New Ransomware Rumored to Spread SMB Exploit

Kacy Zurkus | July 13, 2018

New Ransomware Rumored to Spread SMB Exploit
Within two days of news that GandCrab 4.0 ransomware was being distributed by compromising websites disguised as download sites for cracked applications, a newer version (v4.1) was found using the same method, according to Fortinet’s FortiGuard Labs. A distinction not observed in the previous version is that GandCrab now includes an additional network communication tactic, as well as an unusually long hard-coded list of compromised websites to which it connects. “We found no definitive evidence that the hard-coded websites included in the malware had actually ever been compromised to act as servers or download sites for GandCrab,” researchers wrote. One binary reportedly has the ability to include almost a thousand unique hosts that have been compromised. Upon connecting to a URL, the malware then sends encrypted data of its victims, some of which included IP address, user name, computer name, network domain and a list of installed AVs. “Even more curious, the fact is that sending victim information to all live hosts in the list is illogical in a practical sense, given that a single successful send would have been enough for its purposes," said the researchers. "With these points in mind, we have started to think that this function is either experimental, or simply there to divert analysis and that the URLs included in the list are just victims of a bad humor."

Spotlight

"WinDump is often used to analyze packet captures by incorporating Berkeley Packet Filters, to reduce large captures into manageable subsets. The filtering makes use of macros to easily specify common protocol properties, however, analyzing other properties requires a deeper unde


Other News
SOFTWARE SECURITY

IPKeys Power Partners Announces New Grid Cyber Security Breakthrough

IPKeys | September 09, 2021

IPKeys Power Partners, the leading cybersecurity, cyber compliance, and smart grid technology company, announced today the release of its groundbreaking SigmaFlow Beacon platform to provide utilities, generators, and grid operators a simple, unified solution for cybersecurity monitoring and compliance requirements. The SigmaFlow Beacon platform is built specifically to help organizations align with North American Electric Reliability Corp. (NERC) compliance mandates. It provides NERC registered entities with a single solution to advance, simplify and improve existing cybersecurity and monitoring requirements. "We are pleased to provide utilities, generators...

Read More

PLATFORM SECURITY

Stellar Cyber Partners with SonicWall for Advanced Prevention, Response

Stellar | September 08, 2021

Stellar Cyber, the innovator of Open XDR, the only intelligent, next-gen security operations platform, announced today that it has joined the SonicWall SecureFirst Partner Program to integrate Stellar Cyber’s advanced threat detection and response with SonicWall’s award-winning prevention technology. This combination of prevention, detection and response provides an outstanding platform for enterprises that want to stop many attacks before they occur while detecting and remediating complex threats. “As a customer of both SonicWall and Stellar Cyber, it’s great to see these two solutions working together,” said Michael Crean, CEO of Solutions Grant...

Read More

SOFTWARE SECURITY

Minimize Cybersecurity Risk and Relieve Overstretched Security Teams with Trend Micro Support and Service Bundles

Trend Micro Incorporated | September 07, 2021

Trend Micro Incorporated a global cybersecurity leader, today announced the launch of Trend Micro Service One, consolidating its managed services to optimize enterprise threat management. The new services bundles, which can include premium support, an early warning service, Managed XDR and incident response, help customers prevent, detect and respond to cyber threats faster by supplementing internal resources. The prevalence of cybersecurity threats and the dynamic threat landscape leave businesses vulnerable and put security experts in high demand to triage and investigate incidents. According to Aaron Sherrill, Senior Research Analyst at 451 Research, part of ...

Read More

DATA SECURITY

Achieve Partners Backs Cybersecurity Platform to Tackle Global Talent Shortage

Achieve Partners | September 06, 2021

Achieve Partners today announced the acquisition of Metmox, a leading Managed Security Service Provider (MSSP) to Fortune 500 companies. The acquisition is the latest in Achieve's new fund, which builds apprenticeship programs that provide on-the-job skills training and connections to career pathways in high-growth industries. "While cyber threats are growing in number and sophistication amid increasing levels of remote work and cloud adaption, the global security workforce is struggling to keep up," said Srikanth Parepally, CEO of Metmox. "Achieve's acquisition of Metmox is about building new pipelines of talent that can help America's most importan...

Read More

Spotlight

"WinDump is often used to analyze packet captures by incorporating Berkeley Packet Filters, to reduce large captures into manageable subsets. The filtering makes use of macros to easily specify common protocol properties, however, analyzing other properties requires a deeper unde

Resources

Events