Carbanak Is Back! Ransomware Group Reinvents Itself
May 9, 2024
Since the arrest of Carbanak's leader five years ago, the notorious ransomware group is back with a vengeance. The Carbanak ransomware syndicate gained notoriety as a highly effective cybercrime ring targeting financial and banking institutions worldwide. And now, the group has reinvented its method of attacks to reemerge as yet another force to be reckoned with.
Carbanak group's self-named malware has been evolving and improving over time to its now current version. The group recently shifted their ransomware attacks from financial targets to posing as business software like HubSpot and Xero on compromised websites. This allows Carbanak to distribute through these channels disguised as utilities that distribute its malware.
Many attack groups put it to work for them over the years, including links to the notorious Qbot banking Trojan (aka QuakBot and Pinkslipbot). Qbot was known to use Carbanak for their ransomware attacks, but Qbot's command-and-control network was broken up by law enforcement last year. According to Corvus cyber insurance company, ransomware groups are moving away from using Qbot since the takedown. Whether this void leads to further attack opportunities for Carbanak is a bet many are making.
The best response to ransomware is keeping software and hardware updated and patched. Patches get released as new vulnerabilities are discovered. Some weaknesses are found after attackers expose them, some by manufacturers and some by white hat (good guys) hackers. But no matter how they're discovered, patching them as soon as they are available is always the best and safest answer.
SUBSCRIBE TO WEEKLY NEWSLETTER
