targets and here is our analysis.
Posted on Jul 12, 2021 4 minutes
Kaseya VSA Downed by REvil in Monumental Supply-Chain Attack
REvil's monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil’s historic supply-chain attack portend?
Posted on Jul 7, 2021 3 minutes
Is Conti Ransomware on a roll?
The Conti group is associated with three vulnerabilities. If these had taken precedence in the CVE patching priority, the series of Conti attacks could have been avoided.
Posted on Jun 30, 2021 3 minutes
Darkside Ransomware: Further Threat Associations Unearthed
Darkside Ransomware has added two more CVEs to its arsenal alongside two additional APT group associations. Check out our analysis and patch these vulnerabilities before they strike again!
Posted on Jun 16, 2021 4 minutes
REvil Brings Down JBS - the World’s Largest Meat Packer
REvil Ransomware uses six vulnerabilities to target their victims and if these had been remediated and patched on priority, JBS - the world’s largest meat packer could have escaped this attack. CSW warned about these vulnerabilities in its Ransomware Spotlight Report published in February 2021.
Posted on Jun 11, 2021 | Updated on Apr 05, 2022 3 minutes
All About Qlocker
Researchers at Cyber Security Works (CSW) have been tracking Qlocker, a recently discovered ransomware family. This new strain began surfacing across QNAP devices in April 2021 exploiting CVE-2021-28799, a zero-day vulnerability.
Posted on Jun 4, 2021 5 minutes
FiveHands Ransomware Analysis: Can a Risk-Based Approach Help Prevent Future Attacks?
Early this year, threat actors exploited a vulnerability (CVE-2021-20016) even before the vendor could publish it on the National Vulnerability Database (NVD) and attacked an organization and stole information.
Posted on May 18, 2021 3 minutes
Darkside: The Ransomware that brought a US pipeline to a halt
As of today our research has associated 260 vulnerabilities to ransomware. Remediating and patching these vulnerabilities on priority could have averted the Colonial Pipeline attack.
Posted on Apr 26, 2021 3 minutes
Why 'Old is Gold' for Ransomware?
In our recently published Ransomware Spotlight report 2020 we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report
Posted on Apr 16, 2021 7 minutes
All about Ryuk
Ryuk is a crypto-ransomware strain that encrypts access to a system, device or a file and demands ransom to release it. Ryuk is unleashed on target assets through malware, notably TrickBot and is used to gain access to a system through remote desktop services.
Posted on Nov 2, 2020 5 minutes
Ryuk raising the Temperature in Healthcare
Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.
Posted on Oct 15, 2020 5 minutes
Cyber Hygiene: Ransomware is causing critical care disruption in hospitals
We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!
Posted on Sep 29, 2020 3 minutes
Our warning in 2020 was ignored: Lack of Cyber Hygiene is amplifying Ransomware attacks and causing havoc
Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.