DecryptedTech

Sunday27 November 2022

Displaying items by tag: conti

Ransomware is a huge shadow over many businesses and individuals’ heads. It has loomed as a significant threat since the first stains hit the internet inside malicious zip files masquerading as “Xerox” documents. Since that time ransomware and the groups behind it have evolved significantly. At the top of the food chain are groups like Hive and Conti who have not only evolved their own tools but utilize strategic approaches to their organizations complete with acquisitions and, in some cases, attempted legitimate business fronts to further their activities.

Published in Security Talk

April must be the month for new malware tools to be released, or at least announced as we have already heard about new forms of attack/infection from the group behind Emotet and now we hear that Conti has replaced BazarLoader with new malware tracked as Bumblebee. The newly disclosed malware is also under active development with multiple new features showing up this month.

Published in Security Talk

Not that long ago, a Ukrainian security researcher published a vast number of internal chats from the Ransomware group Conti. On top of that treasure trove of information the same researcher also published the source code for the Conti Ransomware. The leak of information came after the Conti group pledged their full support of the Russian invasion of Ukraine and vowed to target anyone they felt was waging cyber-war on Russia. The message was later toned down, but the effect still lingers and was one of the moves that started an interesting threat group war.

Published in Security Talk

Emotet, (not to be confused with Imhotep the ancient Egyptian Polymath) was originally identified in 2014 and quickly became one of the top threats of the decade. After an early start as a banking trojan, the group amassed a huge number of bots that it was able to leverage to execute attacks on targets. This bot infrastructure was then sold as a service to other groups as part of a malware-as-a-Service model. The prevalence and reach of Emotet was enough that in early 2021 the global law enforcement and cyber security community targeted Emotet’s infrastructure and people that had been identified as part of the group. It was a significant hit to the organization.

Published in Security Talk

The Russian invasion of Ukraine has given an insight into how modern warfare is carried out on a strategic level. We have seen how Russia used malware and specific cyber attacks to interrupt communications and to potentially wipe critical data. We have seen new methods to disrupt this these attacks. We have also seen a new shift in modern warfare, the rise of the cyber partisan. In typical wars commanders on both side account for local resistance and partisan groups that can have an impact on battles and logistics. These are usually small groups of armed civilians (sometimes with government support), but now they have moved behind the keyboard.

Published in Security Talk

It looks like the group behind Trickbot, the Swiss Army Knife of Malware as service for Windows is shutting down the framework and infrastructure behind the “solution”. According to research groups that have been tracking the campaign the disappearance there are several factors that have led up to this. One of the most recent changes appears to be a shift in efforts to a new malware format and potentially being “acquired” by another malware operator.

Published in Security Talk