Blackbit ransomware is a variant of the LokiLocker ransomware. It utilizes sophisticated techniques to encrypt and obstruct data recovery. The ransomware is built on the Ransomware-as-a-service (RaaS) model. RaaS is a subscription-based business model where ransomware groups lease out their infrastructure to ransomware affiliates or cybercriminals to launch cyberattacks. The Blackbit ransomware uses .NET Reactor […]
The Kuiper ransomware is a strain of ransomware written in Golang that encrypts data on various endpoints such as Windows, macOS, and Linux in exchange for money. It utilizes a combination of RSA, ChaCha20, and AES encryption algorithms to encrypt files on infected endpoints. Specifically, it employs RSA for key exchange, ChaCha20 for initial encryption, […]
The DOGE Big Balls is a sophisticated ransomware variant linked to the Fog ransomware group, first observed in early 2025. It has affected organizations across various sectors, such as technology, education, and finance, by combining technical exploits with psychological manipulation. Delivered primarily through phishing campaigns containing malicious ZIP archives, the ransomware uses PowerShell scripts to […]
Lockbit ransomware uses a broad range of techniques to target organizations worldwide. Check our new blog post to learn how to detect Lockbit 3.0 ransomware with Wazuh
This blog shows how Wazuh can detect some common Active Directory attacks using Windows security logs and events captured on Sysmon.
In this blog post, we continue showing how Wazuh can detect some common Active Directory attacks using Windows security logs.
Our new blog post shows how to detect SFX archives exhibiting suspicious behavior with Wazuh.
CrossLock ransomware is a recent strain of ransomware developed using the Go programming language, making it harder to reverse engineer. The ransomware is capable of infecting several platforms, including Windows and UNIX-like operating systems. Like most recent ransomware strains, CrossLock uses the double extortion technique to increase the chances of payment from its victims. This […]
Amazon Security Lake is a fully managed service that helps organizations aggregate, store, and analyze security data from various sources, such as AWS services, on-premise logs, and third-party SaaS applications. Security administrators can use AWS services like Athena to query the security data, which gives them insight into potential threats and vulnerabilities across an organization’s […]
Please make sure that all words are spelled correctly.