jm + ransomware   2

Talos Intelligence review of Nyetya and the M.E.Doc compromise
Our Threat Intelligence and Interdiction team is concerned that the actor in question burned a significant capability in this attack.  They have now compromised both their backdoor in the M.E.Doc software and their ability to manipulate the server configuration in the update server. In short, the actor has given up the ability to deliver arbitrary code to the 80% of UA businesses that use M.E.Doc as their accounting software, along with any multinational corporations that leveraged the software.  This is a significant loss in operational capability, and the Threat Intelligence and Interdiction team assesses with moderate confidence that it is unlikely that they would have expended this capability without confidence that they now have or can easily obtain similar capability in target networks of highest priority to the threat actor.
security  malware  nyetya  notpetya  medoc  talos  ransomware 
july 2017 by jm
Global ‘Wana’ Ransomware Outbreak Earned Perpetrators [just] $26,000 So Far
As thousands of organizations work to contain and clean up the mess from this week’s devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what’s being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam.
money  fraud  ransomware  wana  brian-krebs  bitcoin  cryptocurrency  viruses 
may 2017 by jm

Copy this bookmark:



description:


tags: