SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read more…
Source: SophosLabs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware hits city of Antwerp
December 6, 2022
Cybercriminals infected the city’s IT systems with ransomware. Residents are unable to make appointments for public affairs. Antwerp’s police and museums are partially offline. The attack took place on the night of December 5-6. A city spokesperson told De Standaard that ransomware was found on several systems. The identity of the attacker(s) is unknown at the ...
- KmsdBot botnet is down after operator sends typo in command
December 6, 2022
Somewhere out there, a botnet operator is kicking themselves and probably hoping no one noticed the typo they transmitted in a command that crashed their whole operation. Unfortunately for the typographically-challenged botnetter, it happened on the internet, so someone knows: Akamai, in this case, had been watching for some time. Even worse for the operator(s), their Golang-coded ...
- Google warns stolen Android keys used to sign info-stealing malware
December 5, 2022
Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties. Googler Łukasz Siewierski found and reported the security issue and it’s a doozy that allows malicious applications signed with one of the compromised certificates to gain the same level of ...
- Crimeware trends: self-propagation and driver exploitation
December 5, 2022
If one sheep leaps over the ditch, the rest will follow. This is an old saying, found in various languages, and it can be applied to ransomware developers. In previous blog posts, Kaspersky researchers highlighted an increase in the popularity of platform-independent languages and ESXi support, and recently, Kaspersky published a research about ransomware borrowing ...
- Android malware apps with 2 million installs spotted on Google Play
December 4, 2022
A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradation. One app ...
- Protecting major events: an incident response blueprint
December 2, 2022
The cyber security of major events, whether they are related to sports, professional conferences, expos or other events can be a time-consuming, complex undertaking. It necessitates a multifaceted approach and the involvement of multiple entities, including but not limited to the vendors, hospitality teams and service providers to facilitate a uniform approach to cybersecurity across ...