8 Results / Page 1 of 1


todayNovember 2, 2021

  • 526

Ransomware Kristóf Arleitner

The REvil is in the details

The REvil (also known as Sodinokibi) ransomware operation has taken the spotlight in recent years. The Russian group operates by direct attacks, and also in a ransomware-as-a-service (RaaS) model, through affiliates who provide access to networks, carry out ransomware attacks or negotiate on behalf of REvil. In the RaaS model, ...

todayOctober 21, 2021

  • 777
  • 158

Ransomware Kristóf Arleitner

Anatova – A Cool Proof-Of-Concept Ransomware

Anatova Ransomware The Anatova ransomware first came to light in 2019 January. It was discovered on a private P2P network, and McAfee detected over 300 instances of the malware worldwide at the time. Anatova’s objective is to encrypt important files and network shares and demanding a cryptocurrency ransom of 10 ...

todayMay 20, 2019

  • 504

Ransomware János Pallagi

Incident response case study featuring Ryuk and Trickbot (part 2)

This is part 2 of our recent incident response study encountering a Trickbot infection. Initial compromise Right after tricking a user into running the malicious Office macro on their machine, thus gaining code execution, the first stage Trickbot executable is downloaded and executed. The first stage payload is responsible for ...