The history of cybersecurity is marked by names that have left an indelible mark on the field of digital threats. Among them, Maze, Egregor and Sekhmet stand out as notable ransomware variants, whose similarities go beyond mere coincidence.
In this article, we will unravel the tactics these ransomwares employed, the encryption mechanisms they used, and the evasion and propagation strategies they employed. The review of these malware will offer us a deeper insight into the persistent threat of ransomware, as well as the importance and need to strengthen our cybersecurity posture.
At the end of 2019, the Ragnarok (or Asnarok) ransomware appeared leaving a trail of digital victims in its path. The malware not only encrypted the files and demanded a ransom, but also threatened to erase and publish the stolen data. This article offers an in-depth look at Ragnarok, from its design and motivation to its methods of infection and spread. In addition, it provides different methods of response and disinfection.
LockerGoga is a ransomware-type malware, first discovered in 2019, that infects computer systems, encrypts your files, and demands a ransom in cryptocurrencies in order to recover them. Unlike others, LockerGoga focuses on attacking businesses and government organizations. This article describes what it is and explains the relevant methods to respond to this threat
With the industrial revolution of Industry 4.0, industrial processes have become more intelligent, and this has led to the deployment of a greater number of devices.
All these deployments usually have a common point, being the gateways, which, after being deployed, are responsible for the translation of some protocols to the TCP/UDP frame or simply send the information to the cloud.
Being a point that gathers a large amount of data and capable of providing intelligence to industrial processes, industrial gateways have become a very desirable target for attackers.
Technical reporting is one of the most important parts of the completion of a task, as it reflects the results of all the work done. Moreover, it does not only constitute a final deliverable for a customer, or for the decision-makers within an organization, but also acts as the link between the person or team that has carried out the task and the decision-makers, based on the findings.
Currently, there is a constant evolution in the technologies and implementations made in Industrial Control Systems. On one hand, some of the most common implementations for the improvement of industrial systems infrastructures are digitalization and the use of cloud technology. On the other hand, the increase in communication protocols and IIoT devices (due to the growth of the Industry 4.0) generates a large volume of traffic that is difficult to control and secure.
En este estudio, se expone brevemente el origen y evolución de la amenaza ransomware LockBit 3.0, a través del análisis de varias muestras maliciosa, con el objetivo de facilitar la información necesaria para poder identificar las características propias de este malware, su comportamiento y técnicas empleadas, permitiendo así una mejor identificación y respuesta ante ella.
Industrial Control Systems (ICS) were initially designed to work in sealed environments and as stand-alone systems, interconnections between systems were scarce, as were safety protections. The constant evolutions in the field of ICS, including the inclusion of a large number of communication protocols, IIoT devices, the expansion of interconnections, an incessant search for interoperability between systems and the inclusion of these architectures in critical systems, has meant that the networks on which these industrial control systems, has meant that the networks on which these industrial control systems are built, also known as control networks, have increased their security exponentially.
Nobelium es la denominación de Microsoft para un grupo de atacantes que, según la atribución llevada a cabo por la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA) de Estados Unidos, pertenecen al Servicio de Inteligencia Exterior (SRV) de Rusia. Este grupo criminal es conocido por el ataque a la cadena de suministro de SolarWinds, y una campaña masiva de phishing haciéndose pasar por una empresa de desarrollo estadounidense.
Grandoreiro, also known as Delephant, is a banking trojan from South America, which has spread its operations to other regions, especially Europe, including Spain and Portugal. According to ESET researchers, it has been active since 2015, affecting countries in Latin America, mainly Brazil, where it was developed.