Ransomware Spotlight

INC ransomware was first detected in July 2023, but has already released new versions: one that targets Linux computers and an update on their Windows variant. The ransomware has been observed to exploit CVE-2023-3519 and uses HackTool.Win32.ProcTerminator.A for defense evasion and HackTool.PS1.VeeamCreds for credential access in its different attack chains.

The LockBit intrusion set, tracked by Trend Micro as Water Selkie, has one of the most active ransomware operations today. With LockBit’s strong malware capabilities and affiliate program, organizations should keep abreast of its machinations to effectively spot risks and defend against attacks.

Despite positioning themselves as penetration testers, 8Base ransomware threat actors profit off their victims that are significantly comprised of small businesses. In this feature, we investigate how the gang operates to gain insights on how organizations can protect systems better from compromises that could result in financial loss.  

The threat actors behind the Rhysida ransomware targeted multiple industries by posing as a cybersecurity team that offered to help its victims identify security weaknesses in their networks and systems. Although the group’s activity was first observed back in May 2023, its leak site was established as early as March 2023. Like other ransomware groups, it employs double extortion tactics to pressure its victims into paying a ransom demand in Bitcoin.

After the shutdown of its leak site in October, we look at how ransomware group Trigona operated during its period of activity and discuss how enterprises can fortify their defenses against similar threats.

This report spotlights Akira, a novel ransomware family with highly experienced and skilled operators at its helm.

Play is shaping up to be a player on the rise within the ransomware landscape, with its operators likely to continue using the ransomware in future. We take a deep dive into its operations and offer ways in which organizations can shore up their defenses against this emerging threat.

We detail everything you need to know about TargetCompany, a ransomware family with different monickers, including the evolution of its attack flow as it cemented its place in the threat landscape.

Backed by threat actors from Conti, Royal ransomware is poised to wreak havoc in the threat landscape, starting strong by taking a spot among the most prolific ransomware groups within three months since it was first reported. Combining new and old techniques and quick evolution, it is likely to remain a big player in the threat landscape in the future.