While conducting incident response in early 2021, the French National Cybersecurity Agency (ANSSI) identified a new “Ryuk” ransomware variant that has the capability to self-propagate across victim networks. The variant was specifically observed targeting Windows systems in ransomware campaigns at the beginning of the year (2021). This Ryuk variant can wake up powered-off systems and move through victim networks using scheduled tasks. This enables Ryuk to infect as many hosts as possible, further incentivizing a victim payout. If proven an effective tactic, other ransomware variants could develop similar “wormable” capabilities where those developers have the technical sophistication to do so.
Most Recent Flipbooks
The Federal Security Service of the Russian Federation (FSB) conducted a series of raids and arrests against at least 20 members of the "REvil" ransomware group.
Weekly Intelligence Summary 14th Jan
Researchers have discovered a critical vulnerability in the popular open-source Java SQL database H2
For 2022, cyber-security practitioners must be extraordinarily nimble and adept. Plus information on telegram dropping malware, North Korean group exploits Russia, and Log4j crisis spilling in to 2022
Weekly Intelligence Summary 17th Dec
Log4j bug exposes fragility of digital ecosystem worldwide. Plus information on Magecart home for the holidays, Emotet regaining power, and Muddywater APT group hunts for airline data via Slack.
Weekly Intelligence Summary 10th Dec
Microsoft has allegedly halted a long-term cyber-espionage operation of “NICKEL”, a threat group linked to the People’s Republic of China (PRC).
Weekly Intelligence Summary 27th August
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.