BLOG

AdvIntel's Threat Reporting Blog

Blog offers insight into the botnet & breaches & its unique workings. Our investigators and reverse engineers share AdvIntel's most illuminating findings on subjects such as ransomware, political meddling, high-profile financial fraud & APT threats.

Sep 29
5 min

Ransomware

Backup “Removal” Solutions - From Conti Ransomware With Love

By Vitali Kremez & Yelisey Boguslavskiy This redacted report is based on our actual proactive victim breach intelligence and subsequent...

Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret Inner Workings

Sep 8
7 min

Ransomware

Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret Inner Workings

By Yelisey Boguslavskiy & Anastasia Sentsova Key Takeaways: On September 7, 2021, a representative of the Groove ransomware syndicate...

Aug 26
9 min

Ransomware

From Russia With… LockBit Ransomware: Inside Look & Preventive Solutions

By Anastasia Sentsova A recent interview with a LockBit ransomware gang representative fulfills their purpose of promoting the syndicate...

Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration

Aug 16
2 min

Ransomware

Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration

By Vitali Kremez & Yelisey Boguslavskiy This report is based on our actual proactive victim breach intelligence and subsequent incident...

Aug 11
3 min

Ransomware

Secret "Backdoor" Behind Conti Ransomware Operation: Introducing Atera Agent

By Vitali Kremez This report is based on our actual proactive victim breach intelligence and subsequent incident response (not a...

Jun 29
8 min

Ransomware

Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets

By Yelisey Boguslavskiy, Brandon Rudisel & AdvIntel Security & Development Team Four months ago two major vectors of vulnerabilities - MS...

Jun 15
10 min

Ransomware

The Rise & Demise of Multi-Million Ransomware Business Empire

Vitali Kremez & Yelisey Boguslavskiy Executive Summary: On June 11, 2021, Avaddon ransomware responsible for numerous cyber incidents...

Jun 7
4 min

Ransomware

From QBot...with REvil Ransomware: Initial Attack Exposure of JBS

Vitali Kremez & Yelisey Boguslavskiy At Advanced Intelligence, LLC we focus on providing *only* primary source proactive intelligence...

May 14
5 min

Ransomware

From Dawn to "Silent Night": "DarkSide Ransomware" Initial Attack Vector Evolution

Disclaimer: This is a redacted excerpt of the report published by the subject matter expert team at Advanced Intelligence for the...

Apr 16
6 min

Ransomware

Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021

By Vitali Kremez, Al Calleo, Yelisey Boguslavskiy Ryuk ransomware infections have been observed since late 2018. Ryuk actors are...

Mar 18
13 min

Ransomware

The Ransomware Plague: Is LATAM Surrendering to Digital Extortion?

By Beatriz Pimenta Klein This Research is the third part of the AdvIntel LATAM Series. To see other blogs within this series please...

Breach of Trust: How Threat Actors Leverage Confidential Information Against Law Firms

Feb 12
9 min

Ransomware

Breach of Trust: How Threat Actors Leverage Confidential Information Against Law Firms

Tyler Combs Key Takeaways Increasing digitization and the primacy of information in the modern economy has made effective cybersecurity...

Cyber Privateers: Ransomware, APTs, & Botnets in the Maritime Industry Threat Landscape

Oct 30, 2020
10 min

Cyber Threat

Cyber Privateers: Ransomware, APTs, & Botnets in the Maritime Industry Threat Landscape

By Brandon Rudisel Key Takeaways The maritime industry includes a wide variety of services with the main focus being on commercial and...

An Interview with "UNKN" Sheds Light on REvil's Operations & Future Victims

Oct 26, 2020
5 min

Ransomware

An Interview with "UNKN" Sheds Light on REvil's Operations & Future Victims

By: Yelisey Boguslavskiy Key Takeaways: REvil believes that ransomware as a trend will entirely move towards data extraction and not...

Jul 24, 2020
6 min

Ransomware

Inside "Phobos" Ransomware: "Dharma" Past & Underground

By Bridgit Sullivan What is Phobos Ransomware? Phobos is a type of Advanced Encryption Standard (AES) ransomware that was first seen in...

Inside REvil Extortionist “Machine”: Predictive Insights

Jul 15, 2020
14 min

Cybercrime

Inside REvil Extortionist “Machine”: Predictive Insights

Takeaways Cybercrime groups often operate on traditional crime group behavioral patterns. REvil main collective group patterns are:...

May 19, 2020
5 min

Ransomware

NetWalker Ransomware Group Enters Advanced Targeting “Game”

Background and Summary Throughout the COVID-19 crisis, there has been a drastic increase in the number of cyberattacks targeting the...

Digital "Pharmacusa" IV: Fighting for Data, Hearts, Minds; How Maze “Ransomhack” Redefined Extortion

Apr 6, 2020
7 min

Ransomware

Digital "Pharmacusa" IV: Fighting for Data, Hearts, Minds; How Maze “Ransomhack” Redefined Extortion

In the 1st century BC, a small island of Pharmacusa (Farmakonisi) became a scene of one of the most infamous ransom extortions in...

Nov 20, 2019
7 min

Ransomware

Digital "Pharmacusa" III: Supply-Chain Attacks for Ransomware Intrusions

In the 1st century BC, a small island of Pharmacusa (Farmakonisi) became a scene of one of the most infamous ransom extortions in...

Digital "Pharmacusa" II: The “GandCrab” Phenomenon

Oct 29, 2019
9 min

Ransomware

Digital "Pharmacusa" II: The “GandCrab” Phenomenon

In the 1st century BC, a small island of Pharmacusa (Farmakonisi) became a scene of one of the most infamous ransom extortions in...

BLOG

Backup “Removal” Solutions - From Conti Ransomware With Love

Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret Inner Workings

From Russia With… LockBit Ransomware: Inside Look & Preventive Solutions

Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration

Secret "Backdoor" Behind Conti Ransomware Operation: Introducing Atera Agent

Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets

The Rise & Demise of Multi-Million Ransomware Business Empire

From QBot...with REvil Ransomware: Initial Attack Exposure of JBS

From Dawn to "Silent Night": "DarkSide Ransomware" Initial Attack Vector Evolution

Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021

The Ransomware Plague: Is LATAM Surrendering to Digital Extortion?

Breach of Trust: How Threat Actors Leverage Confidential Information Against Law Firms

Cyber Privateers: Ransomware, APTs, & Botnets in the Maritime Industry Threat Landscape

An Interview with "UNKN" Sheds Light on REvil's Operations & Future Victims

Inside "Phobos" Ransomware: "Dharma" Past & Underground

Inside REvil Extortionist “Machine”: Predictive Insights

NetWalker Ransomware Group Enters Advanced Targeting “Game”

Digital "Pharmacusa" IV: Fighting for Data, Hearts, Minds; How Maze “Ransomhack” Redefined Extortion

Digital "Pharmacusa" III: Supply-Chain Attacks for Ransomware Intrusions

Digital "Pharmacusa" II: The “GandCrab” Phenomenon

GET IN TOUCH