There have been numerous law firms that have been hacked in the past few years, or worse, attacked with the double whammy of having copies of their files exfiltrated before their systems were encrypted. What may surprise the public is how some of the bigger law firms refuse to pay ransom — either for a…
Category: Malware
“Front Door” into BazarBackdoor: Stealthy Cybercrime Weapon
Roman Marshanski & Vitali Kremez write: BazarBackdoor is the newer preferred stealthy covert malware leveraged for high-value targets part of the TrickBot group toolkit arsenal. It consists of two components: a loader and a backdoor. [1] Loaders are an essential part of any cybercrime campaign. They start the infection chain by distributing the payload. In…
New action to combat ransomware ahead of U.S. elections
Tom Burt, Corporate Vice President, Customer Security & Trust for Microsoft, explains: Today we took action to disrupt a botnet called Trickbot, one of the world’s most infamous botnets and prolific distributors of ransomware. As the United States government and independent experts have warned, ransomware is one of the largest threats to the upcoming elections. Adversaries can use ransomware to infect…
Report: U.S. Cyber Command Behind Trickbot Tricks
Brian Krebs reports: A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command. Read more…
Lake George Land Conservancy reports they recovered from a ransomware attack by use of a backup, no ransom paid
Chad Arnold reports: The Lake George Land Conservancy is in the process of upgrading its servers after experiencing a ransomware attack last month. The organization, which works to preserve land surrounding Lake George, announced the Sept. 23 security breach in a letter posted to its website Wednesday. Read more on The Post-Star. It sounds like…
Ryuk’s Return
From The DFIR Report: The Ryuk group went from an email to domain wide ransomware in 29 hours and asked for over $6 million to unlock our systems. They used tools such as Cobalt Strike, AdFind, WMI, vsftpd, PowerShell, PowerView, and Rubeus to accomplish their objective. Ryuk has been one of the most proficient ransomware…