Cyber threats and the energy sector: an overview

The major cyber threats facing the energy sector include ransomware, phishing, malware, vulnerability exploitation, supply chain issues, and DDoS attacks. These attacks may be carried out by state-sponsored threat actors, highly-organised criminal gangs, hacktivist collectives or even individuals acting alone. The energy sector is a prime target for cyber criminals for a variety of reasons: […]

Cyber threats and the energy sector: an overview Read More »

Ransomware Review – February 2022

Our rundown of the key ransomware events, attacks, and group activity from February. The FBI has issued an advisory warning that the BlackByte ransomware group has been observed targeting multiple US-based entities, including at least three related to critical infrastructure. Government facilities, alongside organisations in the financial, food and agriculture sectors, are all defined as

Ransomware Review – February 2022 Read More »

Ransomware Review – November 2021

The Snatch ransomware operators, a group that began operating in 2019 and disappeared in 2020, has resurfaced after almost a year of silence. The group has created a new leaks blog and has already added 10 new victims. They are also one of the multiple groups about which Native American tribes have been warned. An

Ransomware Review – November 2021 Read More »

Ransomware Review – October 2021

In late October, the operators of the REvil (also known as Sodinokibi) ransomware announced they were shutting down their operations due to an infrastructure compromise. Subsequently, it was confirmed that this compromise was conducted as part of a joint operation by multiple law enforcement and intelligence agencies from various countries. The initial takedown of REvil

Ransomware Review – October 2021 Read More »

Darknet Quarterly Review – Q3 2021

The third quarter of 2021 saw the disappearance of Televend, which was a significant blow to darknet vendors who had begun using the service to sell their products via instant messaging platforms as opposed to conventional darknet markets. This quarter also provided a better understanding of how certain major darknet forums were enforcing their ransomware

Darknet Quarterly Review – Q3 2021 Read More »

Ransomware Review – September 2021

This month saw the return of the REvil ransomware group (also known as Sodinokibi). The group’s infrastructure went offline in July, soon after their high-profile supply-chain attack targeting Kaseya. At the time, it was unclear if this was a voluntary decision or stemmed from a potential operation by law enforcement entities. However, the group’s infrastructure

Ransomware Review – September 2021 Read More »

Ransomware Review – July 2021

The most significant ransomware attack in July was the Kaseya attack conducted by the REvil (also known as Sodinokibi) ransomware group. The REvil operators exploited a 0day vulnerability in Kaseya’s VSA servers to bypass authentication measures and perform arbitrary code execution. Notably, this vulnerability had already been privately disclosed to Kaseya, though it remains unclear

Ransomware Review – July 2021 Read More »

Darknet Review – Q2 2021

The second quarter of 2021 has been a period of relative stability for darknet markets, with WhiteHouse continuing as the leading English-language market across the ecosystem. Conversely, darknet forums have experienced some degree of upheaval, which can largely be attributed to the outsized role of ransomware groups and the increasing attention being paid to such

Darknet Review – Q2 2021 Read More »

REvil-ution – A Persistent Ransomware Operation

REvil (short for Ransomware Evil) is a revolutionary ransomware operation. Its predecessor, GandCrab, which was retired in early 2019, pioneered the concept of ransomware-as-a-service (RaaS) for “big game hunting” campaigns (where corporate targets are selected according to their annual turnover). REvil’s operators (also known as GoldSouthfield or PinchySpider) continued where GandCrab left off, and thrived.

REvil-ution – A Persistent Ransomware Operation Read More »

Scroll to Top