BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

05 May 2020

Is this a new version of Nefilim Ransomware or something different?

Original release date: May 5, 2020

Summary

A possible new variant or maybe a different tactic now being used by the Nefilim Ransomware

Background

As noted originally by the BleepingComputer the ransomware going by the name of Nefilim came to be around the end of February2020. While these threat actors originally deployed a Tor Payment site for all of there decryption payments and tools, they migrated over to email based communications.

What has changed?

It would seem everything has changed with these guys now. While I am not 100% sure this is the Nefilim Ransomware, it would appear that some indications are looking like it.

ID Ransomware

If this had been identified correctly, and this is in fact Nefilim, then the same we have currently shows a lot of differences.

Let break it down

  1. This treat actor is now using a website called http://corpleaks.net/ to boast their work.
  2. Instead of a Ransomware note, a new desktop image is now left in it’s place
  3. While I am unsure how older versions of the ransomware process worked, currently there is a sync.exe file that is dropped onto the device. This program will scan the workstation and then actually sync the files collected to a remote server.

Conclusion

Further testing needs to be performed in order to confirm this is still Nefilim, a new varient, or a completely different ransomware all together.

As we learn more, we will provide updates.

 

More Like This

How to Onboard Remote Employees More Efficiently

How to Onboard Remote Employees More Efficiently As more companies switch to remote work, employers need to embrace the best onboarding practices to enhance new hires’ experience. Alignment involves updating various tools and processes to ensure seamless onboarding. Additionally, organizations are working tirelessly to leverage productivity hacks for remote teams. Onboarding new employees remotely change …

How to Onboard Remote Employees More Efficiently Read More »

Read More

How To Have a Successful Zoom Call

How To Have a Successful Zoom Call When the world went into lockdown, it effectively shut down business for a little while. In the legal world, however, you can’t just stop. This led to law firms and courts using Zoom to conduct hearings and trials. Naturally, this caused some issues. If you are not comfortable …

How To Have a Successful Zoom Call Read More »

Read More

Inclusive Work Environment Is Vital for Digital Transformation

Inclusive Work Environment Is Vital for Digital Transformation As an ever-increasing number of companies implement a digital transformation, decision-makers need to adopt viable ways to transition successfully. Creating an inclusive work environment is undoubtedly one of the best ways to achieve this objective. Many organizations find it easier to create the workplace of the future …

Inclusive Work Environment Is Vital for Digital Transformation Read More »

Read More

AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical …

AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool Read More »

Read More

Has Your Organization Been Breached By Solar Winds Malware?

Has Your Organization Been Breached By Solarwinds Malware? Although mainstream media coverage of the massive Solarwinds hack seems to indicate the danger is over, the sophisticated hackers may still be hiding in plain sight. Microsoft recently uncovered at least three strands of malware deployed by the alleged Russian hackers. This new revelation raises alarms across …

Has Your Organization Been Breached By Solar Winds Malware? Read More »

Read More

AA21-076A: TrickBot Malware

Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing campaigns using TrickBot …

AA21-076A: TrickBot Malware Read More »

Read More