Ransomware-as-a-Service

Threat Actor Profile: Interlock Ransomware

Interlock, a relatively new ransomware group first observed in September 2024, has gained prominence in 2025 as an opportunistic ransomware operator. Unlike traditional Ransomware-as-a-Service models, Interlock operates without affiliates or public advertisements. The group conducts double extortion campaigns, leveraging compromised websites and multi-stage social engineering techniques to deliver payloads. Interlock's attack chain involves initial access through fake software updaters, execution of PowerShell scripts, and the use of custom remote access trojans. The group has targeted various sectors across North America and Europe, including education, healthcare, technology, and government entities. Notable attacks include the DaVita breach in April 2025 and the ransomware attack on the city of St. Paul, Minnesota in July 2025.

Pulse ID: 689f8d13d92fa7802f9dd44a
Pulse Link: https://otx.alienvault.com/pulse/689f8d13d92fa7802f9dd44a
Pulse Author: AlienVault
Created: 2025-08-15 19:40:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Ransomware-Report - Erpressungsversuche werden gezielter und Verhandlungen über Lösegeld aggressiver

@CheckPointSW #Cybersecurity #Cybersicherheit #Dragonforce #Phishing #RaaS #Ransomware #RansomwareasaService

https://netzpalaver.de/2025/08/01/ransomware-report-erpressungsversuche-werden-gezielter-und-verhandlungen-ueber-loesegeld-aggressiver/

Qilin Ransomware and the Hidden Dangers of BYOVD

This analysis examines a recent incident involving Qilin ransomware, highlighting the evolving tactics of cybercriminals to evade Endpoint Detection and Response (EDR) systems. The attackers utilized a previously unknown driver, TPwSav.sys, to disable EDR measures through a technique known as bring-your-own-vulnerable-driver (BYOVD). The report details the entire attack chain, from initial compromise using stolen credentials to the final attempt at deploying ransomware. It emphasizes how rapid isolation of impacted systems and a layered security approach thwarted the attackers. The analysis also provides background on Qilin ransomware, its operation as a ransomware-as-a-service (RaaS), and its targeting patterns. The technical breakdown includes an examination of the EDR bypass technique and the customized version of the EDRSandblast tool used in the attack.

Pulse ID: 688b6bead28aade23c1861a2
Pulse Link: https://otx.alienvault.com/pulse/688b6bead28aade23c1861a2
Pulse Author: AlienVault
Created: 2025-07-31 13:13:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites – Source: securityaffairs.com https://ciso2ciso.com/law-enforcement-operations-seized-blacksuit-ransomware-gangs-darknet-sites-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #ransomwareasaservice #BlackSuitransomware #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #BreakingNews #SecurityNews #CyberCrime #hacking #Malware #RaaS

Pausing for a "Sanctuary Moon" marathon

This newsletter discusses the debut of the 'Humans of Talos' series, which highlights the people behind Cisco Talos' research and operations. It draws parallels between sci-fi characters and cybersecurity professionals, emphasizing the importance of human creativity and insight in advanced technology. The newsletter also mentions a new ransomware-as-a-service group called Chaos, which is actively targeting organizations worldwide. It provides updates on recent security incidents, including a Microsoft SharePoint vulnerability and a crypto exchange hack. The author stresses the significance of human elements in cybersecurity, despite the increasing use of machine learning.

Pulse ID: 68828d2b128aa99dc887dce2
Pulse Link: https://otx.alienvault.com/pulse/68828d2b128aa99dc887dce2
Pulse Author: AlienVault
Created: 2025-07-24 19:44:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Security Pros Say Hunters International RaaS Operators are ‘Changing Jerseys’ – Source: securityboulevard.com https://ciso2ciso.com/security-pros-say-hunters-international-raas-operators-are-changing-jerseys-source-securityboulevard-com/ #SecurityBoulevard(Original) #RansomwareasaService(RaaS) #rssfeedpostgeneratorecho #HuntersInternational #ThreatIntelligence #CyberSecurityNews #SecurityBoulevard #Threats&Breaches #Identity&Access #NetworkSecurity #MobileSecurity #SocialFacebook #SocialLinkedIn

