In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk.
Therefore, to prevent your company from falling prey to opportunists looking for such low-hanging companies to attack, Group-IB’s Threat Intelligence Team decided to write a very straightforward report on TTPs of The Gentlemen; whose TTPs overlap with techniques of other financially motivated threat actors conducting intrusions for extortion. The information shared in this blog comes from intrusion analysis and underground private sources monitored by Group-IB’s Threat Intelligence Team. Thus, the information has a high confidence level.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall
March 1, 2021
Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges. Genua says it offers more than 20 security solutions for encrypting data communication ...
- Hackers use black hat SEO to push ransomware, trojans via Google
March 1, 2021
The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. Apart from increasing the number of payloads, Gootloader has been seen distributing them across ...
- Bad bots are on the attack, and your defence plan is probably wrong
March 1, 2021
Google is warning that bots are causing more problems for business — but many companies are only focused on the most obvious attacks. At the outset of the COVID-19 pandemic Microsoft chief Satya Nadella said Microsoft had seen “two years’ worth of digital transformation in two months.” Google now sees that attackers have adapted to these ...
- Universal Health Services lost $67 million due to Ryuk ransomware attack
March 1, 2021
Universal Health Services (UHS) said that the Ryuk ransomware attack it suffered during September 2020 had an estimated impact of $67 million. UHS, a Fortune 500 hospital and healthcare services provider, has over 90,000 employees who provide services to roughly 3.5 million patients each year in more than 400 US and UK healthcare facilities. UHS said last ...
- Npower withdraws mobile app after hackers steal personal details
February 27, 2021
Npower has permanently withdrawn its mobile app after hackers used it to access its customers’ personal details, including the sort codes and the last four digits of their bank accounts. The hack, which cybersecurity experts said left the firm’s customers “wide open to fraud”, is understood to have taken place around the start of February. The company ...
- Go malware is now common, having been adopted by both APTs and e-crime groups
February 26, 2021
The number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years, since 2017, cybersecurity firm Intezer said in a report published this week. The company’s findings highlight and confirm a general trend in the malware ecosystem, where malware authors have slowly moved away ...