Trickbots, Emutet, Ryuk, LockerGoga & Grim Spider – What???
Today there are so many cyber criminals after your company’s information. You really need expert services to stay on top of protection software, computer policies and security 24/7. CopperTree is here to help build your defense and deliver peace of mind. Below we introduce some of the nasty new evasive programs potential customers have been calling us about. Be proactive and call us before you get infected.
TRICKBOT is a Trojan. It is Malwarebytes detection name for a banking Trojan targeting Windows units. Developed in 2016, TrickBot is one of the more recent banking Trojans, with many of its original features inspired by Dyreza (another banking Trojan).
EMOTET is a banking trojan malware program that obtains financial information by injecting computer code into the networking stack of an infected Microsoft Windows computer, allowing sensitive data to be stolen via transmission.
RYUK ransomware is a Shinigami, a spirit of death that feed off of the life force of humans. In this case, Ryuk has crafted a book of dark magic called the Death Note, which can be used to kill anybody as long as the holder of the note knows the name and face of the victim. Ryuk is a variant of the Hermes ransomware that was tailored for the enterprise environment. Tribune Publishing and Data Resolution were quietly hit in a silent attack over the past Christmas holidays. It slowly spread through their networks, encrypting data and halting operations.
GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return.
January 2019 was the first confirmed attack by the LockerGoga ransomware, when Altran Technologies got hit. There’s been quite a bit of media attention over the past few weeks on this new variant of malware. In March the Norwegian organization Norsk Hydro became the victim of a similar attack.
Currently, there are not too many confirmed facts about how the ransomware initially got onto the network of these companies. For the Altran case some researchers claim it was done by phishing, while with Norsk Hydro the clues point towards the involvement of Active Directory services and the use of scheduled tasks. Norsk Hydro was not an accidental, “WannaCry” style indiscriminate attack, but a deliberate, targeted strike on critical infrastructure. In both cases the attackers were trying to negotiate the price by asking the affected companies to contact them via email. There is no fixed price per infected computer nor was any cryptocoin wallet ID or URL provided. Combining this with the use of ProtonMail email addresses – which is an end-to-end encrypted email service – the intention is clearly to make their actions more difficult to trace.
What is WannaCry?It is the ransomware cryptoworm in the worldwide attack in May 2017. It targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated through EternalBlue, an exploit developed by the US National Security Agency (NSA) for older Windows systems that was released by The Shadow Brokers a few months prior to the attack.
See how more difficult it has gotten to catch these destructive cyber criminals just in the past two years.
We know it’s complicated, but it is what we do and we excel at it.