Art Appraisal Blog

Summary: WannaCry is a ransomware worm that exploits SMB V1 vulnerability (CVE-2017-0144) and caused a worldwide cyberattack by encrypting data and demanding ransom payments in Bitcoins from computers running Microsoft Windows. In May 2017, WannaCry made headlines when it infected the National Health Service (NHS) and other organizations across the globe, including government institutions in China, Russia, the United States, and most of Europe. The WannaCry worm has been referred...

Summary: As an upgrade to LockBit, LockBit 2.0 first appeared in June 2021 as a ransomware service (RaaS). In the third quarter of the calendar year 2021, the LockBit 2.0 RaaS became particularly prolific, attracting affiliates via recruitment campaigns in underground forums. The LockBit 2.0 operators claimed that their encryption software was the fastest of any active ransomware strain as of June 2021, stating that this increased its effectiveness and...

What is a Red Team in Cyber Security? The term “Red Team” derives from the military practice of using war games to challenge operational plans by testing how defenses perform when faced with a brilliant adversary. A “Red Team” refers to an enemy team that has to overcome the defenses of the “Blue Team,” the home team. Red teams in cybersecurity play the role of attackers in this simulation; they...

What is Security Operations Center? A Security Operations Center (SOC) is a team of cybersecurity specialists who monitor and analyze an organization’s security while responding to possible breaches. This team is responsible for scanning all security systems in real time. First-line defense systems continuously protect an organization’s security infrastructure against potential cyber-attacks. The SOC team protects the organization by monitoring, detecting, analyzing, and investigating cyber threats. Cyber security incidents are...

Summary: During the SolarWinds hack (CVE-2020-10148), thousands of organizations, including the U.S. government, were affected, not only because a single company was breached but because it triggered a broader supply chain incident. There was a supply chain breach involving the SolarWinds Orion system, commonly called the SolarWinds hack. The Orion network management system is used by more than 30,000 public and private organizations, including local, state, and federal government agencies....

What is Fileless Malware? The phrase “fileless malware” refers to a type of malware that does not require a file to be used to execute the code; instead, it leverages the resources already present on the file system of the endpoint. It is typically injected into some running process and executes only in RAM. Since there are no files to scan and the footprint is small, traditional antivirus software has...

What is MedusaLocker Ransomware? MedusaLocker is a RaaS (Ransomware as a Service) variant that was first discovered in 2019 and has taken over the world. To increase the effectiveness of the encryption, MedusaLocker ransomware removes volume shadow copies and disables system services to encrypt data using AES-256 encryption. The MedusaLocker ransomware is typical ransomware that encrypts its victim’s data and demands ransom for the decryption key. The MedusaLocker malware threat...

Summary: On December 9th of, 2021, a critical vulnerability was discovered affecting a Java logging package log4j. Log4j is an open-source logging framework written in Java that allows software developers to log various data within their applications. It is part of Apache Logging Services, a project of the Apache Software Foundation. Most of you have probably already heard about the Log4j security vulnerability (CVE-2021–44228), described as “the single biggest, most...

Introduction Cybercriminal groups continue to emerge worldwide, launching dreadly ransomware and malware attacks at alarming rates. According to the Cyber Crime Magazine, global ransomware damage costs are predicted to exceed $265 billion by 2031, more than twice as much as it does today. In order to defend against these evolving ransomware attacks in the current situation, it is wise to become familiar with the top ransomware groups active in 2022, their...