A new ransomware extension, called Checkmate, has been identified and has made numerous attacks targeting NAS (Network Attached Storage) devices. The checkmate ransomware first appeared in May 2022, breaking into servers manufactured by the company QNAP. In an official QNAP statement released in July of this year, the company commented that hackers break into the system “using a dictionary attack

BianLian ransomware is intended to encrypt data and demand a ransom in exchange for the release of the decryption key. Due to the importance of the data, many victims, be it a business or an individual, end up giving in and paying the requested ransom. Infection with a dangerous virus, such as the BianLian ransomware, can cause severe damage to

The AiDLocker ransomware has been drawing attention in recent days. The group has been manifesting itself on forums and social networks such as Telegram, introducing its malware. We can deduce, due to its relationship with other Russian groups, that the AiDLocker ransomware probably originates from Russia. The group has been active in advertising its malware. In the current update, we

The Ech0raix ransomware has been known since 2019. However, recently the group responsible for the Ech0raix ransomware attacks has updated its malware and has once again fired malicious email campaigns around the world. The group’s attacks are targeted exclusively at QNAP NAS (Network Attached Storage) devices, which has forced the manufacturer QNAP to release problem-solving updates frequently. The Ech0raix ransomware

The Fonix ransomware was released in June 2020; however, it did not gain prominence at first. However, in early 2021, the ransomware hit 182 companies, putting the group in the spotlight alongside other extensions such as REvil Sodinokibi and LockBit. It is common for systems to be infected by ransomware through macros, malicious ads, and pirated downloads. Fonix propagates itself

The Holy Ghost Ransomware is an organization that has been operating since June 2021, carrying out small-scale double extortion attacks. Its method consists of stealing information and threatening to expose it on its TOR domain. According to the researchers, the group chooses not to attack large institutions that require time and complex strategies. But they aim to conduct smaller operations

The OldGremlin ransomware started its activities around March 2020. Although apparently Russian-speaking, OldGremlin ransomware primarily targets Russian institutions such as national banks, private companies in the industrial or medical fields. According to Oleg Skulkin, a forensic analyst at Group-IB, the perpetrators of these attacks are the only Russian-speaking ransomware operators to violate the dictated rule about not working in Russia

Ransomware attacks have been on the rise these past few years and new ransomware often emerges. This July, it was the case with the Rever ransomware that has some important characteristics. The main target of Rever ransomware is Synology NAS and Windows Server systems. After breaking in, most often done via unprotected RDP or malicious emails, the attackers encrypt the

The CryptOn ransomware was discovered around 2017. Since then, it has had varying nomenclatures, such as Cry9, CRY36, Cry128, Nemesis or X3M. CryptOn is part of the CryptoLocker ransomware family. CryptOn steals and encrypts the victim’s data. In this way the group applies double extortion, which consists of threatening the victim with the publication of the data if the ransom

We know that the OnePercent ransomware has been active in the cyber world since late 2020. Based on Ransomware as a Service (RaaS) operations, the group behind the OnePercent ransomware has been targeting attacks on various companies around the world and largely in the United States. Like many other ransomware, OnePercent usually encrypts a company’s data, threatening to release or