Trend Micro Research : Ransomware

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks 2025-08-14 at 11:38 By Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React […]

React to this headline:

Loading spinner

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks Read More »

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises 2025-08-12 at 13:10 By We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands. This article is an excerpt from Trend Micro Research, News and Perspectives View

React to this headline:

Loading spinner

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises Read More »

New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises 2025-08-12 at 13:10 By We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands. This article is an excerpt from Trend Micro Research, News and Perspectives View

React to this headline:

Loading spinner

New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises Read More »

Gunra Ransomware Group Unveils Efficient Linux Variant

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Gunra Ransomware Group Unveils Efficient Linux Variant 2025-07-29 at 15:02 By This blog discusses how Gunra ransomware’s new Linux variant accelerates and customizes encryption, expanding the group’s reach with advanced cross-platform tactics. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Gunra Ransomware Group Unveils Efficient Linux Variant Read More »

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Ransomware /

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms 2025-07-07 at 14:47 By BERT is a newly emerged ransomware group that pairs simple code with effective execution—carrying out attacks across Europe and Asia. In this entry, we examine the group’s tactics, how their variants have evolved, and the tools they use to get past

React to this headline:

Loading spinner

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms Read More »

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal 2025-05-07 at 11:48 By During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we’ve named NETXLOADER. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Loading spinner

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal Read More »

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Ransomware, Trend Micro Research : Research /

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE 2025-04-21 at 05:11 By This blog details our investigation of malware samples that conceal within them a FOG ransomware payload. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE Read More »

CrazyHunter Campaign Targets Taiwanese Critical Sectors

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

CrazyHunter Campaign Targets Taiwanese Critical Sectors 2025-04-16 at 11:55 By This blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwan’s essential services. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

CrazyHunter Campaign Targets Taiwanese Critical Sectors Read More »

Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations 2025-03-21 at 11:36 By Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation. This article is an excerpt from

React to this headline:

Loading spinner

Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations Read More »

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal 2025-03-03 at 11:24 By In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines. This article is an excerpt from Trend Micro Research, News

React to this headline:

Loading spinner

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal Read More »

MITRE ATT&CK 2024 Results for Enterprise Security

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Network, Trend Micro Research : Ransomware, Trend Micro Research : Reports /

MITRE ATT&CK 2024 Results for Enterprise Security 2024-12-11 at 19:18 By Enterprise 2024 will incorporate multiple, smaller emulations for a more nuanced and targeted evaluation of defensive capabilities. We’re excited to offer two distinct adversary focus areas: Ransomware targeting Windows and Linux, and the Democratic People’s Republic of Korea’s targeting macOS. This article is an

React to this headline:

Loading spinner

MITRE ATT&CK 2024 Results for Enterprise Security Read More »

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data 2024-10-16 at 14:35 By This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions. This article is an excerpt

React to this headline:

Loading spinner

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data Read More »

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections 2024-09-20 at 18:31 By Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

Loading spinner

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections Read More »

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack 2024-08-21 at 11:01 By Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

Loading spinner

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack Read More »

QR Codes: Convenience or Cyberthreat?

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Cloud, Trend Micro Research : Phishing, Trend Micro Research : Ransomware, Trend Micro Research : Security Strategies, Trend Micro Research : Web /

QR Codes: Convenience or Cyberthreat? 2024-07-23 at 20:16 By Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing) This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

QR Codes: Convenience or Cyberthreat? Read More »

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma 2024-07-19 at 10:31 By Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. This article is an excerpt from Trend Micro Research, News

React to this headline:

Loading spinner

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma Read More »

An In-Depth Look at Crypto-Crime in 2023 Part 2

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : ICS OT, Trend Micro Research : Malware, Trend Micro Research : Privacy & Risks, Trend Micro Research : Ransomware, Trend Micro Research : Reports /

An In-Depth Look at Crypto-Crime in 2023 Part 2 2024-07-12 at 02:01 By In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. This article is an

React to this headline:

Loading spinner

An In-Depth Look at Crypto-Crime in 2023 Part 2 Read More »

An In-Depth Look at Crypto-Crime in 2023 Part 1

Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Privacy & Risks, Trend Micro Research : Ransomware /

An In-Depth Look at Crypto-Crime in 2023 Part 1 2024-07-08 at 22:31 By Cybersecurity is a growing concern in today’s digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals

React to this headline:

Loading spinner

An In-Depth Look at Crypto-Crime in 2023 Part 1 Read More »

TargetCompany’s Linux Variant Targets ESXi Environments

Trend Micro Research : Ransomware /

TargetCompany’s Linux Variant Targets ESXi Environments 2024-06-05 at 13:02 By In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Loading spinner

TargetCompany’s Linux Variant Targets ESXi Environments Read More »

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption 2024-04-03 at 14:31 By Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

React to this headline:

Loading spinner

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption Read More »

Scroll to Top