Skip to Main Content

Our Insights

Providing you the latest industry-specific news and insights.

  • article

    Cybersecurity in the Age of Ransomware. It’s More Than Simply Having Insurance.

    BY KEVIN BAKER  In many ways, cybersecurity insurance is not so different from car or home insurance. In short, it’s a way to transfer risk. If a cyber incident occurs, insurance can help organizations gain a level of mitigating control and…

    Read more
  • article

    Surtr Ransomware Pays Tribute to REvil

    Executive Summary In February 2022, Arete investigated a Surtr ransomware incident where the ransomware author(s) paid tribute to the now defunct REvil (aka Sodinokibi) group by making a registry key change to the infected host. REvil was…

    Read more
  • article

    Fool Us Once … BlackMatter Initial Access Tactics Point to a Possible REvil Association

    BY CYBER THREAT INTELLIGENCE TEAM Arete observed an overlap between a recent BlackMatter case and a Q1 2021 REvil case. In both instances, the actors leveraged the NodeJS-based Gootloader to deliver a CobaltStrike payload. In a March 2021 insight,…

    Read more
  • article

    PYSA: 2020 to Now

    BY ARETE CYBER THREAT INTELLIGENCE TEAM  PYSA is the newest variant of the Mespinoza Ransomware as a Service (RaaS) family, which was first observed infecting victims in the wild in December 2019. PYSA is likely a reference to the open-source web…

    Read more
  • article

    Endpoint Detection and Response: The Closest Thing to a Silver Bullet to Stop Ransomware

    By Paul Caron   In its recent report “Combating Ransomware,” the Ransomware Task Force says there’s no silver bullet to solving the ransomware challenge. Instead, the group touts a multi-pronged approach and provides an extensive list of…

    Read more
  • article

    Avaddon Ransomware Hits AXA

    BY ARETE CYBER THREAT INTELLIGENCE TEAM  EXECUTIVE SUMMARY From September 2020 to May 2021, the Arete Incident Response (IR) practice responded to nine Avaddon ransomware engagements across varying industry sectors, including the professional…

    Read more
  • article

    Colonial Pipeline Breached by Darkside Ransomware Group

    On Saturday May 8, US Colonial Pipeline announced that they were victim of a ransomware attack that affected their network on Friday May 7. US Colonial Pipeline is said to be the largest fuel pipeline in the United States and the main source of…

    Read more
  • article

    Black Kingdom Returns to Exploit Zero-Day Vulnerabilities in Unpatched Microsoft Exchange Servers

    By Steve Ramey You know what’s fun about zero-day exploits? Nothing, especially when ransomware is involved. Earlier this month, Microsoft released a statement notifying the public of a zero-day exploit that affected its on-premises Exchange…

    Read more
  • article

    Dear Ramey: Will I Be Hacked Again?

    ANSWERING BURNING QUESTIONS FROM VICTIMS OF CYBER EVENTS DEAR RAMEY: My organization was hacked, and ransomware encrypted our files. We have no interest in paying the ransom because we don’t want to encourage malicious activity. Do we have any…

    Read more
  • article

    Don’t Drink from That! Gootloader Watering Hole Leads to REvil Attack

    By Arete Forensics Team REvil, more commonly referred to as Sodinokibi, is one of the most prolific ransomware threat groups currently active in the cyber extortion space. In the past year alone, Arete has responded to countless incidents where…

    Read more
  • article

    Darkside Ransomware: Caviar Taste on Your Big-Game Budget

    By Arete Cyber Threat Intelligence Team EXECUTIVE SUMMARY By all appearances, the proprietors of Darkside ransomware mean business. Big business. With their sights set on organizations with US$4M+ in revenue, they’re all about high-value,…

    Read more
  • article

    Cybersecurity Trends: What We Saw in 2020, What We Expect to See in 2021

    Where change seems a constant, perhaps the biggest and most surprising cybersecurity issue of 2020 was a lack of change. But before we get to that, let’s look at some other key cybersecurity trends. A CONTINUED RISE IN RANSOMWARE ATTACKS Kidnapping…

    Read more