External Blogs

Double Trouble: Ransomware with Data Leak Extortion

The most prominent eCrime trend observed so far in 2020 is big game hunting (BGH) actors stealing and leaking victim data in order to force ransom payments and, in some cases, demand two ransoms. Data extortion is not a new tactic for criminal adversaries; however, when BGH operations don’t result in payment, victims now face a double-headed threat of ensuring their data does not make it into the hands of others.

Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions

The threat landscape is constantly changing; over the last few years malware threat vectors, methods and payloads have rapidly evolved. Recently, as cryptocurrency values have exploded, mining related attacks have emerged as a primary interest for many attackers who are beginning to recognize that they can realize all of the financial upside of previous attacks, like ransomware, without needing to actually engage the victim and without the extraneous law enforcement attention that comes with ransomware attacks.

FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks

In this blog post we detailed a newly discovered RTF document family that is being leveraged by the FIN7 group (also known as the Carbanak gang) which is a financially-motivated group targeting the financial, hospitality, and medical industries. This document is used in phishing campaigns to execute a series of scripting languages containing multiple obfuscation mechanisms and advanced techniques to bypass traditional security mechanisms.

CryptXXX Technical Deep Dive

Analysis of the CryptXXX in which I found cryptographic flaws which allowed its decryption based on an insecure seed value.

H1N1: Technical analysis reveals new capabilities

Two part blog on the H1N1 malware.