Known cybercrime group Scattered Spider has increasing its capability adding RansomHub and Qilin ransomware as stated by Microsoft. Specialized in highly developed social engineering techniques and the previous attacks on VMware ESXi servers with BlackCat ransomware, Scattered Spider is not standing still.
Key Developments:
RansomHub Ransomware:
- First spotted this year and previously known as the Knight ransomware.
- Distributed as a RaaS tool or Dercon 2. 0 which enabled the tool to be used by different threat actors.
- Noted in the situations, which occur after compromise associated with Evil Corp, after the initial intrusion, when fake updates are used.
New Ransomware Strains:
- Another malware, Qilin, a ransomware strain has been added to the ensemble of Scattered Spider.
- New general of ransomware like FakePenny, Fog, and ShadowRoot appear; existing ones attack companies in various countries; Turkey is no exception.
Cybersecurity Measures:
- Microsoft emphasizes the importance of robust security measures to counteract these evolving threats.
- Credential Management: This is to say that passwords should be complex and different and equally should be updated frequently.
- Principle of Least Privilege: Restriction of the user exposure with the resources that they require or are likely to require.
- Zero Trust Security Model: Authenticating all the access requests and authorising them.
Looking at the recent attacks of RansomHub as the most popular ransomware instrument, one can admit that threats continue to evolve. These attacks are already getting more sophisticated and organizations must remain vigilant and institute a sound defense plan on the systems and information.