BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

05 May 2020

Is this a new version of Nefilim Ransomware or something different?

Original release date: May 5, 2020

Summary

A possible new variant or maybe a different tactic now being used by the Nefilim Ransomware

Background

As noted originally by the BleepingComputer the ransomware going by the name of Nefilim came to be around the end of February2020. While these threat actors originally deployed a Tor Payment site for all of there decryption payments and tools, they migrated over to email based communications.

What has changed?

It would seem everything has changed with these guys now. While I am not 100% sure this is the Nefilim Ransomware, it would appear that some indications are looking like it.

ID Ransomware

If this had been identified correctly, and this is in fact Nefilim, then the same we have currently shows a lot of differences.

Let break it down

  1. This treat actor is now using a website called http://corpleaks.net/ to boast their work.
  2. Instead of a Ransomware note, a new desktop image is now left in it’s place
  3. While I am unsure how older versions of the ransomware process worked, currently there is a sync.exe file that is dropped onto the device. This program will scan the workstation and then actually sync the files collected to a remote server.

Conclusion

Further testing needs to be performed in order to confirm this is still Nefilim, a new varient, or a completely different ransomware all together.

As we learn more, we will provide updates.

 

More Like This

157-Year-Old Lincoln College Succumbed To A Ransomware Attack

157-Year-Old Lincoln College Succumbed To A Ransomware Attack On May 13th, 2022, a college that has remained open through two world wars, the 1918 Spanish flu epidemic, and the Great Depression will close its doors. The college has been struggling to stay afloat in recent years, and the coronavirus pandemic and a recent ransomware attack …

157-Year-Old Lincoln College Succumbed To A Ransomware Attack Read More »

Read More

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security …

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers Read More »

Read More

Zero Trust Networks: What Are They?

Zero Trust Networks: What Are They? The internet has brought a world of opportunity for businesses. It is easy for companies to reach out to consumers and offer them products or services without a physical storefront. However, this also opens businesses up to the risk of data breaches and cyber attacks. Cyber attacks can be …

Zero Trust Networks: What Are They? Read More »

Read More

AA22-117A: 2021 Top Routinely Exploited Vulnerabilities

Original release date: April 27, 2022 Summary This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security …

AA22-117A: 2021 Top Routinely Exploited Vulnerabilities Read More »

Read More

Can Ransomware Spread Through Business WiFi Networks?

Can Ransomware Spread Through WiFi? Ransomware has been a menace to businesses large and small for years, and the problem is only getting worse. One of the most insidious aspects of ransomware is its ability to spread through wifi networks, infecting multiple computers and devices. This can cause severe disruptions to business operations, as employees …

Can Ransomware Spread Through Business WiFi Networks? Read More »

Read More

AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Original release date: April 20, 2022 Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and training. The cybersecurity …

AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure Read More »

Read More