Tag - ransomware

Analysis of BlackBasta ransomware gang (Part 1)

Executive Summary

The present article provides valuable highlights about BlackBasta ransomware-as-a-service (RaaS), as a result of the analysis conducted by Yarix Cyber Threat Intelligence – YCTI team. BlackBasta emerged in April 2022 and has already compromised over 200 organizations, thus representing one of the most threatening ransomware gangs in the cyber-scene. From April 2022 until March...

Advanced Phobia

Ransomware Gang Details

Phobos ransomware, first discovered in December 2018, is another notorious cyber threat actor which targets businesses. Phobos is popular among threat actors because of its simple design. In addition, the Greek god Phobos was thought to be the incarnation of fear and panic: the gang’s name was likely inspired by him. Phobos is a...

Phobia

Ransomware Details

Phobos ransomware, first discovered in December 2018, is another notorious cyber threat that targets businesses. Phobos is popular among threat actors of various technical abilities because of its simple design. In addition, the Greek god Phobos was thought to be the incarnation of fear and panic; hence the name Phobos was likely inspired by him. Phobos...

Plug n Panda – APT Group

“Plug N Panda” group (the name that has been chosen by Yarix R&D) is a newly observed group characterized by the use of Ransomware DLL sideloading (PlugX – Talisman) techniques to cover his tracks after carrying an attack and it is believed to originate from China. This APT was first observed in the first months of...

Malware Analysis: Ragnarok Ransomware

The analysed sample is a malware employed by the Threat Actor known as Ragnarok. The ransomware is responsible for files’ encryption and it is typically executed, by the actors themselves, on the compromised machines. The name of the analysed executable is xs_high.exe, but others have been found used by the same ransomware family (such as...