DFIR Report
Detailed analysis of attack vectors, forensic findings, response actions, and lessons learned to help organizations improve their security posture and incident handling capabilities.
In a recent incident response, our Digital Forensics and Incident Response (DFIR) team discovered that SafePay ransomware had been deployed on the victim’s machines. The first confirmed activity of SafePay ransomware was in September 2024, and since its inception, the group has increased its activity, adding more victims to its Data Leak Site (DLS). The […]
B0 Software Group is a potentially new ransomware-as-a-service threat using RDP brute force for access and deploying Golang-based ransomware with anti-forensic features. It skips data exfiltration, targets key services, and has weak encryption. A decryptor exists due to flaws in its key reuse and insecure key handling.