Ransomware

Attack Graph Response to CISA Advisory (AA23-284A): #StopRansomware: AvosLocker Ransomware

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-284A) that disseminates known Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with AvosLocker ransomware identified through FBI investigations as recent as May 2023. AvosLocker is known for conducting activities against organizations across multiple critical infrastructure sectors using legitimate software and open-source remote system administration tools.

Attack Graph Response to CISA Advisory (AA23-263A): #StopRansomware: Snatch Ransomware

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-263A) that disseminates known Snatch ransomware threat actor’s techniques and indicators identified through FBI investigations as recent as June 2023. Snatch operators are known to conduct activities against a wide range of critical infrastructure sectors and carry out double-extortion tactics to improve their chances of successfully receiving a ransom payment.

Attack Graph Response to CISA Advisory AA23-165A: Understanding Ransomware Threat Actors: LockBit

On June 14, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) along with other US-based and international security organizations released a joint cybersecurity advisory (CSA) detailing the operations behind the LockBit ransomware attacks. AttackIQ has released a wide range of Attack Graphs emulating LockBit and other RaaS operators as part of CISA’s #StopRansomware campaign.

Attack Graph Emulating the Conti Ransomware Team’s Behaviors

AttackIQ has released a new full-featured attack graph emulating the tactics, techniques, and procedures (TTPs) used by the Conti Ransomware Group. Despite the group's recent dissolution, Conti’s successful post-compromise tactics, techniques, and procedures will live on. This attack graph will help defenders test their cyberdefense technologies against the full range of techniques and procedures that Conti used – and which Conti’s former members, now in other ransomware groups, will likely continue to use.

The trick to handling ransomware: prepare  

Ransomware is a vexing challenge and attacks have doubled since 2020, but there is a path out of the problem. In this new guide, Countering Ransomware with MITRE ATT&CK, AttackIQ outlines clear, practical steps to test and validate that your security program performs against ransomware. The trick is to prepare, and the path to follow is a threat-informed defense. Check it out and come join us for a technical demonstration of our ransomware capabilities on January 27.

Is Your Healthcare Organization Following These Four Ransomware Best Practices?

Healthcare is the most targeted sector for data breaches, and ransomware attacks were responsible for almost 50 percent of all healthcare data breaches in 2020. How should healthcare companies proceed? Our guest blogger in this ransomware series is Tracy Cohen, a cybersecurity expert with over a decade of experience managing cybersecurity risk in the healthcare and biopharma sector. She is also a licensed skydiver,

The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided

On July 2, 2021, the REvil ransomware group successfully exploited a zero-day vulnerability in the on-premise Kaseya VSA server, enabling a wide-scale supply chain cyber attack. Let’s dig in and see how the attack happened, how attack emulation could have helped, and what you can do to implement a threat-informed defense strategy to prepare yourself for similar threat actor behavior.
1 / 2