Resources
Providing you the latest industry-specific news and insights.
![]()
Windows Native Ransomware – Encrypting with Bitlocker
Bitlocker, a Windows app for full-volume encryption, is exploited by threat actors to encrypt files and demand ransom. Despite more advanced options, new actors like "Shrinklocker" still prefer Bitlocker for encryption.
Read more![]()
Fool Us Once … BlackMatter Initial Access Tactics Point to a Possible REvil Association
Arete observed an overlap between a recent BlackMatter case and a Q1 2021 REvil case.
Read more![]()
The Hidden Costs of Cybercrime
This year, the global cost of cybercrime is expected to hit $6 trillion.[i] Up from $3 trillion in 2015, it’s nothing short of a big, flourishing business whose operators are relentless innovators.
Read more
Good Europol Hunting: How Do You Like Them Apples, Emotet?
On January 27, 2021, Europol announced that it had led a coordinated takedown of the Emotet infrastructure in collaboration with law enforcement authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania,…
Read more![]()
Egregor: The Ghost of Soviet Bears Past Haunts On
Egregor ransomware, a sophisticated RaaS platform, uses data exfiltration and brazen negotiation tactics to target major sectors like manufacturing and retail and caters to experienced affiliates.
Read moreSodinokibi Labels Keys with “Black Lives Matter”
OVERVIEW Since January 2020, the Arete IR practice has responded to forty-one (41) Sodinokibi engagements. The industry has seen two big changes with Sodinokibi/REvil from their shift to exfiltrating data as of January 2020, and more, recently with…
Read moreUS Government Alerts of Imminent Attacks Against the Healthcare Sector by Trickbot Group
EXECUTIVE SUMMARY Last week, the Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released the following alert: AA20-302A…
Read more![]()
Akira Targeting SonicWall Devices (Again)
A recent wave of Akira ransomware attacks has targeted SonicWall firewall devices, exploiting a previously identified flaw.
Read more![]()
Multiple Threat Groups Using New EDRKillShifter Builds
Multiple ransomware groups now use updated EDRKillShifter builds to disable EDR protections via BYOVD and HeartCrypt, targeting major security platforms.
Read more![]()
Scattered Spider Claims to be Going Dark
The Scattered Spider cybercrime group announced it was going dark, but evidence suggests ongoing operations.
Read more![]()
Managed File Transfer Exploits: Here to Stay?
Cybercriminals exploit MFT vulnerabilities in CentreStack and GoAnywhere, enabling remote code execution and access to sensitive data.
Read more
