Results for: ransomware
Cybersecurity Threat Advisory: Critical Fortinet vulnerability exploited by Qilin ransomware
The Qilin ransomware group is exploiting two critical Fortinet vulnerabilities that allow attackers to bypass authentication and execute remote code on vulnerable systems. Read this Cybersecurity Threat Advisory to discover the tactics used and the best practices you can implement...
The SOC case files: Ransomware gang reemerges to face a wall of XDR defenses
Dive into this edition of ‘The SOC case files’ to see how the Barracuda’s Managed XDR team recently contained a suspected ransomware attack after the attackers gained access to a company’s network before it installed Managed XDR, compromising several Windows...
Cybersecurity Threat Advisory: BYOVD attacks leveraged by Medusa ransomware
The Medusa ransomware-as-a-service (RaaS) operation has recently been observed using a malicious driver named ABYSSWORKER in Bring Your Own Vulnerable Driver (BYOVD) attacks. This technique allows threat actors to disable security software by exploiting legitimate, vulnerable drivers to gain kernel-level...
Medusa ransomware and its cybercrime ecosystem
Greek mythology says the Medusa was once a beautiful woman until Athena’s curse transformed her into a winged creature with a head full of snakes. Because of her power to petrify anyone who looked directly upon her face, she is...
XDR roundup 2024: Ransomware rises fourfold in a year of complex threats
In 2024, Barracuda Managed XDR logged many trillions of IT events to identify the critical security threats targeting organizations and neutralize malicious activity. Threat analysts in Barracuda Managed XDR’s Security Operations Center (SOC) have drawn on this unique dataset to highlight the...
The SOC case files: XDR detects Akira ransomware exploiting a ‘ghost’ account
This edition of the SOC case files showcases how Barracuda Managed XDR detects a breach via a ‘ghost’ account and an unprotected server. The SOC is part of Barracuda Managed XDR, an extended visibility, detection, and response (XDR) service that...
Cybersecurity Threat Advisory: Ransomware attacks on ESXi systems
New ransomware attacks were discovered targeting ESXi systems that use stealthy SSH tunnels to direct traffic to command-and-control (C2) infrastructure, enabling attackers to remain undetected. Continue reading this Cybersecurity Threat Advisory to discover the key steps to safeguard your environment....
The SOC case files: Play ransomware targets manufacturing firm
Incident summary A U.S.-based manufacturing company was recently targeted by the Play ransomware group in the early hours of the morning. The attackers broke into an under-protected domain controller at 1:00 am. At 3:20 a.m. the gang attempted to execute...
Cybersecurity Threat Advisory: New ransomware variant to watch for
A new ransomware family, Ymir, has been discovered. It is an unconventional combination of memory management functions (like malloc, memmove, and memcmp) that executes malicious code directly in the memory. Continue reading this Cybersecurity Threat Advisory to learn how to...
Cybersecurity Threat Advisory: Cicada3301 ransomware variant
A new ransomware variant has been found, known as Cicada3301. It exhibits similarities to the defunct BlackCat (ALPHV) operation, and it targets both Windows and Linux systems. Review the details in this Cybersecurity Threat Advisory to learn how this variant...
