••• All important news related to new attacks and see the solutions we can offer you •••
TA551 (Shathak) Word docs with Japanese template push IcedIDLees het originele artikel hier
Not a New Threat, but very dangerous
The TA551 (Shathak) campaign continues to push IcedID (Bokbot) malware since August 2020. The template for its Word documents has been updated, but otherwise, not much has changed. This campaign mainly targets english speaking victimes however it has also targeted non-English speaking targets with other types of malware.
Available Attack Vectors:
- Web Gateway
reported activity: MedusaLocker Ransomware
The MedusaLocker ransomware first emerged in September 2019, infecting and encrypting Windows machines around the world.
There have been reports of MedusaLocker attacks across multiple industries, especially the healthcare industry which suffered a great deal of ransomware attacks during the COVID-19 pandemic.
In order to maximize the chances of successful encryption of the files on the compromised machine, MedusaLocker restarts the machine in safe mode before execution.
This method is used to avoid security tools that might not run when the computer starts in safe mode.
Egregor - A New Ransomware Gang on the RiseLees het originele artikel hier
Egregor is a ransomware from the Sekhmet malware family that has been active since the middle of September 2020.
One of the most active ransomware groups, Egregor is part of the Sekhmet malware family that has been active since mid-September 2020. Like most other Ransomware groups, it targets organizations across the world. The ransomware operates by hacking into organizations, stealing sensitive user documents, encrypting data, and finally demanding ransom in exchange of decrypted documents.
Allegedly, 52 companies have been breached by the threat actor till today (as of October 30, 2020), from GEFCO group being among the first ones to the more recently affected organizations such as Crytek, Ubisoft, Foxtons Group, and Barnes & Noble.