RaaS

AttackIQ has released a new attack graph emulating the behaviors exhibited by VanHelsing ransomware, a new and rapidly growing ransomware-as-a-service (RaaS) affiliate program that emerged in March 2025. This emulation enables defenders to test and validate their detection and response capabilities against this new threat.

AttackIQ has released a new attack graph emulating the behaviors exhibited by RansomHub ransomware since its emergence in February 2024. This sophisticated ransomware employs double extortion techniques and shares notable similarities with Knight ransomware.

AttackIQ has released a new attack graph emulating the behaviors exhibited by Akira ransomware since its emergence in March 2023. Akira operators provide victims the option to pay for either file decryption or data deletion rather than being forced to pay for both. Reported ransom demands range from 200,000 USD to over 4 million USD.

AttackIQ has released a new attack graph emulating the behaviors exhibited by Hunters International ransomware since its discovery in October 2023. Technical analysis suggests a realistic possibility that Hunters International may have been deployed by actors linked to the disrupted Hive operation. However, while it bears significant similarities, Hunters International is not a direct rebrand.

AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-022A) published on January 22, 2025, which details the exploitation of vulnerabilities discovered in Ivanti Cloud Service Appliances during September 2024.

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of vulnerable services, such as public-facing assets or applications with known unpatched vulnerabilities, and the hijacking of legitimate accounts, often using Initial Access Brokers (IABs) for infiltration.

AttackIQ has released a new attack graph that emulates the behaviors exhibited by the extortionist ransomware Nefilim during activities against multiple organizations, primarily based in North or South America, distributed in the financial, manufacturing, or transportation industries since its emergence in March 2020.

GootLoader, a stealthy JavaScript-based downloader, has posed a persistent threat to Windows-based systems since 2020. In this article, we'll delve into who Gootloader is and how organizations can effectively emulate and test against this threat using AttackIQ Flex, a powerful agentless breach and attack simulation tool. The exciting part? You can sign up for AttackIQ Flex for free, providing you with an opportunity to outsmart this digital menace.

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-353A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the ALPHV BlackCat Ransomware-as-a-Service (RaaS) identified through FBI investigations as recently as December 6, 2023.

On June 14, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) along with other US-based and international security organizations released a joint cybersecurity advisory (CSA) detailing the operations behind the LockBit ransomware attacks. AttackIQ has released a wide range of Attack Graphs emulating LockBit and other RaaS operators as part of CISA’s #StopRansomware campaign.