RaaS
RansomHouse upgrades encryption with multi-layered data processing
The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. In practice, the upgrades offer stronger encryption results, faster speeds, and better reliability on modern target environments, giving threat actors stronger leverage during post-encryption negotiations. RansomHouse launched in December 2021 as a data extortion […]
CyberVolk’s ransomware debut stumbles on cryptography weakness
The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. According to SentinelOne researchers who examined the new ransomware family, the encryptor uses a hardcoded master key in the binary, which is also written in plaintext in a hidden file on […]
Malware devs abuse Anthropic’s Claude AI to build ransomware
Anthropic’s Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. The company says that its tool has also been used in fraudulent North Korean IT worker schemes and to distribute lures for Contagious Interview campaigns, in Chinese APT campaigns, and by […]
Hunters International ransomware shuts down, releases free decryptors
The Hunters International Ransomware-as-a-Service (RaaS) operation announced today that it has officially closed down its operations and will offer free decryptors to help victims recover their data without paying a ransom. “After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, […]
DragonForce expands ransomware model with white-label branding scheme
The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort. A group’s representative […]
New VanHelsing ransomware targets Windows, ARM, ESXi systems
A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. VanHelsing was first promoted on underground cybercrime platforms on March 7, offering experienced affiliates a free pass to join while mandating a deposit of $5,000 from less experienced threat actors. The new ransomware operation was first documented […]
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor
A newly identified custom backdoor deployed in several recent ransomware attacks has been linked to at least one RansomHub ransomware-as-a-service (RaaS) operation affiliate. Symantec researchers who named this malware Betruger describe it as a “rare example of a multi-function backdoor” that was likely engineered for use in ransomware attacks. The malware’s capabilities include a wide range of […]