14 min
Ransomware
Exploring the (Not So) Secret Code of Black Hunt Ransomware
In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.
4 min
Ransomware
2023 Ransomware Stats: A Look Back To Plan Ahead
As we step into 2024, the first victims of ransomware attacks are already being reported. What can the 2023 ransomware stats tell us about the year that was, and how can we use them to plan for the year ahead?
6 min
Ransomware
GhostLocker - A “Work In Progress” RaaS
GhostSec, has introduced a novel Ransom-as-a-Service encryptor known as GhostLocker.
3 min
Ransomware
Ransomware-as-a-Service Cheat Sheet
Ransomware-as-a-Service, or RaaS, has taken the threat landscape by storm. Learn how to protect your organization against RaaS attacks.
2 min
Research
Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974
Rapid7 research has found that nearly 19,000 ESXi servers likely remain vulnerable to CVE-2021-21974, which is being exploited in the ESXiArgs campaign.
5 min
Research
Evasion Techniques Uncovered: An Analysis of APT Methods
DLL search order hijacking and DLL sideloading are commonly used by nation state sponsored attackers to evade detection.
2 min
Emergent Threat Response
Ransomware Campaign Compromising VMware ESXi Servers
Hosting provider OVH and French CERT has issued a warning about a ransomware campaign that appears to be using CVE-2021-21974 to target VMware ESXi servers.
18 min
Ransomware
Increasing The Sting of HIVE Ransomware
Recently, Rapid7 observed a malicious actor performing several new techniques for increasing the impact of HIVE ransomware a victim’s environment.
3 min
Vulnerability Management
The 2022 SANS Top New Attacks and Threats Report Is In, and It's Required Reading
The latest Top New Attacks and Threat Report from the cybersecurity experts at SANS is here — and the findings are critical for security teams.
6 min
Ransomware
Architecting for Extortion: Acting on the IST’s Blueprint for Ransomware Defense
Last month, the Institute for Security and Technology’s Ransomware Task Force launched the Blueprint for Ransomware Defense.
3 min
Ransomware
To Maze and Beyond: How the Ransomware Double Extortion Space Has Evolved
Our research shows the "market share" of ransomware groups and how much they focused on different types of data.
3 min
Ransomware
For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus
We found customer data in the overwhelming majority of data disclosures from ransomware attacks against the financial services industry.
3 min
Ransomware
For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma
When it comes to ransomware in healthcare and pharma, there are some notable similarities that set them apart from other industries.
4 min
Ransomware
New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers
"Pain Points: Ransomware Data Disclosure Trends" reveals a story of how ransomware attackers think, what they value, and how they apply pressure.
3 min
Ransomware
Complimentary GartnerⓇ Report "How to Respond to the 2022 Cyberthreat Landscape": Ransomware Edition
The complimentary GartnerⓇ report “How to Respond to the 2022 Cyberthreat Landscape"will help you understand and defend against the ransomware threat.