In-Depth Analysis Report on LockBit 5.0: Operation and Countermeasures
Darkweb Malware

In-Depth Analysis Report on LockBit 5.0: Operation and Countermeasures

Since its first appearance in September 2019, LockBit has been known as one of the most notorious and active Ransomware-as-a-Service (RaaS) groups worldwide. LockBit operates on the RaaS model and is characterized by sophisticated encryption technology and automated propagation capabilities. Initial access is typically gained through vulnerability exploits, brute force

  • Jan 05 2026
An Unerring Spear: Cephalus Ransomware Analysis
Darkweb Malware

An Unerring Spear: Cephalus Ransomware Analysis

Cephalus is a new ransomware group that first appeared in mid-June 2025. The group claims that they are motivated 100% by financial gain. Their main method of breaching organizations is by stealing credentials through Remote Desktop Protocol (RDP) accounts that do not have multi-factor authentication (MFA) enabled. Their operation is

  • Nov 05 2025
From El Dorado to BlackLock: Inside a Fast-Rising RaaS Threat
Darkweb Malware

From El Dorado to BlackLock: Inside a Fast-Rising RaaS Threat

BlackLock is a relatively new ransomware group that is believed to have been established around March 2024. Their existence was publicly revealed in June 2024 when the Dedicated Leak Site (DLS) was identified. At that time, information on multiple affected companies had already been posted, suggesting that the gang had

  • Sep 16 2025
CyberVolk Ransomware: Analysis of Double Encryption Structure and Disguised Decryption Logic
Malware

CyberVolk Ransomware: Analysis of Double Encryption Structure and Disguised Decryption Logic

The CyberVolk ransomware, which first emerged in May 2024, has been launching attacks on public institutions and key infrastructures of various countries, posing a continuous threat. The ransomware is particularly notable for its pro-Russia nature, as it primarily targets anti-Russian countries, making it a geopolitically significant cyber threat. This post

  • Sep 09 2025
[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!
Malware

[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!

ASEC analysis team has recently discovered ransomware disguised as job application being distributed via e-mail. It appears that the attacker is targeting recruitment managers of various companies amidst the recruitment season of the first half of the year. Hence, recruiters must pay particular attention when managing their e-mail accounts. The

  • Apr 16 2021