June 5, 2023

New ransomware named Epsilon Red has been used to target at least one organization in the United States, and its operators have apparently already made a significant profit.Similar to Revil in nature but written better to Exploit

Victims are informed that their files have been encrypted and that their data has been stolen and will be leaked unless they pay the ransom. Originally developed as bare-bones Ransomware written in Go language. Its capable of scan and encrypt folders to an extent. Rest it will execute PowerShell script which will prepare system for actual Encryption

These PowerShell scripts are designed to modify firewall rules to allow the attackers’ remote connections, disable or kill processes that could prevent encryption, delete the Volume Shadow Copy to prevent recovery of encrypted files, delete Windows event logs, grant elevated permissions, uninstall security software, and obtain valuable data.

The initial access point in the attack spotted was likely an unpatched Microsoft Exchange server. The attackers may have leveraged the vulnerabilities known as ProxyLogon, which have been exploited by many threat groups. Epsilon Red stems from an X-Men villain who has Russian origins.

Tags:

Leave a Reply

You may have missed

BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
CISA KEV Update Part I – May 2023

CISA KEV Update Part I – May 2023

June 3, 2023
Gigabyte Motherboards Backdoor’ed

Gigabyte Motherboards Backdoor’ed

June 3, 2023
MOVEit Vulnerability Exploited in Wild

MOVEit Vulnerability Exploited in Wild

June 2, 2023
%d bloggers like this: