The next few months are likely to be dominated by the NIS2 Directive in the cybersecurity industry. Let’s find out which article will trigger the most reactions! There are emblematic passages in European cybersecurity regulations that can be found in everything from the press, through sales presentations by major technology [...]
The REvil (also known as Sodinokibi) ransomware operation has taken the spotlight in recent years. The Russian group operates by direct attacks, and also in a ransomware-as-a-service (RaaS) model, through affiliates who provide access to networks, carry out ransomware attacks or negotiate on behalf of REvil. In the RaaS model, ...
Anatova Ransomware The Anatova ransomware first came to light in 2019 January. It was discovered on a private P2P network, and McAfee detected over 300 instances of the malware worldwide at the time. Anatova’s objective is to encrypt important files and network shares and demanding a cryptocurrency ransom of 10 ...
This is part 2 of our recent incident response study encountering a Trickbot infection. Initial compromise Right after tricking a user into running the malicious Office macro on their machine, thus gaining code execution, the first stage Trickbot executable is downloaded and executed. The first stage payload is responsible for ...
Incident – Ryuk We have recently been contacted by a company in the CE region to do incident response for them. Like with many incidents in the past couple of years, the detection was obvious – the whole IT infrastructure shut down within minutes and ransom notes appeared on the ...