Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/ghoshacker GhosHacker, which is seemingly a misspelling of GhostHacker based on the ransom note dropped with the same name—GhostHacker.exe—is a crypto-ransomware built from the NoCry ransomware builder. This allegation comes from…

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/blackskull BlackSkull is a near clone of GhosHacker and Anonymous and is theorized to be an early version of AzzaSec. All four of these are created from the NoCry ransomware builder, based on the infamous WannaCry ransomware…

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/cybervolk CyberVolk is a self-proclaimed hacktivist group with various allegiances to other hacktivist groups throughout the globe, including Anonymous (their subsidiaries), White_Hunters, Cyber Hunters, and others. They even…

Publication: Dr. Joseph L Popp Jr and The First-Ever Ransomware – The AIDS Trojan If you work in information security or the computer science field, there's a good chance you've heard of the first-ever ransomware – the AIDS Trojan. There's also a chance you know the basics of that story. An…

Introduction This research began with finding a simple malware sample to extract strings for an unrelated topic. In my day-to-day malware analysis workflow, I stumbled upon a JavaScript (JS) file with what I would call trivial obfuscation. I knew it was malware but wanted to understand the infection…

Check out LockBit 3.0 on our new Ransomware Tracker Beta! Hear more about Operation Cronos on The 443 Podcast . If you've followed the ransomware space for the past few years, it's very likely you've heard of LockBit. If you don't follow the cybersecurity landscape, there's still a good chance you…