Ransomware-Kartell Dragonforce sichert seine Stellung

@Bitdefender #Cyberbedrohung #Cybersecurity #Cybersicherheit #Dragonforce #livingofftheland #RansomwareasaService #RaaS #Ransomware @Bitdefender_DE

https://netzpalaver.de/2025/07/03/ransomware-kartell-dragonforce-sichert-seine-stellung/

Updated Response to CISA Advisory (AA23-352A): #StopRansomware: Play Ransomware – Source: securityboulevard.com https://ciso2ciso.com/updated-response-to-cisa-advisory-aa23-352a-stopransomware-play-ransomware-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #ransomwareasaservice #adversaryemulation #BroadBasedAttacks #CyberSecurityNews #SecurityBoulevard #StopRansomware #ransomware #Playcrypt #Play

Emulating the Blazing DragonForce Ransomware – Source: securityboulevard.com https://ciso2ciso.com/emulating-the-blazing-dragonforce-ransomware-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #ransomwareasaservice #adversaryemulation #Broad-BasedAttacks #CyberSecurityNews #SecurityBoulevard #DragonForce #ransomware #Mimikatz #Lockbit

Scattered-Spider mischt den britischen Einzelhandel auf

@CheckPointSW #Cyberbedrohung #Cybersecurity #Cybersicherheit #EndpointDetection #Malware #RansomwareasaService #ScatteredSpider #Security #Sicherheitslücke

https://netzpalaver.de/2025/05/16/scattered-spider-mischt-den-britischen-einzelhandel-auf/

Lehren für die Verteidigung aus den durchgesickerten Lockbit-Verhandlungen

#Cybersecurity #Cybersicherheit #darkWeb #Datenleck #Lockbit #PatchManagement @Qualys #Ransomware #RansomwareasaService #RansomwareGruppe #Security

https://netzpalaver.de/2025/05/13/lehren-fuer-die-verteidigung-aus-den-durchgesickerten-lockbit-verhandlungen/

Ransomware Reloaded - Warum 2025 das bisher gefährlichste Jahr werden wird

#AntiRansomwareTag @CheckPointSW #Cybersecurity #Cybersicherheit #Desinformation #künstlicheIntelligenz #Ransomware #RansomwareasaService #Security #Wannacry

https://netzpalaver.de/2025/05/12/ransomware-reloaded-warum-2025-das-bisher-gefaehrlichste-jahr-werden-wird/

Check Point zu den Cyber-Attacken auf britische Handelsketten - Ransomware-Gruppe Dragonforce mutmaßlich verantwortlich

@CheckPointSW #Cybersecurity #Cybersicherheit #Darknet #Dragonforce #ECommerce #Ransomware #RansomwareasaService #Security

https://netzpalaver.de/2025/05/09/check-point-zu-den-cyber-attacken-auf-britische-handelsketten-ransomware-gruppe-dragonforce-mutmasslich-verantwortlich/

Ransomware-Gruppen entwickeln Affiliate-Modelle weiter

#Affiliate #Authentifizierung #Cybersecurity #Cybersicherheit #DragonforceRansomware #RansomwareasaService @Secureworks #Security @Sophos @Sophos_Info

https://netzpalaver.de/2025/04/23/ransomware-gruppen-entwickeln-affiliate-modelle-weiter/

Hacker prahlen mit 126 Prozent mehr erpressten Unternehmen als im Q1 2024

@CheckPointSW #Cybersecurity #Cybersicherheit #Malware #Ransomware #RansomwareasaService #Security #ThreatIntelligence

https://netzpalaver.de/2025/04/23/hacker-prahlen-mit-126-prozent-mehr-erpressten-unternehmen-als-im-q1-2024/

"FakeUpdates" dominiert derzeit die Malware-Landschaft

@CheckPointSW #Cybersecurity #Cyberseicherheit #Fakeupdates #GlobalThreatIndex #ITSicherheit #Malware #mobilemalware #Ransomhub #RansomwareasaService

https://netzpalaver.de/2025/04/14/fakeupdates-dominiert-derzeit-die-malware-landschaft/