The Sekhmet ransomware has been increasing the number of its attacks around the world, the group has similarities to the ransomware controlled by the Maze barracks. But even though there are similarities, it is not part of the barracks. Sekhmet like the vast majority of ransomware groups uses RaaS (Ransomware a as Service) tactics and double extortion. These two tactics are

The Astro Locker ransomware is the evolution of the Mount Locker ransomware, unlike other groups that change their name to fool authorities, this group changed their name to punctuate their evolution. After the name change, the group appeared even more aggressive in its attacks and with its malware even more dangerous. The Astro Locker ransomware script has been updated. Now, after the

SunCrypt ransomware, also known as Ransom.SunCrypt, is one of the clear examples of how ransomware groups act after successful attacks on large companies. After these attacks they shut down their activities for a while and soon after a new ransomware appears, which is just a derivation of the old ransomware, in other words they just change the name and continue with

The PayloadBIN ransomware is part of one of the world’s most feared groups, the Evil Corp, this group is responsible for numerous attacks in the United States that have generated losses running into the millions of dollars. The attacks were being so recurrent that the US Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions against the group, imposing

Nephilim ransomware first appeared in March 2020, and since then there have been numerous records of attacks by this group. The group’s main targets are companies with a turnover of more than $1 billion. This type of strategy is called “Big Game Hunting“, some ransomware is developed specifically to target these companies, but that doesn’t take away from the fact that

The Grief Ransomware has emerged with a new look and the same modus operandi as the DoppelPaymer ransomware. Ransomware groups adopt this tactic of changing their name to try to evade the radar of authorities. The old DoppelPaymer ransomware was active until May, some time after one of the largest attacks on an American company, the Darkside ransomware attack on

The Ranzy Locker ransomware has placed itself among the major cybercriminal groups, it is a spin-off of the AKO and ThunderX ransomware. The FBI released a flash alert with information about the group and its high dangerousness. Ranzy Locker first appeared in 2020, and that same year the FBI reported attacks on more than thirty companies in critical manufacturing, government

The DoppelPaymer ransomware is one of the old groups that remains on the world stage to this day, time has not taken away from the group’s thirst and commitment to making attacks. The amount of ransom demanded by the group is around $25,000 to $1.2 million. The main means of intrusion used by the group are malicious spam email campaigns,

The Lockean ransomware is the newest group in the “big game hunting” which is the open hunting of large corporations.The first record of the ransomware was made yesterday (03/10/2021), but not that it was the first record of activity from the group. There are indications that they have already been allied with large groups that have done numerous attacks around the world

After a short break the Zeppelin ransomware is back in business, with its updated system it appears as a big one in the “Big Game Hunting”. It is part of the Vagas Locker family of ransomware, which include Jamper, Storm (or Buran). Zeppelin’s first detection was in November 2019. Like the vast majority of ransomware, Zeppelin uses the RaaS (Ransomware as