In this report, Armor's Amer Elsad will dive deep and explore Grief operation and development since it was first observed in July 2017 as BitPaymer, as well as compare the different variants and partnerships with other threat actors and ransomware groups Download Report
View More
Bah Humbug – Nasty Active Directory Exploits Call for Immediate Patching New attacks reinforce importance of rigorous updates in wake of Log4Shell As the Log4j threat continues to unfold, there is yet another “humbug” that should be top-of-mind for businesses as we enter the throes of the holiday season. The Armor team is closely monitoring […]
View More
We’re continuing our blog series about Living-off-the-Land (LotL) attacks by focusing on a particularly fast-moving malware called Astaroth. Click here to view the first post, which goes into the characteristics of LotL binaries and how they work. First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It […]
View More
Cyber trends tend to come and go, but one popular technique we’re seeing currently is the use of living-off-the-land binaries. The concept of “living off the land” (LotL) was first introduced by Christopher Campbell and Matt Graeber at Derbycon 3.0 (2013) and refers to attacker behavior when they use any binary supplied by the operating […]
View More
Armor identifies 15 new ransomware victims including healthcare, edcuation and municipalities.
View More
Update 9.26.19 Since the original publication of this report on Friday, September 20 the following 5 schools have also come forward as victims of ransomware attacks, for a total of 15 schools in the past two weeks. A total of 54 education victims, potentially impacting over 500 individual K-12 schools have been reported in the […]
View More
Update Tuesday, September 3, 2019: to reflect new victims identified by Armor As of today, Armor’s Threat Resistance Unit (TRU) security team has identified four new ransomware victims since Friday, August 30 bringing the total to 17 new ransomware victims in the past 11 days. Ten of them are school systems. Education officials across the […]
View More
Updated as of 10:30 am CST, August 22, 2019 Armor Identifies Seven New Victims in Statewide Ransomware Attack After identifying the cities of Keen and Borger, Texas as victims of the mass ransomware attack which hit Texas on August 16th, cloud security solutions provider Armor has identified seven new victim organizations. They include: Wilmer, TX Lubbock […]
View More
Last Updated: 5/29/2019 Eric Sifford, security researcher with Armor’s Threat Resistance Unit (TRU), found new tweets on Saturday, May 25, 2019 and on Tuesday, May 28, 2019 from a Twitter account , which appears to be connected to the City of Baltimore ransomware attackers. Both tweets were directed squarely at Baltimore’s mayor, Bernard C. “Jack” […]
View More
It is no secret cybercriminals follow the money. But during the past several months, that adage has taken a very literal turn, as a series of cyberattacks targeting payroll departments and payroll services has transpired. Armor, a leading global cloud security solutions provider, observed mention of one such cyberattack in early April, whereby hackers targeted […]
View More