Ransomware appears to be one of the most expensive and disruptive internet afflictions. It is a type of malware that encrypts the victim's files and vital information, and hackers demand payoffs to provide the decryption keys. While ransomware is not any new form of attack on cybersecurity, the prevalent scenario is indeed alarming; the following numbers corroborate the same- It seems that individuals and organizations are likely to get affected by ransomware attacks even in 2023 and beyond.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. This blog was jointly authored with Arjun Patel. GuLoader is a malware downloader that is primarily used for distributing other shellcode and malware such as ransomware and banking Trojans.
In a year where headlines were dominated by the global economic and geopolitical uncertainty around Russia’s war on Ukraine, 2022 saw a threat landscape that was both volatile and fragmented, largely due to the war. As the year drew to an end, ransomware hit a peak, primarily due to the rise in attacks impacting the manufacturing, health care, technology and telecommunications industries.
8220 Gang has been dubbed as a group of low-level script kiddies with an equally disappointing name based on their original use of port 8220 for Command and Control (C2) network communications dating back to 2017. Since an initial Talos report in late 2018, the group has continued to use, learn, and benefit from the efforts of their counterparts in the cryptojacking world.
The latest on ESXiArgs ransomware attacks, new QakNote attacks pushing QBot malware via Microsoft OneNote files, and Biden’s attention to data privacy in the State of the Union.
The threat actor group behind Royal ransomware first appeared in January 2022, pulling together actors previously associated with Roy/Zeon, Conti and TrickBot malware. Originally known as “Zeon” before renaming themselves “Royal” in September 2022, they are not considered a ransomware-as-a-service (RaaS) operation because their coding/infrastructure are private and not made available to outside actors.
