SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read more…
Source: SophosLabs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
July 11, 2022
It’s extremely rare for hackers, who operate in the digital world, to cause damage in the physical world. But a cyber-attack on a steel maker in Iran two weeks ago is being seen as one of those significant and troubling moments. A hacking group called Predatory Sparrow said it was behind the attack, which it said caused ...
- How Shady Code Commits Compromise the Security of the Open-Source Ecosystem
July 11, 2022
Traditionally, concerns over open-source code security have revolved around whether or not open-source code could contain vulnerabilities, backdoors, or hidden malicious code. In recent months, however, Trend Micro researchers have observed a growth in a particular trend: Open-source code is being subjected to modifications to its functionality to express political protest. These instances of so-called ...
- Private 5G Network Security Expectations Part 3
July 11, 2022
Trend Micro conducted a survey on private wireless network security in collaboration with 451 Research, part of S&P Global Market Intelligence, in four countries (Germany, the U.K, Spain, and the U.S.) across the manufacturing, electricity, oil and gas, and healthcare industries. Trend Micro have introduced this survey’s findings on the expectations for private 5G security ...
- New 0mega ransomware targets businesses in double-extortion attacks
July 8, 2022
A new ransomware operation named ‘0mega’ targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms. 0mega (spelled with a zero) is a new ransomware operation launched in May 2022 and has attacked numerous victims since then. A ransomware sample for the 0mega operation hasn’t yet been found, therefore there’s not much information on ...
- Quantum ransomware attack affects 657 healthcare orgs
July 7, 2022
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. Founded in 1904, PFC helps thousands of healthcare, government, and utility organizations across the U.S. ensure that customers pay their invoices on time. The company started notifying the ...
- New stealthy OrBit malware steals data from Linux devices
July 7, 2022
A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine. Dubbed OrBit by Intezer Labs security researchers who first spotted it, this malware hijacks shared libraries to intercept function calls by modifying the LD_PRELOAD environment variable on compromised devices. While it can gain ...