Kasseika Threat Actor has joined the club of Threat Actors that currently use Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus/EDR software before carrying out malicious activities, such as encrypting files. Kasseika abuses the Martini driver, part of the TG Soft’s VirIT Agent System. By using BYOVD attacks, the malware gains privileges it…
Read More
Double extortion ransomware attacks have reached very high numerical values. One of the key elements, when suffering such an attack, concerns the negotiation that can be initiated (not always!) with the ransomware gang. The analysis, carried out by the SEC4U team, of hundreds of negotiations makes it possible to apply a scientific approach to this…
Read MoreThese days the landscape of cybercriminal activities seems to have as the only protagonists the Threat Actors who are carrying out an attack on publicly exposed VMware ESXi infrastructures. The French National Computer Emergency Response Team (CERT) published a security advisory on the ESXiArgs ransomware on February 3, 2023. Other important information regarding the attack was published…
Read More