Blackbit ransomware is a variant of the LokiLocker ransomware. It utilizes sophisticated techniques to encrypt and obstruct data recovery. The ransomware is built on the Ransomware-as-a-service (RaaS) model. RaaS is a subscription-based business model where ransomware groups lease out their infrastructure to ransomware affiliates or cybercriminals to launch cyberattacks. The Blackbit ransomware uses .NET Reactor […]
Searching...
All results for 'Anthony Faruna'
Showing 11 of 11 resultsThe Kuiper ransomware is a strain of ransomware written in Golang that encrypts data on various endpoints such as Windows, macOS, and Linux in exchange for money. It utilizes a combination of RSA, ChaCha20, and AES encryption algorithms to encrypt files on infected endpoints. Specifically, it employs RSA for key exchange, ChaCha20 for initial encryption, […]
The DOGE Big Balls is a sophisticated ransomware variant linked to the Fog ransomware group, first observed in early 2025. It has affected organizations across various sectors, such as technology, education, and finance, by combining technical exploits with psychological manipulation. Delivered primarily through phishing campaigns containing malicious ZIP archives, the ransomware uses PowerShell scripts to […]
GreenBlood ransomware is a Go-based ransomware family that has recently emerged in the threat landscape, targeting Windows environments while employing a double-extortion model. The malware is engineered for high-speed execution and parallel file encryption, leveraging the performance and portability benefits of a compiled, statically linked language. This design allows GreenBlood to rapidly impact infected systems […]
Lockbit ransomware uses a broad range of techniques to target organizations worldwide. Check our new blog post to learn how to detect Lockbit 3.0 ransomware with Wazuh
This blog shows how Wazuh can detect some common Active Directory attacks using Windows security logs and events captured on Sysmon.
In this blog post, we continue showing how Wazuh can detect some common Active Directory attacks using Windows security logs.
Our new blog post shows how to detect SFX archives exhibiting suspicious behavior with Wazuh.
CrossLock ransomware is a recent strain of ransomware developed using the Go programming language, making it harder to reverse engineer. The ransomware is capable of infecting several platforms, including Windows and UNIX-like operating systems. Like most recent ransomware strains, CrossLock uses the double extortion technique to increase the chances of payment from its victims. This […]
Amazon Security Lake is a fully managed service that helps organizations aggregate, store, and analyze security data from various sources, such as AWS services, on-premise logs, and third-party SaaS applications. Security administrators can use AWS services like Athena to query the security data, which gives them insight into potential threats and vulnerabilities across an organization’s […]
Rhadamanthys Stealer is a credential-harvesting malware sold as Malware-as-a-Service (MaaS). It is known for its modular architecture, data-stealing capabilities, and continuous updates driven by criminal marketplaces. Attackers distribute Rhadamanthys stealer via phishing emails, cracked software, malicious ads, and fake installers. The stealer primarily targets Windows endpoints to extract browser passwords, crypto wallets, system metadata, autofill […]
No results for 'Anthony Faruna'
Please make sure that all words are spelled correctly.