Double Trouble: Ransomware with Data Leak Extortion
The most prominent eCrime trend observed so far in 2020 is big game hunting (BGH) actors stealing and leaking victim data in order to force ransom payments and, in some cases, demand two ransoms. Data extortion is not a new tactic for criminal adversaries; however, when BGH operations don’t result in payment, victims now face a double-headed threat of ensuring their data does not make it into the hands of others.
- Double Trouble: Ransomware with Data Leak Extortion, Part 1
- Double Trouble: Ransomware with Data Leak Extortion, Part 2
Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
The threat landscape is constantly changing; over the last few years malware threat vectors, methods and payloads have rapidly evolved. Recently, as cryptocurrency values have exploded, mining related attacks have emerged as a primary interest for many attackers who are beginning to recognize that they can realize all of the financial upside of previous attacks, like ransomware, without needing to actually engage the victim and without the extraneous law enforcement attention that comes with ransomware attacks.
- Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
- Top Cyberthreat Of 2018: Illicit Cryptomining - Forbes Media Coverage
In this blog post we detailed a newly discovered RTF document family that is being leveraged by the FIN7 group (also known as the Carbanak gang) which is a financially-motivated group targeting the financial, hospitality, and medical industries. This document is used in phishing campaigns to execute a series of scripting languages containing multiple obfuscation mechanisms and advanced techniques to bypass traditional security mechanisms.
CryptXXX Technical Deep Dive
Analysis of the CryptXXX in which I found cryptographic flaws which allowed its decryption based on an insecure seed value.
H1N1: Technical analysis reveals new capabilities
Two part blog on the H1N1 malware.