Ransomware

Emulating the Petrifying Medusa Ransomware

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of vulnerable services, such as public-facing assets or applications with known unpatched vulnerabilities, and the hijacking of legitimate accounts, often using Initial Access Brokers (IABs) for infiltration.

Emulating the Extortionist Mallox Ransomware

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Mallox ransomware since the beginning of its activities in June 2021. Mallox primarily gains access to victim networks through dictionary brute-force attacks against unsecured MS-SQL servers.

Emulating Sandworm’s Prestige Ransomware

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Prestige ransomware since the beginning of its activities in October 2022. Prestige has been observed targeting organizations in the transportation and related logistics sectors located in Ukraine and Poland. In November 2022, it was assessed that the Russian adversary known as Sandworm was most likely behind these attacks.

Emulating the Prickly Cactus Ransomware

AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Cactus ransomware since the beginning of its activities in March 2023. Cactus has targeted a wide variety of organizations since its inception and has breached more than 140 entities as of July 2024.

Emulating the Long-Term Extortionist Nefilim Ransomware

AttackIQ has released a new attack graph that emulates the behaviors exhibited by the extortionist ransomware Nefilim during activities against multiple organizations, primarily based in North or South America, distributed in the financial, manufacturing, or transportation industries since its emergence in March 2020.

Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware

Small and medium-sized businesses are increasingly targeted by sophisticated cyberattacks like QakBot and Black Basta ransomware. Discover how AttackIQ Flex's latest package helps you test your defenses, uncover vulnerabilities, and stay ahead of these advanced threats. Enhance your security posture with real-world attack scenarios and actionable insights. Read on to learn more and register for free today!

Response to CISA Advisory (AA24-131A): #StopRansomware: Black Basta

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-131A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated to Black Basta ransomware, a ransomware variant whose operators have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector.
1 / 3