June 5, 2023

New ransomware named Epsilon Red has been used to target at least one organization in the United States, and its operators have apparently already made a significant profit.Similar to Revil in nature but written better to Exploit

Victims are informed that their files have been encrypted and that their data has been stolen and will be leaked unless they pay the ransom. Originally developed as bare-bones Ransomware written in Go language. Its capable of scan and encrypt folders to an extent. Rest it will execute PowerShell script which will prepare system for actual Encryption

These PowerShell scripts are designed to modify firewall rules to allow the attackers’ remote connections, disable or kill processes that could prevent encryption, delete the Volume Shadow Copy to prevent recovery of encrypted files, delete Windows event logs, grant elevated permissions, uninstall security software, and obtain valuable data.

The initial access point in the attack spotted was likely an unpatched Microsoft Exchange server. The attackers may have leveraged the vulnerabilities known as ProxyLogon, which have been exploited by many threat groups. Epsilon Red stems from an X-Men villain who has Russian origins.

Leave a Reply

%d bloggers like this: