Tag: Trend Micro Research : Ransomware

Security Vendor News

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

by Kenneth Adrian Apostol • June 29, 2022

We look into a recent attack orchestrated by the Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations.

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

by Shingo Matsugaya • June 26, 2022

We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

by Don Ovid Ladores • June 7, 2022

Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report.

Why It’s Time to Map the Digital Attack Surface

by Bharat Mistry • June 5, 2022

Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces.

Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme

by Trend Micro Research, News, Perspectives • June 5, 2022

In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other ransomware families that previously targeted NAS devices.

YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation

by Ieriz Nicolle Gonzalez • June 1, 2022

The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives.

YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation

by Ieriz Nicolle Gonzalez • June 1, 2022

New Linux-Based Ransomware ‘Cheerscrypt’ Targets EXSi Devices

by Arianne Dela Cruz • May 24, 2022

Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss our initial findings on in this report.

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

by Arianne Dela Cruz • May 24, 2022

Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings on in this report.

New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code

by Arianne Dela Cruz • May 24, 2022

New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report.

Trend Micro’s One Vision, One Platform

by Trend Micro Research, News, Perspectives • May 16, 2022

Why Trend Micro is evolving its approach to enterprise protection

Examining the Black Basta Ransomware’s Infection Routine

by Ieriz Nicolle Gonzalez • May 8, 2022

We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics.

AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell

by Christoper Ordonez • May 1, 2022

We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions.

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

by Christoper Ordonez • May 1, 2022

We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions.

An Investigation of the BlackCat Ransomware via Trend Micro Vision One

by Lucas Silva • April 17, 2022

We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in…

An In-Depth Look at ICS Vulnerabilities Part 3

by Trend Micro Research, News, Perspectives • April 5, 2022

In our series wrap-up, we look into CVEs that affect critical manufacturing based on MITRE’s matrix. We also explore common ICS-affecting vulnerabilities identified in 2021.

Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload

by Earle Maui Earnshaw • April 4, 2022

Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware.

An In-Depth Look at ICS Vulnerabilities Part 2

by Trend Micro Research, News, Perspectives • April 3, 2022

In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels.

This Week in Security News – March 18, 2022

by Jon Clay • March 17, 2022

Global Cyberattacks: Navigating New Frontiers: Trend Micro 2021 Annual Cybersecurity Report, and US Has ‘Significant’ Cyber Vulnerabilities, But A Sweeping Russian Cyberattack Is Unlikely

Oil/Gas Cybersecurity: Halt Critical Operation Attacks

by Kazuhisa Tagaya • March 14, 2022

Trend Micro has released a technical report on how the oil and gas industry can gain situational awareness across OT, IT and CT.

Utility Cybersecurity: Situational Awareness Cuts Risk

by Kazuhisa Tagaya • March 13, 2022

Trend Micro has released a technical report on how the electric utility industry can gain situational awareness across entire network.

New Nokoyawa Ransomware Possibly Related to Hive

by Don Ovid Ladores • March 8, 2022

In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their attack chain, from the tools used to the order in which t…

Cyberattacks are Prominent in the Russia-Ukraine Conflict

by Trend Micro Research • March 2, 2022

Alongside the physical conflict happening between Russia and Ukraine, there have also been an increasing number of alleged cyberattacks perpetrated by different groups.
Our research teams have verified and validated internal data and external reports t…

This Week in Security News – February 25, 2022

by Jon Clay • February 24, 2022

Recent cyberattacks increasingly target open-source web servers, and US officials tell businesses to watch for potential ransomware attacks after Biden announces Russia sanctions

Ukraine Cyberattack 2022: Geopolitical Cybersecurity

by Trend Micro Research, News, Perspectives • February 17, 2022

As geopolitical tensions rise, so does pressure to enhance corporate cyber-resilience

This Week in Security News – February 18, 2022

by Jon Clay • February 17, 2022

SMS PVA services’ use of infected Android phones reveals flaws in SMS verification, and ‘Russian state-sponsored cyber actors’ cited in hacks of U.S. defense contractors

This Week in Security News – February 11, 2022

by Jon Clay • February 10, 2022

Hidden scams in malicious scans, and feds arrest couple who allegedly laundered $1 Billion in stolen bitcoins

This Week in Security News – February 4, 2022

by Jon Clay • February 3, 2022

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. Learn about the Samba vulnerability discovered by Trend Micro the White House’s warning of Russian hacks as te…

This Week in Security News – January 28th, 2022

by Jon Clay • January 28, 2022

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read the third installment of Trend Micro’s Codex series. Also, read about the White House’s latest…

Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant

by Junestherry Dela Cruz • January 24, 2022

LockBit ransomware’s operators announced the release of its first Linux and ESXi variant in October. With samples also spotted in the wild, we discuss the impact and analysis of this variant.

This Week in Security News – January 21, 2022

by Jon Clay • January 21, 2022

 This week, read about various cybersecurity threats that affect industrial control and the Cybersecurity and Infrastructure Security Agency (CISA)’s latest cyberattack warnings.

Cybersecurity for Industrial Control Systems: Part 2

by Ericka Pingol • January 20, 2022

To cap off the series, we’ll discuss malware detection and distribution in various countries. Our team also rounds up several insights to help strengthen ICS cybersecurity and mitigate malware attacks.

Defending Users’ NAS Devices From Evolving Threats

by Stephen Hilt • January 20, 2022

In our latest research, we analyze the threats targeting well-known brands of network-attached storage (NAS) devices.

New Ransomware Spotted: White Rabbit and Its Evasion Tactics

by Arianne Dela Cruz • January 18, 2022

We analyze the ransomware White Rabbit and bring into focus the familiar evasion tactics employed by this newcomer.

Cybersecurity for Industrial Control Systems: Part 1

by Trend Micro Research • January 15, 2022

In this two-part series, we look into various cybersecurity threats that affected industrial control systems endpoints. We also discuss several insights and recommendations to mitigate such threats.

This Week in Security News – January 14, 2022

by Jon Clay • January 14, 2022

This week, read about how crucial it is for security teams to adopt an integrated approach to threat detection, such as remote control, and Congress’s plan to update the Federal Information Security Management Act (FISMA) for the first time in eight ye…

This Week in Security News – January 7, 2022

by Jon Clay • January 7, 2022

This week, read about Log4j vulnerabilities in connected cars and charging stations and how iOS malware can fake iPhone shutdowns to snoop on cameras and microphones.

This Week in Security News – December 17, 2021

by Jon Clay • December 17, 2021

This week, read on Purple Fox’s infection chain observed by Trend Micro’s Managed XDR. Also, learn about the Log4j vulnerability that has the potential to cause ‘incalculable’ damage.

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

by Abraham Camba • December 17, 2021

We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign.

Volatile and Adaptable: Tracking the Movements of Modern Ransomware

by Trend Micro Research • December 15, 2021

Trend Micro’s tracking of modern ransomware, as well as of older families, shows which attacks are gaining momentum and which families are particularly dangerous for enterprises and private users.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.