Ransom Tales: Volume II – Emulating Gunra, Anubis and DevMan Ransomware

AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.

Author: Francis Guibernau Read More
[CISA AA25-203A] #StopRansomware: Interlock
Adversary Emulation

[CISA AA25-203A] #StopRansomware: Interlock

AttackIQ has released two new attack graphs in response to the CISA Advisory (AA25-203A) published on July 22, 2025, which disseminates known Interlock ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as June 2025.
Read More
Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware
Adversary Emulation

Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware

AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
Read More
Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation
Iran

Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation

Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.
Read More

Most Recent

DeepSurface Security Advisory: LPE in Adobe Reader on Windows
Vulnerability Research

DeepSurface Security Advisory: LPE in Adobe Reader on Windows
Older versions of Adobe Acrobat Reader are vulnerable to local privilege escalation (LPE) attacks under certain conditions on Windows platforms. This would allow an attacker to perform a local privilege escalation attack against Acrobat Reader users using the same Windows system. Through our responsible disclosure program Adobe was contacted and provided a fix for this issue. Adobe also issued CVE-2021-35982 to track the vulnerability.
Read More
Is Your Healthcare Organization Following These Four Ransomware Best Practices?
Cybersecurity

Is Your Healthcare Organization Following These Four Ransomware Best Practices?
Healthcare is the most targeted sector for data breaches, and ransomware attacks were responsible for almost 50 percent of all healthcare data breaches in 2020. How should healthcare companies proceed? Our guest blogger in this ransomware series is Tracy Cohen, a cybersecurity expert with over a decade of experience managing cybersecurity risk in the healthcare and biopharma sector. She is also a licensed skydiver,
Read More
DeepSurface 2.4
Vulnerability Research

DeepSurface 2.4
We’re excited to announce our latest version of the DeepSurface product – DeepSurface 2.4. The latest version of our vulnerability management platform expands our reporting capabilities to enable exportable reports to XLSX and PDF to make reporting your vulnerable hosts and missing patches even easier, added support for Thycotic Secret Server PAM, easier setup/administration including emailing of generated reports, and enhancements of our windows agent.
Read More
The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided
Ransomware

The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided
On July 2, 2021, the REvil ransomware group successfully exploited a zero-day vulnerability in the on-premise Kaseya VSA server, enabling a wide-scale supply chain cyber attack. Let’s dig in and see how the attack happened, how attack emulation could have helped, and what you can do to implement a threat-informed defense strategy to prepare yourself for similar threat actor behavior.
Read More