Tuesday, December 17, 2024
Homecyber securityUnderground Ransomware Continues to Attack Industries Of Various Sizes

Underground Ransomware Continues to Attack Industries Of Various Sizes

Published on

SIEM as a Service

Over the past year, the ransomware actor known as “Underground” has been less active than other groups, yet they remain a threat in the cybersecurity landscape.

Despite their reduced activity, Underground continues to target industries of various sizes, causing substantial disruptions and financial losses.

Lengthy Ransom Notes and Exfiltrated Data

According to Broadway reports, Underground is notorious for generating a lengthy ransom note, typically named! Unable to render embedded object: File (READ_ME) not found.!.txt. This note contains detailed information about the data that has been infiltrated.

- Advertisement - SIEM as a Service

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs:Try Free Demo 

Victims are provided with an ID and a password, which they must use to connect with the ransomware group through a website on the TOR network.

Associated malicious indicators are blocked and detected by existing policies within VMware Carbon Black products.

The recommended policy is to block all types of malware (Known, Suspect, and PUP) from executing and delay execution for cloud scans to maximize the benefits of VMware Carbon Black Cloud reputation service.

While Underground may not be as active as other ransomware groups, their continued presence and ability to target various industries make them a persistent threat.

Organizations must remain vigilant and employ comprehensive cybersecurity measures to protect against sophisticated attacks.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Sign up for free



Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

The Rise of AI-Generated Professional Headshots

It’s clear that a person’s reputation is increasingly influenced by their online presence, which...

Hackers Abuse Google Ads To Attacking Graphic Design Professionals

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals,...

Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls

Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in...

Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Hackers Abuse Google Ads To Attacking Graphic Design Professionals

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals,...

Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls

Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in...

Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used...