From Lab52, we are very aware that in the fight against ransomware, we must not focus solely on the final artifact but must pay attention to every phase of deployment. Unfortunately, it will not always be possible to accurately identify the entire infection chain, as highlighted in the latest statistics by Coveware. The objective of […]
ransomware
Ransomware’s Christmas Carol
Around mid-year, Lab52 published a report on ransomware that included both geopolitical and cyber intelligence content. The report includes the analysis of different sources of information and showcasing some of our cyberintelligence findings in this regard. However, the activity of this type of malware prompts Lab52 to closely track the various recorded cases. Therefore, taking […]
Analyzing the encryption method of emerging ransomware families
Cyble has recently published an analysis of AXLocker ransomware, a new ransomware that has been seen for the first time in november this month. As the article explains, the ransomware encrypts and exfiltrates data using discord. In this report we will focus on the encryption routine of this new artifact, which we can see in […]
Quick review of Babuk ransomware builder
Last week, the builder for the Babuk ransomware family was leaked online. Lab52 has obtained and analyzed this builder sample determining that it is very likely to be authentic. After their recent official move from Ransomware as a Service to data leaks extortions, someone uploaded to virusTotal the ransomware builder for unknown reasons, and it […]