Results for: ransomware

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Fortinet vulnerability exploited by Qilin ransomware

Cybersecurity Threat Advisory: Critical Fortinet vulnerability exploited by Qilin ransomware

The Qilin ransomware group is exploiting two critical Fortinet vulnerabilities that allow attackers to bypass authentication and execute remote code on vulnerable systems. Read this Cybersecurity Threat Advisory to discover the tactics used and the best practices you can implement...

/ June 11, 2025
The SOC case files
The SOC case files: Ransomware gang reemerges to face a wall of XDR defenses

The SOC case files: Ransomware gang reemerges to face a wall of XDR defenses

Dive into this edition of ‘The SOC case files’ to see how the Barracuda’s Managed XDR team recently contained a suspected ransomware attack after the attackers gained access to a company’s network before it installed Managed XDR, compromising several Windows...

/ May 21, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: BYOVD attacks leveraged by Medusa ransomware

Cybersecurity Threat Advisory: BYOVD attacks leveraged by Medusa ransomware

The Medusa ransomware-as-a-service (RaaS) operation has recently been observed using a malicious driver named ABYSSWORKER in Bring Your Own Vulnerable Driver (BYOVD) attacks. This technique allows threat actors to disable security software by exploiting legitimate, vulnerable drivers to gain kernel-level...

/ March 25, 2025
Medusa ransomware and its cybercrime ecosystem

Medusa ransomware and its cybercrime ecosystem

Greek mythology says the Medusa was once a beautiful woman until Athena’s curse transformed her into a winged creature with a head full of snakes. Because of her power to petrify anyone who looked directly upon her face, she is...

/ March 10, 2025
XDR 2024
XDR roundup 2024: Ransomware rises fourfold in a year of complex threats

XDR roundup 2024: Ransomware rises fourfold in a year of complex threats

In 2024, Barracuda Managed XDR logged many trillions of IT events to identify the critical security threats targeting organizations and neutralize malicious activity. Threat analysts in Barracuda Managed XDR’s Security Operations Center (SOC) have drawn on this unique dataset to highlight the...

/ February 14, 2025
SOC case files
The SOC case files: XDR detects Akira ransomware exploiting a ‘ghost’ account

The SOC case files: XDR detects Akira ransomware exploiting a ‘ghost’ account

This edition of the SOC case files showcases how Barracuda Managed XDR detects a breach via a ‘ghost’ account and an unprotected server. The SOC is part of Barracuda Managed XDR, an extended visibility, detection, and response (XDR) service that...

/ February 5, 2025 / 4 Comments
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Ransomware attacks on ESXi systems

Cybersecurity Threat Advisory: Ransomware attacks on ESXi systems

New ransomware attacks were discovered targeting ESXi systems that use stealthy SSH tunnels to direct traffic to command-and-control (C2) infrastructure, enabling attackers to remain undetected. Continue reading this Cybersecurity Threat Advisory to discover the key steps to safeguard your environment....

/ January 30, 2025
SOC files
The SOC case files: Play ransomware targets manufacturing firm

The SOC case files: Play ransomware targets manufacturing firm

Incident summary A U.S.-based manufacturing company was recently targeted by the Play ransomware group in the early hours of the morning. The attackers broke into an under-protected domain controller at 1:00 am. At 3:20 a.m. the gang attempted to execute...

/ November 21, 2024 / 5 Comments
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: New ransomware variant to watch for

Cybersecurity Threat Advisory: New ransomware variant to watch for

A new ransomware family, Ymir, has been discovered. It is an unconventional combination of memory management functions (like malloc, memmove, and memcmp) that executes malicious code directly in the memory. Continue reading this Cybersecurity Threat Advisory to learn how to...

/ November 14, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Cicada3301 ransomware variant

Cybersecurity Threat Advisory: Cicada3301 ransomware variant

A new ransomware variant has been found, known as Cicada3301. It exhibits similarities to the defunct BlackCat (ALPHV) operation, and it targets both Windows and Linux systems. Review the details in this Cybersecurity Threat Advisory to learn how this variant...

/ September 6, 2024