Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures
Author: Zaid Baksh In the ever-evolving landscape of cyber threats, ransomware remains a persistent menace, with groups like Lorenz actively exploiting vulnerabilities in small to medium businesses globally. Since early 2021, Lorenz has been employing double-extortion tactics, exfiltrating sensitive data before encrypting systems and threatening to sell or release it publicly unless a ransom is […]
Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin
Authors: David Brown and Mungomba Mulenga TL;dr NCC Group has observed what we believe to be the attempted exploitation of CVE-2021-42278 and CVE-2021-42287 as a means of privilege escalation, following the successful compromise of an Ivanti Secure Connect VPN using the following zero-day vulnerabilities reported by Volexity1 on 10/01/2024: By combining these vulnerabilities threat actors […]
Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
Author: Alex Jessop (@ThisIsFineChief) Summary Tl;dr This post will delve into a recent incident response engagement handled by NCC Group’s Cyber Incident Response Team (CIRT) involving the Ransomware-as-a-Service known as NoEscape. Below provides a summary of findings which are presented in this blog post: NoEscape NoEscape is a new financially motivated ransomware group delivering a […]