TropChaud · @IntelScott
82 followers · 13 posts · Server infosec.exchange
Analyzing #TTP overlap for nine top #ransomware
This originates from analysis of ransomware targeting schools, but most of these families have threatened a range of critical infrastructure & other industries too
Each ransomware covered here has published extortion threats involving a school or university during the past year, and this trend is increasing. I tallied 66 ransomware extortion threats against these #education entities since last October. A few groups dominate (see pie chart), and victim count jumped especially high in recent months for schools (K-12) (see bar chart).
The #malware covered here (and count of associated extortion threats against education entities) are: #ViceSociety (25), #Pysa (8), #LockBit 3.0 (7), #ALPHV / #BlackCat (6), LockBit 2.0 (5), #Hive (4), #BianLian (3), #Quantum, Snatch (2), & #Conti, #REvil, Sabbath, and Stormous (1 each). Also #HelloKitty / #FiveHands, which is used by Vice Society, but no relevant posts were observed.
Visual summary of my analysis: https://app.tidalcyber.com/share/8d9f212a-0312-4c2f-bba5-85ab7c7224c6
Overall the nine ransomware map to 131 unique techniques total, sourced from 30 recent public reports, mainly malware analysis & government advisories ("Show only labelled techniques" gives the best view). The underlines & numbers in the cells indicate number of malware mapped to that technique. Background color gradient represents number of sources referencing it. This tool helps with pivoting to defenses and analytics (think Sigma rules), offensive tests (Atomic Red Team), and data sources (make sure you have proper logging enabled) mapped to the same techniques.
#threatintel #SharedWithTidal
#ttp #ransomware #education #malware #vicesociety #pysa #lockbit #ALPHV #blackcat #hive #bianlian #quantum #Conti #revil #hellokitty #FiveHands #threatintel #sharedwithtidal
Anonymous :anonymous: 🐾🐈🏴 · @YourAnonRiots
3074 followers · 24693 posts · Server mstdn.socialThe infosec team at #BlackBerry are tracking a #RAT targeting #Window®. Dubbed ChaChi; the RAT has been used by #PYSA ransomware gang as part of their toolset to attack victims globally, but most recently targeting education organizations.
https://blogs.blackberry.com/en/2021/06/pysa-loves-chachi-a-new-golang-rat
#pysa #window #rat #Blackberry
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Data stolen from Hackney Council posted on dark web by ransomware gang - The cybercrime gang behind the PYSA ransomware has released files which they claim to have stolen ... https://grahamcluley.com/data-stolen-from-hackney-council-posted-on-dark-web-by-ransomware-gang/ #ransomware #databreach #mespinoza #dataloss #malware #hackney #pysa
#pysa #hackney #malware #dataloss #mespinoza #databreach #ransomware