Ransomware Spotlight

Water Ouroboros (aka Hunters International) is a Ransomware-as-a-Service (RaaS) group that first emerged in October 2023. It is suspected to be a possible spin-off of Hive ransomware, which had its activities disrupted by the Federal Bureau of Investigation (FBI) in January 2023.

Despite being a young ransomware group, RansomHub moves boldly by targeting larger enterprises more likely to pay ransoms. With possible links to notorious ransomware names like BlackCat and Knight, the gang is a group to watch out for.

INC ransomware was first detected in July 2023, but has already released new versions: one that targets Linux computers and an update on their Windows variant. The ransomware has been observed to exploit CVE-2023-3519 and uses HackTool.Win32.ProcTerminator.A for defense evasion and HackTool.PS1.VeeamCreds for credential access in its different attack chains.

The LockBit intrusion set, tracked by Trend Micro as Water Selkie, has one of the most active ransomware operations today. With LockBit’s strong malware capabilities and affiliate program, organizations should keep abreast of its machinations to effectively spot risks and defend against attacks.

Despite positioning themselves as penetration testers, 8Base ransomware threat actors profit off their victims that are significantly comprised of small businesses. In this feature, we investigate how the gang operates to gain insights on how organizations can protect systems better from compromises that could result in financial loss.  

The threat actors behind the Rhysida ransomware targeted multiple industries by posing as a cybersecurity team that offered to help its victims identify security weaknesses in their networks and systems. Although the group’s activity was first observed back in May 2023, its leak site was established as early as March 2023. Like other ransomware groups, it employs double extortion tactics to pressure its victims into paying a ransom demand in Bitcoin.

After the shutdown of its leak site in October, we look at how ransomware group Trigona operated during its period of activity and discuss how enterprises can fortify their defenses against similar threats.

This report spotlights Akira, a novel ransomware family with highly experienced and skilled operators at its helm.

Play is shaping up to be a player on the rise within the ransomware landscape, with its operators likely to continue using the ransomware in future. We take a deep dive into its operations and offer ways in which organizations can shore up their defenses against this emerging threat.