Kaspersky: Ymir, a ransomware family, was used in an attack two days after RustyStealer, a stealer malware. It is thought that the ransomware was installed by gaining unauthorized access to the company's network using the stolen credentials. This comes as the perpetrators of the Black Basta ransomware have been observed interacting with potential victims through Microsoft Teams chat messages and using malicious QR codes to enable initial access by rerouting them to a fraudulent domain.

According to the cybersecurity firm, it also found cases in which threat actors tried to deceive users by posing as IT support staff and tricking them into using Quick Assist to access systems remotely. The installation of programs like Advanced IP Scanner and Process Hacker, along with two scripts that enable the creation of a secret channel to a remote IP address for the purpose of exfiltrating files created after a given date, makes the attack noteworthy. The number of active ransomware groups has increased by 30% in the past year.

Further fragmentation has resulted from law enforcement efforts to disrupt the cybercrime groups. Hacktivist organizations with political motivations, such as CyberVolk, have been using ransomware in recent months. Meanwhile, U.S.

officials are looking for fresh approaches to combat the extortion scheme, such as pressuring cyber insurance providers to cease reimbursing ransom payments in an effort to deter victims from ever making a payment. The incidents show how ransomware is still developing and how dangerous it is to businesses all over the world, despite the failure of law enforcement's attempts to stop it. In an effort to combat worldwide cybercrime, including the spread of malware, the U.N.

Security Council has called for an end to the practice of paying ransom for ransom. Additionally, the Security Council demanded that insurance companies refrain from paying victims' ransom expenses.