One Article Review
| Source |  InformationSecurityBuzzNews |
|---|---|
| Identifiant | 1866927 |
| Date de publication | 2020-08-17 14:12:36 (vue: 2020-08-17 15:12:30) |
| Titre | Securonix Threat Research: Detecting WastedLocker Ransomware |
| Texte | The Securonix Threat Research Team is actively investigating the details of the critical targeted Wastedlocker ransomware attacks that has reportedly already exploited more than 31 companies, with 8 of the victims being Fortune 500 companies. Here are the key details regarding the impact of the high-profile WastedLocker ransomware attacks/EviICorp malicious cyber threat actor(s)(MTA) involved: The WastedLocker ransomware is a relatively new malicious payload used by the high-profile EvilCorp MTA, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organisations and enterprises in Europe and the United States. This MTA currently focuses on targeted °big game hunting” (BGH) ransomware attacks with multiple industry victims in recent months, with Garmin as one of the latest high-profile victims attacked (officially confirmed by Garmin on July 27). The most recent ransom amount demanded was $10 million, and appears to be based on the victim's financial data. Based on the available details, the ransom was likely paid. To date, this MTA appears to have been using a mono-extortion scheme (data encryption only, with no or minimal data leakage) vs. other MTAs who use the threat of leaking a victim's data as part of a double-extortion scheme (e.g. Netwalker, Maze, and others). Following the initial compromise, one of the early steps commonly taken by the malicious operators observed is to perform internal discovery and disable security/AV vendor tools such as Cisco AMP and/or Windows Defender. Here are some of the Securonix recommendations to help prevent and/or mitigate the attack: Review your backup version retention policies and make sure that your backups are stored in a location that cannot be accessed/encrypted by operator placed targeted ransomware, (e.g. consider remote write-only backup locations). Implement an end user security training program, since end users are ransomware targets. It is important for them to be aware of the threat of ransomware and how it occurs. Patch operating systems, software, and firmware on your infrastructure. Consider leveraging a centralised patch management system. Maintain regular air-gapped backups of critical corporate/infrastructure data. Implement security monitoring, particularly for high-value targets (HVT) in your environments, to detect possible malicious ransomware … The ISBuzz Post: This Post Securonix Threat Research: Detecting WastedLocker Ransomware |
| Envoyé | Oui |
| Condensat | $10 air and make sure that appeared are stored in a location that backup locations backup version retention policies being fortune 500 companies bgh buzz cannot be accessed/encrypted by operator placed targeted ransomware cisco amp and/or windows defender data encryption only demanded detecting detect possible malicious end user europe extortion scheme financial data first following the initial compromise game hunting” gapped backups of critical corporate/infrastructure data has reportedly already exploited more than 31 companies here are some of the securonix here are the key details regarding the impact of high hvt implement an implement security monitoring information isbuzz maintain regular million mta officially confirmed by garmin on july only organisations and enterprises in paid patch operating systems post post: profile evilcorp mta profile victims attacked profile wastedlocker ransomware ransomware attacks/eviicorp malicious cyber threat actor ransomware in attacks targeting government recommendations to help prevent and/or mitigate the attack: research: review your security security/av vendor tools such as security training program securonix since end users are ransomware targets states s data as part of a double targeted wastedlocker ransomware attacks that targets the most recent ransom amount the securonix threat research team is actively investigating the details of the critical the wastedlocker ransomware is a relatively new malicious payload used by the high this mta currently focuses on targeted °big threat to be based on the victim to date to have been using a mono trojan to deploy bitpaymer united value victim wastedlocker with multiple industry victims in recent months your backups and appears and firmware on your infrastructure and others based on the available details consider leveraging a centralised patch management system consider remote write involved: in your environments it is important for them to be aware of the threat of ransomware and how it occurs maze netwalker one of the early steps commonly taken by the malicious operators observed is to perform internal discovery and disable other mtas who use the threat of leaking a particularly for high ransomware attacks software the ransom was likely this mta appears to vs which previously used the dridex with 8 of the victims with garmin as one of the latest high with no or minimal data leakage |
| Tags | Ransomware Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.