Zscaler Blog » Ransomware
71 FOLLOWERS
Safeguard your enterprise from ransomware attacks with the latest industry research and insights on the evolving ransomware landscape. Zscaler security services enable organizations to provide safe, fast Internet access to any user, on any device, from anywhere in the world.
Zscaler Blog » Ransomware
2y ago
Key Points BlackByte is a full-featured ransomware family that first emerged around July 2021 The ransomware was originally written in C# and later redeveloped in the Go programming language around September 2021 The threat group exfiltrates data prior to deploying ransomware and leaks the stolen information if a ransom is not paid The ..read more
Zscaler Blog » Ransomware
2y ago
Key Points PrivateLoader is a downloader malware family that was first identified in early 2021 The loader’s primary purpose is to download and execute additional malware as part of a pay-per-install (PPI) malware distribution service PrivateLoader is used by multiple threat actors to distribute ransomware, information stealers, banking t ..read more
Zscaler Blog » Ransomware
2y ago
Join the ThreatLabz research team and our product experts on Tuesday, 3/29/22 at 9:30am PT for an analysis of the LAPSUS$ Okta attack and strategies for assessing and reducing the impact to your organization. The extortion threat group LAPSUS$ arrived on threat researchers' radar back in December 2021, with a burst of erratic attacks that repres ..read more
Zscaler Blog » Ransomware
2y ago
The education industry has unceremoniously emerged as the second most common target for ransomware. In 2020, at least 1,681 schools, colleges, and universities of all sizes and prestige were infected. Institutions face the difficult challenge of preserving academic freedom, easy access to information, and open collaboration while defending from thr ..read more
Zscaler Blog » Ransomware
2y ago
Key Points PartyTicket is an unsophisticated and poorly designed ransomware family that is likely intended to be a diversion from the Hermetic wiper attack The ransomware generates a single AES key that is used to encrypt targeted files in GCM mode Files are decryptable because the AES key is generated using a random function that is dete ..read more
Zscaler Blog » Ransomware
2y ago
This post also appeared on LinkedIn. The recent spate of ransomware attacks and the release of the new cybersecurity Executive Order foreshadow increased scrutiny for companies managing critical infrastructure and personal data. Ransomware attacks are happening more frequently: besides the Colonial Pipeline attack, last week saw Ireland’s hea ..read more
Zscaler Blog » Ransomware
2y ago
On July 2, 2021, Kaseya, an IT Management software firm, disclosed a security incident impacting their on-premises version of Kaseya's Virtual System Administrator (VSA) software. Kaseya VSA is a cloud-based Managed Service Provider (MSP) platform that allows service providers to perform patch management, backups, and client monitoring for their cu ..read more
Zscaler Blog » Ransomware
2y ago
Background On July 2, 2021, Kaseya, an IT Management software firm, disclosed a security incident impacting their on-prem version of Kaseya VSA software. Kaseya VSA is a cloud-based MSP platform that allows service providers to perform patch management, backups, and client monitoring for their customers. As per Kaseya, the majority of their cust ..read more
Zscaler Blog » Ransomware
2y ago
The recent Kaseya ransomware incident combined the worst possibilities the infosec community has had to contend with in recent months: A supply-chain attack Ransomware An unpatched application vulnerability (zero day) This is by no means an isolated incident. All vulnerabilities reported on widely used software products, especially t ..read more
Zscaler Blog » Ransomware
2y ago
Watch the on-demand replay of the July 13th ThreatLabz webinar for a deep dive into the Kaseya attack and how to defend against it. While Americans were prepping for their long Fourth of July weekends, cybercriminals were preparing a widespread ransomware attack on businesses around the world using a vulnerability in the Kaseya VSA remote monit ..read more