Trend Micro Research : Ransomware

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms 2025-07-07 at 14:47 By BERT is a newly emerged ransomware group that pairs simple code with effective execution—carrying out attacks across Europe and Asia. In this entry, we examine the group’s tactics, how their variants have evolved, and the tools they use to get past […]

React to this headline:

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms Read More »

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal 2025-05-07 at 11:48 By During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we’ve named NETXLOADER. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal Read More »

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE 2025-04-21 at 05:11 By This blog details our investigation of malware samples that conceal within them a FOG ransomware payload. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE Read More »

CrazyHunter Campaign Targets Taiwanese Critical Sectors

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

CrazyHunter Campaign Targets Taiwanese Critical Sectors 2025-04-16 at 11:55 By This blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwan’s essential services. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

CrazyHunter Campaign Targets Taiwanese Critical Sectors Read More »

Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations 2025-03-21 at 11:36 By Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation. This article is an excerpt from

React to this headline:

Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations Read More »

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal 2025-03-03 at 11:24 By In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines. This article is an excerpt from Trend Micro Research, News

React to this headline:

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal Read More »

MITRE ATT&CK 2024 Results for Enterprise Security

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Network, Trend Micro Research : Ransomware, Trend Micro Research : Reports / SecurityTicks

MITRE ATT&CK 2024 Results for Enterprise Security 2024-12-11 at 19:18 By Enterprise 2024 will incorporate multiple, smaller emulations for a more nuanced and targeted evaluation of defensive capabilities. We’re excited to offer two distinct adversary focus areas: Ransomware targeting Windows and Linux, and the Democratic People’s Republic of Korea’s targeting macOS. This article is an

React to this headline:

MITRE ATT&CK 2024 Results for Enterprise Security Read More »

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data 2024-10-16 at 14:35 By This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions. This article is an excerpt

React to this headline:

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data Read More »

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections 2024-09-20 at 18:31 By Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections Read More »

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack 2024-08-21 at 11:01 By Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack Read More »

QR Codes: Convenience or Cyberthreat?

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Cloud, Trend Micro Research : Phishing, Trend Micro Research : Ransomware, Trend Micro Research : Security Strategies, Trend Micro Research : Web / SecurityTicks

QR Codes: Convenience or Cyberthreat? 2024-07-23 at 20:16 By Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing) This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

QR Codes: Convenience or Cyberthreat? Read More »

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma 2024-07-19 at 10:31 By Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. This article is an excerpt from Trend Micro Research, News

React to this headline:

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma Read More »

An In-Depth Look at Crypto-Crime in 2023 Part 2

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : ICS OT, Trend Micro Research : Malware, Trend Micro Research : Privacy & Risks, Trend Micro Research : Ransomware, Trend Micro Research : Reports / SecurityTicks

An In-Depth Look at Crypto-Crime in 2023 Part 2 2024-07-12 at 02:01 By In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. This article is an

React to this headline:

An In-Depth Look at Crypto-Crime in 2023 Part 2 Read More »

An In-Depth Look at Crypto-Crime in 2023 Part 1

Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Privacy & Risks, Trend Micro Research : Ransomware / SecurityTicks

An In-Depth Look at Crypto-Crime in 2023 Part 1 2024-07-08 at 22:31 By Cybersecurity is a growing concern in today’s digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals

React to this headline:

An In-Depth Look at Crypto-Crime in 2023 Part 1 Read More »

TargetCompany’s Linux Variant Targets ESXi Environments

Trend Micro Research : Ransomware / SecurityTicks

TargetCompany’s Linux Variant Targets ESXi Environments 2024-06-05 at 13:02 By In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

TargetCompany’s Linux Variant Targets ESXi Environments Read More »

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption 2024-04-03 at 14:31 By Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

React to this headline:

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption Read More »

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script 2024-03-26 at 10:31 By This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this

React to this headline:

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script Read More »

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO 2024-03-04 at 11:05 By The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO Read More »

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Ransomware / SecurityTicks

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities 2024-02-27 at 10:18 By This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry. This

React to this headline:

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities Read More »

LockBit Attempts to Stay Afloat With a New Version

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

LockBit Attempts to Stay Afloat With a New Version 2024-02-22 at 10:02 By This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations. This article is an excerpt

React to this headline:

LockBit Attempts to Stay Afloat With a New Version Read More »