Skip to Main Content

Our Insights

Providing you the latest industry-specific news and insights.

  • article

    Avaddon Ransomware Hits AXA

    BY ARETE CYBER THREAT INTELLIGENCE TEAM  EXECUTIVE SUMMARY From September 2020 to May 2021, the Arete Incident Response (IR) practice responded to nine Avaddon ransomware engagements across varying industry sectors, including the professional…

    Read more
  • article

    Colonial Pipeline Breached by Darkside Ransomware Group

    On Saturday May 8, US Colonial Pipeline announced that they were victim of a ransomware attack that affected their network on Friday May 7. US Colonial Pipeline is said to be the largest fuel pipeline in the United States and the main source of…

    Read more
  • report

    Healthcare Company Takes Proactive Measures to Improve Security Maturity

    A CIO saw a cyber incident as an opportunity to measure and get a baseline of the company's cyber hygiene and devise a plan for hardening infrastructure and reaching a higher level of security maturity.

    Read more
  • article

    Codecov Bash Uploader Supply Chain Attack

    By Arete Cyber Threat Intelligence Team EXECUTIVE SUMMARY  On April 15, Codecov announced a compromise to its Bash Uploader (a software application used in some of its products), whereby a threat actor was able to send sensitive information from…

    Read more
  • article

    Black Kingdom Returns to Exploit Zero-Day Vulnerabilities in Unpatched Microsoft Exchange Servers

    By Steve Ramey You know what’s fun about zero-day exploits? Nothing, especially when ransomware is involved. Earlier this month, Microsoft released a statement notifying the public of a zero-day exploit that affected its on-premises Exchange…

    Read more
  • article

    Microsoft Exchange Server Zero-Day Hack Insight

    On March 2, 2021, Microsoft disclosed and provided security updates for four [4] critical vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 — impacting on-premises Microsoft Exchange Servers. While Internet-facing…

    Read more
  • article

    Don’t Drink from That! Gootloader Watering Hole Leads to REvil Attack

    By Arete Forensics Team REvil, more commonly referred to as Sodinokibi, is one of the most prolific ransomware threat groups currently active in the cyber extortion space. In the past year alone, Arete has responded to countless incidents where…

    Read more
  • article

    Darkside Ransomware: Caviar Taste on Your Big-Game Budget

    By Arete Cyber Threat Intelligence Team EXECUTIVE SUMMARY By all appearances, the proprietors of Darkside ransomware mean business. Big business. With their sights set on organizations with US$4M+ in revenue, they’re all about high-value,…

    Read more
  • article

    Good Europol Hunting: How Do You Like Them Apples, Emotet?

    On January 27, 2021, Europol announced that it had led a coordinated takedown of the Emotet infrastructure in collaboration with law enforcement authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania,…

    Read more
  • article

    Egregor: The Ghost of Soviet Bears Past Haunts On

    By Adam Brown and Harold Rodriguez, Arete Cyber Threat Intelligence Team Ransomware variants come. Ransomware variants go. And while Egregor may have only recently surfaced, it is by no means a fly-by-night operation. In fact, one could argue that…

    Read more
  • article

    WastedLocker Ransomware Insights

    BACKGROUND On the December 5th, 2019 the U.S. Department of Justice announced indictments against 17 individuals including 2 Russian nationals Maksim Yakubets and Igor Turashev that were the primary ring-leaders of the Russian hacking group known as…

    Read more
  • article

    Sodinokibi Labels Keys with “Black Lives Matter”

    OVERVIEW Since January 2020, the Arete IR practice has responded to forty-one (41) Sodinokibi engagements.  The industry has seen two big changes with Sodinokibi/REvil from their shift to exfiltrating data as of January 2020, and more, recently with…

    Read more