April 27, 2024

New ransomware named Epsilon Red has been used to target at least one organization in the United States, and its operators have apparently already made a significant profit.Similar to Revil in nature but written better to Exploit

Victims are informed that their files have been encrypted and that their data has been stolen and will be leaked unless they pay the ransom. Originally developed as bare-bones Ransomware written in Go language. Its capable of scan and encrypt folders to an extent. Rest it will execute PowerShell script which will prepare system for actual Encryption

These PowerShell scripts are designed to modify firewall rules to allow the attackers’ remote connections, disable or kill processes that could prevent encryption, delete the Volume Shadow Copy to prevent recovery of encrypted files, delete Windows event logs, grant elevated permissions, uninstall security software, and obtain valuable data.

The initial access point in the attack spotted was likely an unpatched Microsoft Exchange server. The attackers may have leveraged the vulnerabilities known as ProxyLogon, which have been exploited by many threat groups. Epsilon Red stems from an X-Men villain who has Russian origins.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

CISA adds CVE-2022-38028 to KEV Catalog

April 27, 2024

GitLab April 2024 Security Advisory – CVE-2024-2434

April 26, 2024

CISA KEV Update April 2024 – Part II

April 25, 2024

ArcaneDoor Exploits Cisco ASA and FTD

April 25, 2024

Google Fixes Critical Vulnerability in Chrome -CVE-2024-4058

April 24, 2024

Red Ransomware Victimized Targus

April 23, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading