Ransomware rapid extortion & backup sabotage (Conduent/The Gentlemen/Qilin/UFP/Trio/Foster/Hasbro/Storm-1175 Medusa/Akira/Brain Cipher)
Key Questions
What is Storm-1175 and its ransomware tactics?
Storm-1175, a China-linked group, deploys Medusa ransomware at high velocity using zero-day chains like GoAnywhere, SmarterMail, BeyondTrust, CrushFTP, and others. They achieve 24-hour drops targeting healthcare and finance, with Defender tampering and RMM/Impacket tools. Microsoft flags their rapid attack style exploiting multiple n-days.
What are LockBit 5.0 and The Gentlemen ransomware features?
LockBit 5.0 and The Gentlemen use FortiGate exploits, BYOVD (bring your own vulnerable driver), and backup sabotage for rapid extortion. Qilin variant kills 300+ EDR processes and employs BYOVD. Victims include Conduent, Foster, Advantest, Trio, UFP, and Hasbro.
Who are recent ransomware victims like Akira and Brain Cipher?
Akira and Brain Cipher hit 21 US-heavy victims with rapid tactics. Broader list includes Conduent, UFP, Hasbro, and others via vishing (11% of attacks). Sysdig reports sub-1-hour extortion timelines.
How fast are modern ransomware attacks progressing?
Ransomware groups like Storm-1175 move from access to deployment in under 24 hours, with Sysdig noting sub-1-hour extortion. High-velocity chains exploit unpatched critical flaws across products like Ivanti, ConnectWise, and Exchange. This pressures quick patching.
What controls mitigate ransomware like LockBit and Qilin?
Recommended controls include immutable backups, MFA, DMARC, leak monitoring, EDR, and zero-trust architectures. These counter BYOVD, backup sabotage, and EDR kills. Phishing vulnerability assessments are also key for organizations like those in Massachusetts.
LockBit 5.0/Gentlemen FortiGate/BYOVD/backup sab; Qilin 300+ EDR kills/BYOVD; Storm-1175 China-linked Medusa ZD chains (GoAnywhere/SmarterMail/BeyondTrust-2026-1731/CrushFTP/TeamCity/Exchange/Papercut/Ivanti/ConnectWise/Defender tamp/RMM/Impacket) 24hr drops healthcare/finance; Akira/Brain Cipher 21 victims US-heavy; Conduent/Foster/Advantest/Trio/UFP/Hasbro; vishing 11%; Sysdig sub-1hr. Controls: immutable backups/MFA/DMARC/leak mon/EDR/ZT.