BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

SCHEDULE A CALL

05 May 2020

Is this a new version of Nefilim Ransomware or something different?

Original release date: May 5, 2020

Summary

A possible new variant or maybe a different tactic now being used by the Nefilim Ransomware

Background

As noted originally by the BleepingComputer the ransomware going by the name of Nefilim came to be around the end of February2020. While these threat actors originally deployed a Tor Payment site for all of there decryption payments and tools, they migrated over to email based communications.

What has changed?

It would seem everything has changed with these guys now. While I am not 100% sure this is the Nefilim Ransomware, it would appear that some indications are looking like it.

ID Ransomware

If this had been identified correctly, and this is in fact Nefilim, then the same we have currently shows a lot of differences.

Let break it down

  1. This treat actor is now using a website called http://corpleaks.net/ to boast their work.
  2. Instead of a Ransomware note, a new desktop image is now left in it’s place
  3. While I am unsure how older versions of the ransomware process worked, currently there is a sync.exe file that is dropped onto the device. This program will scan the workstation and then actually sync the files collected to a remote server.

Conclusion

Further testing needs to be performed in order to confirm this is still Nefilim, a new varient, or a completely different ransomware all together.

As we learn more, we will provide updates.

 

More Like This

Are You Ready For Pandemic 2.0?

By | May 14, 2020
Will We Have Another Wave Of COVID-19? Dr. Anthony Fauci has made clear that he is almost certain the novel coronavirus will come back in the fall. Even so, a whopping 42% of CFOs don’t have a plan for what to do if the pandemic and accompanying shutdowns hit yet again. Don’t wait until fall hits to start …

Are You Ready For Pandemic 2.0? Read More »

Read More

AA20-133A: Top 10 Routinely Exploited Vulnerabilities

By | May 12, 2020
Original release date: May 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by …

AA20-133A: Top 10 Routinely Exploited Vulnerabilities Read More »

Read More

AA20-126A: APT Groups Target Healthcare and Essential Services

By Eric | May 5, 2020
Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 …

AA20-126A: APT Groups Target Healthcare and Essential Services Read More »

Read More

How to Use Microsoft Teams

By Eric | Apr 29, 2020
How to Use Microsoft Teams Technology Microsoft Teams has quickly become one of the most popular tools businesses are using as employees have migrated to working from home. How can your business best use Teams and its features to keep employees connected and productive during the COVID-19 pandemic? What Is Microsoft Teams? Microsoft Teams is …

How to Use Microsoft Teams Read More »

Read More

AA20-120A: Microsoft Office 365 Security Recommendations

By Eric | Apr 29, 2020
Original release date: April 29, 2020 Summary As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully considering the security configurations of these platforms. This Alert …

AA20-120A: Microsoft Office 365 Security Recommendations Read More »

Read More

AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

By Eric | Apr 16, 2020
Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update to Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-010A: Continued Exploitation of Pulse Secure …

AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching Read More »

Read More
SCHEDULE A CALL