Ransomware groups may come and go, but often it's only in name, as the individuals involved will move on to power whatever group remains a going concern. Cue a
Ransomware groups may come and go, but often it's only in name, as the individuals involved will move on to power whatever group remains a going concern. Cue a
How many ways do U.S. businesses need to be told to lock down their systems to safeguard themselves from ransomware? That's the focus of a new, joint cybersecurity advisory from the U.S. government pertaining to BlackMatter, following an advisory issued last month about Conti.
How many ways do U.S. businesses need to be told to lock down their systems to safeguard themselves from ransomware? That's the focus of a new, joint cybersecurity advisory from the U.S. government pertaining to BlackMatter, following an advisory issued last month about Conti.
Ryuk ransom note (Source: Coveware, Malwarebytes)
Prolific Ryuk ransomware has a new trick up its sleeve. The developers behind the notorious strain of crypto-locking malware have given their attack code the ability to spread itself between systems inside an infected network. A Ryuk sample with worm-like capabilities - allowing it to spread automatically within networks it infects - was discovered during an incident response handled by ANSSI in early 2021, according to a Ryuk report issued Thursday by CERT-FR, the French government s computer emergency readiness team that s part of the National Cybersecurity Agency of France, or ANSSI.
Specifically, the worm-like behavior is achieved through the use of scheduled tasks, via which the malware propagates itself - machine to machine - within the Windows domain, CERT-FR says. Once launched, it will thus spread itself on every reachable machine on which Windows RPC accesses are possible. Remote procedure calls are a mechanism fo