Profero Company Cyber Security Posture
profero.ioProfero https://www.linkedin.com/in/omrimoyal
Profero Company Details
proferosec
28 employees
1280.0
none
Computer and Network Security
profero.io
Scan still pending
PRO_2263050
In-progress
Profero Risk Score (AI oriented)Between 200 and 800
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Profero Global Score.png)
Profero Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 200 and 800 |
Profero Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Profero's client | Ransomware | 100 | 5 | 8/2025 | PRO223081225 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: The company experienced a ransomware attack by the DarkBit gang, which encrypted multiple VMware ESXi servers. The attackers, linked to the Iranian state-sponsored APT group MuddyWater, did not engage in ransom negotiations but aimed to cause operational disruption and reputational damage. Profero successfully decrypted the files by exploiting weaknesses in DarkBit's encryption, recovering significant data without paying the ransom. The attack was politically motivated, likely in retaliation for drone strikes in Iran. | |||||||
Profero Company Subsidiaries
Profero https://www.linkedin.com/in/omrimoyal
Access Data Using Our API
Get company history
Rapid.png)
Profero Cyber Security News
Researchers cracked the encryption used by DarkBit ransomware
Researchers at cybersecurity firm Profero cracked DarkBit ransomware encryption, allowing victims to recover files for free.
As cyberattacks peak, so does the demand for Profero's services
Profero has been receiving more and more approaches since the outbreak of the pandemic to help in cases of sextortion in which people areย ...
Israeli cyber security professionals band together amid Gaza war
A disparate group of hacktivists claiming to act in support of the Palestinian people have attempted intrusions and sabotage efforts. Websitesย ...
Previously unreported Lebanon-based hacking group targeting Israel, Microsoft says
The new group is suspected of collaborating with "multiple" Iranian-linked hacking efforts.
Online programming IDEs can be used to launch remote cyberattacks
Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data,ย ...
US issues rare security alert as Montenegro battles ongoing ransomware attack
The U.S. Embassy issued an unprecedented warning about an "persistent and ongoing" cyberattack in the eastern European country.
โThe Iranians are waiting for the Israeli responseโ: Who is behind the latest cyberattack on Israeli firms?
Israel is in the midst of a massive cyberattack by an Iranian group calling itself Pay2Key. The experts who first discovered it share whatย ...
Report: Iranian hacking group launched concentrated attack on Israeli companies
The Iranian hacker group, dubbed MuddyWater, used a relatively new tactic in order to penetrate the Israeli companies' security systems. Hackingย ...
Israeli cyber-security professionals band together amid Gaza war
Mr Ohad Zaidenberg, an Israeli information technology specialist, is leading a group of volunteers to help Israeli companies that are beingย ...
Profero Similar Companies
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the worldโs most advanced cloud-native platform for protecting critical areas of enterprise risk โ endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
Thales Cyber Solutions
Drawing on a team of 6,000 experts and developers, Thales is a global leader in cybersecurity โรรฌ no.1 in data security - with solutions deployed in 148 countries, generating annual revenues in excess of โรยจ2 billion in the domain. Thales supports its enterprise and government customers in the cybe
Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Profero CyberSecurity History Information
How many cyber incidents has Profero faced?
Total Incidents: According to Rankiteo, Profero has faced 1 incident in the past.
What types of cybersecurity incidents have occurred at Profero?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does Profero detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with profero and remediation measures with decryption of files, recovery of data from vmdk files and recovery measures with brute-forcing decryption keys, extracting data from sparse vmdk files.
Incident Details
Can you provide details on each incident?
Incident : Ransomware Attack
Title: DarkBit Ransomware Attack on VMware ESXi Servers
Description: Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang's encryptors, allowing them to recover a victim's files for free without paying a ransom. The attack targeted VMware ESXi servers and was linked to Iranian state-sponsored APT group MuddyWater.
Date Detected: 2023
Type: Ransomware Attack
Attack Vector: Ransomware
Threat Actor: DarkBit (linked to MuddyWater, Iranian state-sponsored APT group)
Motivation: Retaliation for 2023 drone strikes in Iran, operational disruption, reputational damage
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident?
Incident : Ransomware Attack PRO223081225
Systems Affected: VMware ESXi servers
Operational Impact: Operational disruption
Brand Reputation Impact: Reputational damage
Response to the Incidents
What measures were taken in response to each incident?
Incident : Ransomware Attack PRO223081225
Incident Response Plan Activated: True
Third Party Assistance: Profero
Remediation Measures: Decryption of files, recovery of data from VMDK files
Recovery Measures: Brute-forcing decryption keys, extracting data from sparse VMDK files
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through Profero.
Data Breach Information
What type of data was compromised in each breach?
Incident : Ransomware Attack PRO223081225
Data Encryption: AES-128-CBC with RSA-2048
File Types Exposed: VMDK files
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Decryption of files, recovery of data from VMDK files.
Ransomware Information
Was ransomware involved in any of the incidents?
Incident : Ransomware Attack PRO223081225
Ransom Demanded: 80 Bitcoin
Ransom Paid: None
Ransomware Strain: DarkBit
Data Encryption: AES-128-CBC with RSA-2048
How does the company recover data encrypted by ransomware?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Brute-forcing decryption keys, extracting data from sparse VMDK files.
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Ransomware Attack PRO223081225
Lessons Learned: DarkBit's objectives would have been better served with a data wiper rather than ransomware.
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are DarkBit's objectives would have been better served with a data wiper rather than ransomware.
References
Where can I find more information about each incident?
Incident : Ransomware Attack PRO223081225
Source: BleepingComputer
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer.
Investigation Status
What is the current status of the investigation for each incident?
Incident : Ransomware Attack PRO223081225
Investigation Status: Resolved
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Ransomware Attack PRO223081225
Root Causes: Low entropy key generation in DarkBit ransomware
Corrective Actions: Development of a tool to brute-force decryption keys, extraction of data from sparse VMDK files
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Profero.
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Development of a tool to brute-force decryption keys, extraction of data from sparse VMDK files.
Additional Questions
General Information
Has the company ever paid ransoms?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded?
Last Ransom Demanded: The amount of the last ransom demanded was 80 Bitcoin.
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an DarkBit (linked to MuddyWater and Iranian state-sponsored APT group).
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2023.
Impact of the Incidents
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was VMware ESXi servers.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Profero.
Ransomware Information
What was the highest ransom demanded in a ransomware incident?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was 80 Bitcoin.
What was the highest ransom paid in a ransomware incident?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was None.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was DarkBit's objectives would have been better served with a data wiper rather than ransomware.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is BleepingComputer.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
