Ransom Tales: Volume II – Emulating Gunra, Anubis and DevMan Ransomware

AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.

Author: Francis Guibernau Read More
[CISA AA25-203A] #StopRansomware: Interlock
Adversary Emulation

[CISA AA25-203A] #StopRansomware: Interlock

AttackIQ has released two new attack graphs in response to the CISA Advisory (AA25-203A) published on July 22, 2025, which disseminates known Interlock ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as June 2025.
Read More
Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware
Adversary Emulation

Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware

AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
Read More
Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation
Iran

Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation

Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.
Read More

Most Recent

Content Filtering: Your Network’s Digital Bouncer
AttackIQ Flex

Content Filtering: Your Network’s Digital Bouncer
As newer and more sophisticated threats continue to enter today’s cyber landscape, content filtering remains a tried-and-true tool that aids organizations in threat prevention, regulatory compliance, network security and policy enforcement by controlling and managing the type of content users can access or share based on defined criteria. Making sure these policies work is critical in preventing insider threats and maintaining compliance with corporate usage policies.
Read More
Attack Graph Response to CISA Advisory (AA23-263A): #StopRansomware: Snatch Ransomware
Adversary Emulation

Attack Graph Response to CISA Advisory (AA23-263A): #StopRansomware: Snatch Ransomware
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-263A) that disseminates known Snatch ransomware threat actor’s techniques and indicators identified through FBI investigations as recent as June 2023. Snatch operators are known to conduct activities against a wide range of critical infrastructure sectors and carry out double-extortion tactics to improve their chances of successfully receiving a ransom payment.
Read More
Securing Remote Networks with AttackIQ Flex
AttackIQ Flex

Securing Remote Networks with AttackIQ Flex
The rise of remote work, branch networks, and the entwining of IoT and OT systems have created vast network footprints, making identifying vulnerabilities more challenging than ever. Cyber threats loom large, and with the stakes higher than ever, ensuring your defenses are impervious is paramount.
Read More