@BushidoToken Threat Intel

  The scourge of ransomware continues primarily because of three main reasons: Ransomware-as-a-Service (RaaS), cryptocurrency, and safe havens. RaaS platforms enable aspiring cybercriminals to join a gang and begin launching attacks with a support system that help extract ransom payments from their victims. Cryptocurrency enables cybercriminals to receive funds from victims around the world without the option to freeze or refund them due to the immutable nature of the virtual funds. Safe havens are countries that permit cybercriminals to launch attacks without immediate fear of arrest, enabling them to earn vast fortunes through ransomware campaigns. With these three challenges in mind, law enforcement and governments have a very difficult job to do when it comes to fighting ransomware but fight it they must. In this blog we shall recall what counter-ransomware activities took place in 2024, analyse their effectiveness, and assess how the landscape shall evolve as a result. A...

The dozens of cybercriminals that made up the Conti group continue to launch campaigns unabated. Previously in 2022, I blogged about how following the Conti Leaks , the operators of Conti  continued on via multiple rebranded ransomware campaigns, such as Royal, BlackBasta, and Quantum, among others.  Since my last two blogs on the Conti/TrickBot gang, multiple members have been officially sanctioned by the US and UK government in February 2023 and September 2023 , formally confirming attribution to Russia-based threat actors. The sanctions are a vital step in the right direction and helps the public and law makers understand what organized cybercrime looks like and the scale of the fight on our hands. In this blog, however, I wanted to explore the ransomware campaign called Akira that appeared in March 2023  and focus on how Akira is connected to Conti. Akira is a rapidly growing threat to civil society and critical infrastructure and is the ransomware group I believe r...