ransomware as a service

Updated Response to CISA Advisory (AA23-352A): #StopRansomware: Play Ransomware

| | #StopRansomware, adversary emulation, Broad-Based Attacks, Play, Playcrypt, Ransomware, ransomware as a service
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play ...
AttackIQ

Emulating the Blazing DragonForce Ransomware

| | adversary emulation, Broad-Based Attacks, DragonForce, Lockbit, Mimikatz, Ransomware, ransomware as a service
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by DragonForce ransomware since its emergence in August 2023. Initially based entirely on the leaked LockBit 3.0 (Black) builder, it ...
AttackIQ

Emulating the Terrorizing VanHelsing Ransomware

| | adversary emulation, Broad-Based Attacks, RaaS, Ransomware, ransomware as a service
AttackIQ has released a new attack graph emulating the behaviors exhibited by VanHelsing ransomware, a new and rapidly growing ransomware-as-a-service (RaaS) affiliate program that emerged in March 2025. This emulation enables defenders ...
AttackIQ

Emulating the Relentless RansomHub Ransomware

| | adversary emulation, Broad-Based Attacks, RaaS, RansomHub, ransomware as a service
AttackIQ has released a new attack graph emulating the behaviors exhibited by RansomHub ransomware since its emergence in February 2024. This sophisticated ransomware employs double extortion techniques and shares notable similarities with ...
AttackIQ

Where Ransomware and Geopolitical Tensions Intersect

| | Blog, Podcasts, Ransomware, ransomware as a service
In the latest episode of the TechSpective Podcast, I sit down with Anthony Freed, Director of Research Communications at Halcyon, to dive deep into the ever-evolving ransomware landscape. We explore how ransomware ...
Security Archives | TechSpective

Emulating the Deceptive Akira Ransomware

| | adversary emulation, Akira, Broad-Based Attacks, RaaS, Ransomware, ransomware as a service
AttackIQ has released a new attack graph emulating the behaviors exhibited by Akira ransomware since its emergence in March 2023. Akira operators provide victims the option to pay for either file decryption ...
AttackIQ
Interpol Operation Synergia ransomware phishing

Authorities Seize 8Base Ransomware Infrastructure, Arrest Four Russians

| | Department of Justice (DOJ), Europol bust, Ransomware, ransomware as a service
With "Operation Phobos Aetor," international law enforcement, including the US DOJ and Europol, arrest four Russian nationals and seize infrastructure connected to the 8Bbase ransomware group, the largest affiliate of the prolific ...
Security Boulevard

Emulating the Petrifying Medusa Ransomware

| | adversary emulation, Broad-Based Attacks, living off the land, Medusa, RaaS, Ransomware, ransomware as a service
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of ...
AttackIQ

Response to CISA Advisory (AA24-242A): #StopRansomware: RansomHub Ransomware

| | #StopRansomware, adversary emulation, Broad-Based Attacks, RansomHub, Ransomware, ransomware as a service
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-207A) published on August 29, 2024, that disseminates known RansomHub ransomware IOCs and TTPs that have been identified through ...
AttackIQ

Emulating the Long-Term Extortionist Nefilim Ransomware

| | adversary emulation, Broad-Based Attacks, Financial Services, manufacturing, Nefilim, RaaS, Ransomware, ransomware as a service, transportation
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the extortionist ransomware Nefilim during activities against multiple organizations, primarily based in North or South America, distributed in the ...
AttackIQ
Load more