https://www.cyjax.com/2022/07/15/who-is-trickbot/
https://www.wired.com/story/trickbot-malware-group-internal-messages/
https://www.analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-2/
https://www.crowdstrike.com/blog/wizard-spider-adversary-update/
https://www.youtube.com/watch?v=a5osvPQhM5U
https://www.securityweek.com/new-ransomware-diavol-linked-notorious-cybercrime-gang
https://www.cisecurity.org/blog/trickbot-not-your-average-hat-trick-a-malware-with-multiple-hats/
https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/#background
https://assets.sentinelone.com/c/sentinel-one-mexec-r?x=P42eqA
https://community.riskiq.com/article/c88cf7e6
https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets
https://www.securityweek.com/russian-man-extradited-us-role-trickbot-malware-development - possible
https://www.securityweek.com/latvian-woman-charged-us-role-cybercrime-group - possible
https://www.securityweek.com/many-ransomware-attacks-ot-organizations-involved-ryuk-ibm
https://www.securityweek.com/emotet-using-trickbot-get-back-game ??
https://www.securityweek.com/conti-ransomware-acquires-trickbot-it-thrives-amid-crackdowns - I had both conti and trickbot as Wizard Spider months before this??
https://therecord.media/russia-or-ukraine-hacking-groups-take-sides/
https://www.wired.com/story/conti-ransomware-russia
https://www.wired.com/story/conti-leaks-ransomware-work-life/
https://www.securityweek.com/ransomware-gang-leaks-files-stolen-industrial-giant-parker-hannifin
https://www.washingtonpost.com/politics/2022/03/18/11-big-takeaways-conti-ransomware-leaks/
https://www.securityweek.com/ukrainian-security-researcher-leaks-newer-conti-ransomware-source-code
https://therecord.media/panasonic-february-ransomware-attack-only-affected-canada-branch/
https://www.akamai.com/blog/security/conti-hacker-manual-reviewed - says the manuals cover nothing on initial access, but there were "internet crawlers". Is that how they are getting initial access, scanning for vulns on the perimeter of orgs?
https://www.securityweek.com/high-end-tools-manufacturer-snap-discloses-data-breach
https://www.securityweek.com/conti-ransomware-gang-claims-cyberattack-wind-turbine-giant-nordex
https://securityaffairs.co/wordpress/120876/cyber-crime/conti-ransomware-leak-indicators.html
https://www.ehackingnews.com/2021/08/conti-group-exploited-vulnerable.html
https://www.securityweek.com/nokia-owned-sac-wireless-discloses-data-breach
https://www.securityweek.com/links-found-between-mshtml-zero-day-attacks-and-ransomware-operations
https://us-cert.cisa.gov/ncas/alerts/aa21-265a
https://www.securityweek.com/researchers-hack-conti-ransomware-infrastructure
https://www.securityweek.com/australian-electricity-provider-cs-energy-hit-ransomware
https://www.hackread.com/conti-ransomware-group-exploit-log4j-vulnerability/
https://www.securityweek.com/conti-ransomware-source-code-leaked
https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry/
https://therecord.media/conti-leaks-the-panama-papers-of-ransomware/
https://www.securityweek.com/us-warns-conti-ransomware-attacks-gang-deals-leak-fallout
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/09/updated-conti-ransomware
https://www.securityweek.com/conti-ransomware-activity-surges-despite-exposure-groups-operations
from today's research
-
Infosecurity Magazine. "Police Reportedly Arrest Egregor Ransomware Members" Accessed February 16,2021 https://www.infosecurity-magazine.com/news/police-arrest-egregor-ransomware/
-
CrowdStrike. “Ransomware + Data Leak Extortion: Origins and Adversaries, Pt. 1,” September 24, 2020. https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/.
-
CrowdStrike. "Double Trouble: Ransomware with Data Leak Extortion, Part 2” Accessed March 3, 2021. https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-2/
-
BleepingComputer. "Ransomware gangs team up to form extortion cartel." https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-to-form-extortion-cartel/
-
BleepingComputer. “Canon Publicly Confirms August Ransomware Attack, Data Theft.” Accessed March 24, 2021. https://www.bleepingcomputer.com/news/security/canon-publicly-confirms-august-ransomware-attack-data-theft/.
-
BleepingComputer. “SunCrypt Ransomware Sheds Light on the Maze Ransomware Cartel.” Accessed March 24, 2021. https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel/.
-
SentinelLabs. “Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone,” November 25, 2020. https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/.
-
“Ragnar Locker Ransomware Deploys Virtual Machine to Dodge Security.” Sophos News (blog), May 21, 2020. https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/.
-
“Ransomware Group Turns to Facebook Ads — Krebs on Security.” Accessed March 24, 2021. https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/.
-
BleepingComputer. “Ragnar Locker Ransomware Targets MSP Enterprise Support Tools.” Accessed March 24, 2021. https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-targets-msp-enterprise-support-tools/.
-
“2020 Global Threat Report.” Cybersecurity Report. Crowdstrike, 2020. https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf.
-
BleepingComputer. "Ryuk ransomware now self-spreads to other Windows LAN devices." https://www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/
-
“LockBit Ransomware Analysis: Rapid Detonation Using a Single Compromised Credential.” Accessed March 26, 2021. https://www.darktrace.com/en/blog/lock-bit-ransomware-analysis-rapid-detonation-using-a-single-compromised-credential.
-
Gallagher, Sean. “LockBit Uses Automated Attack Tools to Identify Tasty Targets.” Sophos News (blog), October 21, 2020. https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets/.
-
The DFIR Report. “Lockbit Ransomware, Why You No Spread?,” June 10 2020. https://thedfirreport.com/2020/06/10/lockbit-ransomware-why-you-no-spread/.
-
BleepingComputer. “SunCrypt Ransomware Sheds Light on the Maze Ransomware Cartel.” Accessed March 26, 2021. https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel/.
-
BleepingComputer. “Maze ransomware shuts down operations, denies creating cartel.” Accessed March 19, 2021. https://www.bleepingcomputer.com/news/security/maze-ransomware-shuts-down-operations-denies-creating-cartel/
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
https://www.securityweek.com/cyberattack-causes-chaos-costa-rica-government-systems
https://www.securityweek.com/new-black-basta-ransomware-possibly-linked-conti-group
https://twitter.com/BrettCallow/status/1524387838531301377
https://www.prodaft.com/resource/detail/ws-wizard-spider-group-depth-analysis
https://securityintelligence.com/posts/itg23-crypters-cooperation-between-cybercriminal-groups/
https://therecord.media/linn-county-oregon-data-leak-conti-ransomware/
https://eclypsium.com/2022/06/02/conti-targets-critical-firmware/
https://www.wired.com/story/costa-rica-ransomware-conti/
https://www.group-ib.com/media/conti-armada-report/
https://www.securityweek.com/leaks-show-conti-ransomware-group-working-firmware-exploits
https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/
https://www.wired.com/story/conti-group-ransomware-members-reward-target/
https://www.justice.gov/opa/pr/alleged-russian-money-launderer-extradited-netherlands-us
https://twitter.com/VK_Intel/status/1557003350541242369 - interesting but I can't verify
https://www.securityweek.com/free-decryptors-released-bianlian-megacortex-ransomware