Resources
Providing you the latest industry-specific news and insights.
![]()
WastedLocker Ransomware Insights
WastedLocker is a new ransomware variant with encryption capabilities that some researchers believe to be linked to the sanctioned “Evil Corp” group. However, Arete's analysis determined that evidence of the connection is not conclusive.
Read more
The Road Back: Recovery from a Malware Attack in the Long Term
Arete Incident Response is currently answering the call of duty for about 60 companies per month who have experienced malware intrusions. These are mostly ransomware or business email compromise attacks. Arete’s primary goal is to restore what was…
Read moreRansomware Decryptors for a (varying) fee
Ransomware attacks wreak havoc on business operations. Destroying recovery options, instilling fear and panic, and most often creating high levels of stress for IT staff, owners, and operators. A simple, but often costly fix is to just pay the…
Read moreNo One Is Immune to Cyberattacks
On December 8, 2020, the New York Times reported that FireEye (NASDAQ:FEYE) was hacked. Moments later, almost every major news outlet, security blogger, U.S. government agency, and security company released additional articles and opinions on the…
Read moreAnti-virus or AI driven Endpoint Protection?
Stephen Ramey Arete investigates a lot of ransomware attacks. In fact, 90% of our business is helping organizations big and small, recover from and investigate ransomware attacks. Variants like Maze, Sodinokibi, WastedLocker, Ryuk,…
Read moreSodinokibi Labels Keys with “Black Lives Matter”
OVERVIEW Since January 2020, the Arete IR practice has responded to forty-one (41) Sodinokibi engagements. The industry has seen two big changes with Sodinokibi/REvil from their shift to exfiltrating data as of January 2020, and more, recently with…
Read moreUS Government Alerts of Imminent Attacks Against the Healthcare Sector by Trickbot Group
EXECUTIVE SUMMARY Last week, the Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released the following alert: AA20-302A…
Read more![]()
AKO Ransomware – Analysis
Dive into AKO ransomware's methods and impact, including its unique data encryption and extortion techniques. This analysis provides an in-depth look at AKO’s rise and the challenges it presents for organizations and security professionals.
Read more![]()
Conti Ransomware is the New Ryuk?
Based on forensic analysis, Arete’s Threat Intelligence team observed that Conti ransomware could be a rebrand of Ryuk ransomware, as both variants have similar tactics, including leveraging the TrickBot banking trojan to deploy ransomware.
Read moreUniversal Encryption
Ransomware variants like Ryuk, WastedLocker, and Dopplepaymer are also file level encryption. These groups will gain access to the network and perform reconnaissance to identify the victim, understand their business, identify critical systems, and…
Read moreSystem Specific Encryption
Ransomware variants like Phobos, Dharma or CryLock are file level encryption. The TA gains access to the system, copies specific encryption executables onto the systems then runs the executables to encrypt the files. The results are files with a new…
Read moreRemote Access and IoT Search Engines
Recently, Arete Incident Response Tiger Teams (“Arete IR”) have responded to an increased volume of ransomware incidents involving the Sodinikibi, Phobos, and Dharma ransomware variants. The threat actors deploying these variants are known to use…
Read more
