Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server

Trend Micro – Trend Micro – Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server We recently found a new ransomware…

Private 5G Network Security Expectations Part 1

Trend Micro – Trend Micro – Private 5G Network Security Expectations Part 1 Privacy & Risks Are “new” protocols and “private” networks sufficient for your cybersecurity requirements? By: Jun Morimoto…

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

Trend Micro – Trend Micro – Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit We look into a recent attack orchestrated by the Black…

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

Trend Micro – Trend Micro – Lateral movement to machines in the network After the initial infection with Cobalt Strike, we observed that the threat actor dropped node.exe, which is…

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Trend Micro – Trend Micro – Conti vs. LockBit: A Comparative Analysis of Ransomware Groups Ransomware We compare the targeting and business models of the Conti and LockBit ransomware groups…

Private Network 5G Security Risks & Vulnerabilities

Trend Micro – Trend Micro – The move towards 5G is accelerating as enterprises seek greater security, flexibility, and reliability in 5G than earlier cellular, wireless, or wired connectivity. And…

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

Trend Micro – Trend Micro – Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a…

Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme

Trend Micro – Trend Micro – The dark blue line in the survival analysis in Figure 8 shows the date range when victims paid the ransom amount. In this analysis,…

YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation

Trend Micro – Trend Micro – GONNACOPE     File SHA256 Detection GonnaCope.Bat ab71472e5a66740369c70715245a948d452a59ea7281233d6ad4c53dfa36b968 Trojan.BAT.GONNACOPE.A GonnaCope.Bat 0dff760288b3dfebc812761a2596563e5f0aea8ffc9ca4a4c26fa46e74311122 Ransom.BAT.GONNACOPE.THEOEBB GonnaCopeDL f9fdfb0d4e2d2ea06ce9222280cd03d25c9768dfa502b871846153be30816fd3 Trojan.MSIL.GONNACOPE.A GonnaCopeCryptor 2987b5cacc9de6c3a477bd1fc21b960db3ea8742e3b46906d134aa8b73f17280 Ransom.MSIL.GONNACOPE.YXCEE GonnaCope 7388722c3a19854c1ccf19a92798a7cef0efae538e8e8ecf5e79620e6a49cea7 TrojanSpy.MSIL.GONNACOPE.A GonnaCopeRansNote 7edb2d152d8744343222b1b93ff846616fc3ca702e96c7e7a3663d2d938d8374 Ransom.MSIL.GONNACOPE.A.note…

New Linux-Based Ransomware 'Cheerscrypt' Targets EXSi Devices

Trend Micro – Trend Micro – New Linux-Based Ransomware Cheerscrypt Targets EXSi Devices Ransomware Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss…