{ "name": "Ransomware: Activity Levels Remain High Despite Disruption", "slug": "ransomware-activity-levels-remain-high-despite-disruption", "description": "While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your-Own-Vulnerable-Driver techniques, and the return of the Clop ransomware by the Snakefly group.", "published": "2024-07-11T11:06:52+00:00", "created_at": "2024-07-11T11:06:52+00:00", "modified_at": "2024-07-11T11:35:44+00:00", "created_at_opencti": "2024-07-11T11:06:52+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-07-11", "CVE-2024-4577", "akira", "alphv", "blackcat", "blacksuit", "cyclops blink", "disruption", "encryption", "lockbit", "noberus", "phobos", "qilin", "ransomware", "tellyouthepass", "vulnerability", "warp av killer" ], "related_entities": { "observables": [ { "id": "", "name": "f572898ab9f9a0fabac77d5d388680f84f85f9eb2c01b4e5de426430c6b5008f" }, { "id": "", "name": "f6afa84b0847414220bb15517b8b5e2c505b64b53efbba73b753379c66ac5017" }, { "id": "", "name": "ea59d6a130a279dfde4df53640bd720419c7b5d9711a21a78af9453b1b3b5805" }, { "id": "", "name": "bef2d817f1813eb0629222112fd3721865a2a4eb1f4d51ad1f09fd807d4380ab" }, { "id": "", "name": "d18453e564ca27514227478f225d85811fe15d08aa5fb1f613022c43155c5c54" }, { "id": "", "name": "aa43f34c3fa67aea994c1babeb71b46c7b24eccaa0455ae21aa561e251e7cc4d" }, { "id": "", "name": "aa0ef20f9f8ca111b0d8a550daf6651f5b0557f0acb0a26545755c5a02263a9b" }, { "id": "", "name": "a702a671b7911a09ccb5b4f42923e8b301e0bbb851443dd52622022959a3055a" }, { "id": "", "name": "88efa81984852dac62d325f2091a09de1e6423a711d7913aeac103c50664cf84" }, { "id": "", "name": "7d6877eb8a3e2da1e8b06e2ed41604c6c3d5ced8293f7cc7e760ba972303bd0e" }, { "id": "", "name": "7101db8cb05e989c018ebc5df47819029cd76c4093b22c4582288795e46f6689" }, { "id": "", "name": "6fb438feeb8369c5b82bfaa77144a641f7645c321f0b24dd97cfe2687b1ebd44" }, { "id": "", "name": "67e4c18e80d4d1acb9395f4a1fe9c2a75d95fcccdb33bcdd5259ba6f47e60e57" }, { "id": "", "name": "6192488729850a7a28498f233346e856b0097e4b3160baa641f8cf9571b56da8" }, { "id": "", "name": "5e446efb6c4f296fb8f25ef7a1a0a482f51dc475bd5ef3e89be9d43782a9f60f" }, { "id": "", "name": "4de4621da1b7da597c2c8def4c08b8d405672dadb9c70d7dffd647c8d6abd394" }, { "id": "", "name": "4d571f4d0008deb01e3144e0e3d5f882c5422acfcb4dd260082852a822d8d2fb" }, { "id": "", "name": "3f41e2ceff3a04cd6de6aadce7e7b7c8584940e4320a7db55dd712debb061510" }, { "id": "", "name": "38f0750cbe49b30db326b53b9f752b66c4f5e23cc3bbbd6d1844e2878a19b9a7" }, { "id": "", "name": "2881194b7e0939d47165c894c891737d8c189ee8fb4720e814a4bcdd804d00d1" }, { "id": "", "name": "2fc2d747847eb04561a435e65954f0103101e2190458eb3c125deda49326c597" }, { "id": "", "name": "21ff399e57cc306a1ae1daab6009ea40c8aa96c39296d0f8781626de6bd19256" }, { "id": "", "name": "170d654b61810992fef6f18dbce5b4c7f5762cf36c9b41c36a14c9f6609f6e7d" }, { "id": "", "name": "1453179d46ef89eb780f8b82632f352017a3586e8d49fc3f087f633f7bebbf0a" }, { "id": "", "name": "9562ad2c173b107a2baa7a4986825b52e881a935deb4356bf8b80b1ec6d41c53" }, { "id": "", "name": "95279881525d4ed4ce25777bb967ab87659e7f72235b76f9530456b48a00bac3" }, { "id": "", "name": "3e65437f910f1f4e93809b81c19942ef74aa250ae228caca0b278fc523ad47c5" } ], "malware": [ { "id": "f49f6ca9-cb53-4f74-98f8-0aadc7fc25a8", "name": "Warp AV Killer", "slug": "warp-av-killer" }, { "id": "legacy:malware:910d49d68313d36a", "name": "Qilin", "slug": "qilin" }, { "id": "legacy:malware:942ea37267c8ecb9", "name": "TellYouThePass", "slug": "tellyouthepass" }, { "id": "legacy:malware:fe441e5ad2187dfd", "name": "Cyclops Blink - S0687", "slug": "cyclops-blink-s0687" }, { "id": "legacy:malware:57f5f768df634c63", "name": "BlackCat - S1068", "slug": "blackcat-s1068" }, { "id": "legacy:malware:516626bf8a5006ec", "name": "Play", "slug": "play" }, { "id": "legacy:malware:0d729aad6e4a08a8", "name": "Noberus", "slug": "noberus" }, { "id": "legacy:malware:f31a0b66e3452c17", "name": "Blacksuit", "slug": "blacksuit" }, { "id": "28206dae-800a-4dcc-9872-b7916a5f2b31", "name": "Akira", "slug": "akira" }, { "id": "legacy:malware:3f7697d87ccd7a64", "name": "ALPHV", "slug": "alphv" }, { "id": "legacy:malware:c128bf247fe86d39", "name": "Phobos", "slug": "phobos" }, { "id": "6fd78f75-0163-4777-a392-6c23ea15731d", "name": "LockBit", "slug": "lockbit" } ], "attack_patterns": [ { "id": "1f2ce0cc-430c-4317-a332-83a27cbad1d3", "name": "T1548" }, { "id": "a2ba5594-6293-4868-928c-ab4b31927a02", "name": "T1572" }, { "id": "1e1b6cb4-44b5-4e17-b267-bcb104acb1d4", "name": "T1546" }, { "id": "eb118bf2-fdf2-4b49-a470-0acabf7608ad", "name": "T1505" }, { "id": "d9f271ed-7685-4362-b90d-f16a14102f39", "name": "T1489" }, { "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1", "name": "T1486" }, { "id": "45082a8e-9c79-470e-ad1b-decac7188e8f", "name": "T1083" }, { "id": "af9ed2e3-4663-4723-beab-c606ddc312e0", "name": "T1543" }, { "id": "c3af9fd7-d307-4df4-9220-cc627938fb85", "name": "T1055" }, { "id": "747c7b95-79ff-4132-8ea5-397cb6665ebd", "name": "T1498" }, { "id": "29f7ff93-033b-4f8d-8691-5bcaa438c80f", "name": "T1592" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d", "name": "T1053" }, { "id": "358e04b8-6f65-48b2-a24b-f101bfc6671a", "name": "T1195" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "vulnerabilities": [ { "id": "", "name": "CVE-2024-4577" } ] }, "external_refs": [ "https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-q2-2024", "https://otx.alienvault.com/pulse/668fd8ec788983816343aa3a" ] }