AI is Here: Who’s in Charge?
April 22, 2025 Everybody and their brother (and sister) is talking about AI—and for good reason. AI can be a tremendous business enabler.
Archive
RansomSnub: RansomHub’s Affiliate Confusion
April 8, 2025 Executive Summary Since RansomHub’s emergence in early 2024, the group has become the most prolific Ransomware-as-a-Service group operating today.
Breaking Basta: Insights from Black Basta’s Leaked Ransomware Chats
March 6, 2025 Key Takeaways During the period covered by the Black Basta leaked chat logs (18 September 2023 – 28 September 2024), we observed the following We observed at least 47 cryptocurrency wa…
Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear
March 4, 2025 In early March 2025, GRIT received reports from multiple organizations regarding suspicious physical letters delivered by mail from US addresses to members of their executive team.
Ongoing report: Babuk2 (Babuk-Bjorka)
January 29, 2025 Editor’s note: We will continue to provide updates as further information is forthcoming.
RansomHub Affiliate leverages Python-based backdoor
January 15, 2025 In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints.
CMMC Is Here – Are You Ready? (Better Late Than Never)
December 16, 2024 Well, the day(s) some people said would never come are here: 32 CFR Part 170, the Cybersecurity Maturity Model Certification (CMMC) Program, hit the Federal Register as a Final Rule …
Update from the Trenches
Ivanti CSA Investigation/Detection Details October 9, 2024 Authors: Rui Ataide, Andrew Nelson, and Hermes Bojaxhi GuidePoint Security has recently been engaged on several incidents related to f…