Group-IB’s Post

Our latest blog revisits the Qilin ransomware group and uncovers their recent attack on Synnovis, which affected NHS hospitals in London. The ransomware uses advanced encryption, making recovery difficult. Delve into their advanced tactics, such as exploiting Fortinet and Veeam Backup vulnerabilities, privilege escalation, defense evasion, and lateral movement using PsExec and VMware vCenter. #CyberSecurity #Ransomware #ThreatIntelligence #QilinRansomware #GroupIB #Healthcare #FightAgainstCrime

Group-IB: The Qilin ransomware group recently grabbed headlines with a massive $50 million ransom demand, hitting Synnovis and impacting NHS hospitals in London. Since its emergence from Agenda ransomware, Qilin has evolved into a powerful Rust-based threat, targeting over 150 organizations in 25 countries. Our latest blog explores their evolving tactics, including exploitation of Fortinet and Veeam Backup vulnerabilities, precise ransomware deployment arguments, and unique hashing methods. Additionally, the analysis details their privilege escalation techniques, defense evasion methods, and lateral movement via PsExec and VMware vCenter. The ransomware itself utilizes AES-256 CTR or ChaCha20 encryption, further impeding recovery by deleting backups and rebooting systems.It’s essential reading for anyone in cybersecurity to understand and counteract this evolving threat. 🔗 Check out the full blog post : https://lnkd.in/gjWpbNpe #CyberSecurity #Ransomware #ThreatIntelligence #QilinRansomware #GroupIB #Healthcare #FightAgainstCrime

The WannaCry ransomware attack spread globally in 2017, locking down systems in over 150 countries and demanding payment to release data. Exploiting a vulnerability in Windows, WannaCry targeted businesses, hospitals, and governments, showing how damaging ransomware can be to critical infrastructure. Learn how this attack unfolded and why ransomware defense is essential for cybersecurity today. #cybersecurity #ransomware #infosec

Hi everyone! Today is Wednesday, January 8th, 2025. In today’s cyber threat report I go over ransomware. This includes Atos proving false claims, the Critical Infrastructure Ransomware tracker just hit over 2,000 documented attacks, and HHS showing the need to require enhanced cybersecurity for sensitive data. Come back tomorrow for the next one! As always, stay vigilant! Check out the Ransomware Critical Infrastructure Database here: https://lnkd.in/e_arQ-ha #StayInformed #Cyber #Threat #Technology #Ransomware #Data #Vigilant #Report

Unlock the Power of Continuous Threat Exposure Management at XPOSURE Online Event. Save your spot today: https://lnkd.in/decpidqn Get Inside the Mind of a Ransomware Attack at XPOSURE! Join Zach Lewis from the University of Health Sciences and Pharmacy as he breaks down a real-life LockBit ransomware attack—from the initial breach in April to the final data drop in June. Discover how vulnerabilities were exploited, accounts compromised, and data stolen, along with the challenges of recovery. Plus, learn why robust backup strategies and ethical decisions around ransom payments are critical. Boost your cybersecurity resilience with these must-know insights. 💻🔐 #XPOSURE2024 #Ransomware #Cybersecurity

Ransomware has quickly evolved from a rudimentary attack to a highly sophisticated threat.  Cybercriminals are constantly changing tactics, making it difficult for organizations to stay ahead. Early defenses such as backups and antivirus software are no longer sufficient, and modern defenses such as EDR, Zero Trust, and Assumed Breach are becoming increasingly necessary. Read more about how ransomware has evolved over the years to understand what this suggests about the future of cybersecurity. https://lnkd.in/e_azaAMQ Connor Jackson #ransomware #attacks #history #cybersecurity

🔔 Attention, SonicWall Users! A critical vulnerability (CVE-2024-40766) in SonicWall is being actively targeted by Akira Ransomware. This vulnerability could lead to devastating attacks if left unpatched. SOCRadar urges all SonicWall users to apply the latest patch immediately and ensure their networks remain secure. Stay proactive in protecting your organization against ransomware threats. Don't wait until it's too late. 👉 Read more about this vulnerability and how to safeguard your systems: https://lnkd.in/dYGHrHtN #CyberSecurity #Ransomware #VulnerabilityManagement #PatchNow

“Despite what feels a constant deluge of cyberattacks on the public sector, ransomware attacks on government organizations are actually down, according to a report published [Aug. 21] by the cybersecurity firm Sophos. The State of Ransomware in State and Local Government report found that state and local governments saw a 51% drop in ransomware attacks in 2024. … The report anonymously surveyed 5,000 global government IT and cybersecurity leaders.” https://gag.gl/QzHH3D Visit our website to learn how you can protect IP, PII, and PHI against malware and ransomware by reducing and defending the number of entry points a malicious file can enter their networks. #cybersecurity #kiteworks #cyberattack #ransomware #malware #contentprotection #contentsecurity

Considering that 96% of ransomware attacks now target backup repositories (The State of Ransomware 2024, Sophos), immutable backups have become essential to maintaining cyber resilience. Yet, many commercial and homegrown backup monitoring solutions completely neglect this key component of backup-level security. Not Bocada. ✅ Read why immutability has become essential: https://lnkd.in/ghKJaBjf ✅ Discover Bocada's immutable backup and encrypted data reports: https://lnkd.in/ghmVeEMS ✅ Request a free demo: https://lnkd.in/gBaauAuc #Bocada #backupandrecovery #ransomware #dataprotection #cybersecurity #cyberresilience