Secplicity Blog - Ransomware

Ransomware Tracker (Entry #222): Mike Tyson

05 March 2025 By Ryan Estes
MikeTyson-RansomNote-40633-Wallpaper

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/mike-tyson Mike Tyson ransomware, dubbed "Tyson" for short, is a variant of the Chaos ransomware family and obviously refers to the boxer Mike Tyson. Derivatives of Chaos are created using the Chaos Ransomware builders, of which…

Read more

Ransomware Tracker (Entry #216): AzzaSec

23 February 2025 By Ryan Estes
AzzaSec-Secplicity

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/azzasec AzzaSec (AzzaSecurity) is both the name of the ransomware and of an Italian hacktivist group. That is based on research from Threatmon, which wrote an extensive report on this ransomware and its members. The other two…

Read more

Ransomware Tracker (Entry #215): Anonymous

23 February 2025 By Ryan Estes
Anonymous-Secplicity

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/anonymous Anonymous ransomware is built from the NoCry ransomware builder, based on the infamous WannaCry ransomware. This is evident from the debug string in the discovered sample (C:\Users\Anonymous\Desktop\NoCry Builder +…

Read more

Ransomware Tracker (Entry #214): GhosHacker

23 February 2025 By Ryan Estes
GhosHacker-Secplicity

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/ghoshacker GhosHacker, which is seemingly a misspelling of GhostHacker based on the ransom note dropped with the same name—GhostHacker.exe—is a crypto-ransomware built from the NoCry ransomware builder. This allegation comes from…

Read more

Ransomware Tracker (Entry #213): BlackSkull

23 February 2025 By Ryan Estes
BlackSkull-Secplicity

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/blackskull BlackSkull is a near clone of GhosHacker and Anonymous and is theorized to be an early version of AzzaSec. All four of these are created from the NoCry ransomware builder, based on the infamous WannaCry ransomware…

Read more

Ransomware Tracker (Entry #210): CyberVolk

20 February 2025 By Ryan Estes
CyberVolk

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/cybervolk CyberVolk is a self-proclaimed hacktivist group with various allegiances to other hacktivist groups throughout the globe, including Anonymous (their subsidiaries), White_Hunters, Cyber Hunters, and others. They even…

Read more

Dr Joseph L Popp Jr and The First-Ever Ransomware – The AIDS Trojan

18 February 2025 By Ryan Estes
AIDS Trojan disk

Publication: Dr. Joseph L Popp Jr and The First-Ever Ransomware – The AIDS Trojan If you work in information security or the computer science field, there's a good chance you've heard of the first-ever ransomware – the AIDS Trojan. There's also a chance you know the basics of that story. An…

Read more