LockBit2.0, Beyond Privacy and Security

LockBit Countdown Screen Capture

Lockbit2.0, beyond privacy and security This document describes the recent Cyber Attacks on Accenture that reportedly affected over 2,500 computers and leaked client information. LockBit threat actors posted the names of companies and their logos on their dark web site. They threatened to publish the data stolen during the Accenture ransomware attack. The threat actor […]

What is RansomExx?

A RansomEXX ransom note

Executive Summary This document describes the recent Cyber Attacks on StarHub and Gigabyte servers. The attack exploited vulnerabilities in a Gigabyte server. It impacted approximately 800 businesses using Starhub/Gigabyte equipment and 1,500 businesses using Gigabyte equipment worldwide. PC component maker Gigabyte and Singapore Telco StarHub were compromised in an attack targeting several of their internal […]

Prometheus Ransomware Decryptor

Prometheus Decryptor

How to partially recover your encrypted files. Executive Summary This year, CyCraft has been involved in several cases of Prometheus attacks. Naturally, we attempted to reverse-engineer Prometheus to gain a better understanding of the attack itself, the malware, and the attacker. We discovered that it was possible to recover our customers’ encrypted files to some […]

What is Lemon Duck Attack?

lemon duck malware

How a malware evolved from a cryptocurrency botnet can compromise your network Executive Summary This document describes the recent Lemon Duck cyberattack. The Lemon Duck malware is considered the latest cybersecurity threat. It has evolved from a cryptocurrency botnet to malware capable of stealing credentials, removing security controls and spreading itself via emails. Microsoft has […]

What is Kaseya attack?

How Threat Actors used the REvil Ransonware-as-a-Service Executive Summary This document describes the recent Kaseya VSA cyberattack. This massive attack was launched against around 50 ‘managed services’ providers by a threat actor that is associated with REvil ransomware-as-a-service (RaaS) group. This attack happened due to an unpatched zero-day vulnerability in Kaseya’s VSA software. Current Exploit […]

CVE-2021-1675 (CVE-2021-34527) PrintNightmare

CVE-2021-1675 Printnightmare

This vulnerability is also known as PrintNightmare and the Print Spooler Bug. Microsoft also recently renamed this new vulnerability CVE-2021-34527. The original CVE-2021- 1675 was patched due to allowing an EoP hole; however, further issues were brought to light that CVE-2021- 1675 could also be used for RCE. This is the vulnerability to which we are referring.