Lazarus on the hunt for big game
Contents
We may only be six months in, but there’s little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents and through discussions with some of our trusted industry partners, we feel that we now have a good grasp on how the ransomware ecosystem is structured.
Structure of the ransomware ecosystem
Criminals piggyback on widespread botnet infections (for instance, the infamous Emotet and Trickbot malware families) to spread into the network of promising victims and license ransomware “products” from third-party developers. When the attackers have a good understanding of the target’s finances and IT processes, they deploy the ransomware on all the company’s assets and enter the negotiation phase.
This ecosystem operates in independent, highly specialized clusters, which in most cases have no links to …
Structure of the ransomware ecosystem
Criminals piggyback on widespread botnet infections (for instance, the infamous Emotet and Trickbot malware families) to spread into the network of promising victims and license ransomware “products” from third-party developers. When the attackers have a good understanding of the target’s finances and IT processes, they deploy the ransomware on all the company’s assets and enter the negotiation phase.
This ecosystem operates in independent, highly specialized clusters, which in most cases have no links to …
IoC
104.232.71.7
172.93.184.62
23.227.199.69
6D12547772B57A6DA2B25D2188451983
CCC6026ACF7EADADA9ADACCAB70CA4D6
D0806C9D8BCEA0BD47D80FA004744D7D
DD00A8610BB84B54E99AE8099DB1FC20
EFD4A87E7C5DCBB64B7313A13B4B1012
http://104.232.71.7
http://172.93.184.62
http://23.227.199.69
http://mnmski.cafe24.com
172.93.184.62
23.227.199.69
6D12547772B57A6DA2B25D2188451983
CCC6026ACF7EADADA9ADACCAB70CA4D6
D0806C9D8BCEA0BD47D80FA004744D7D
DD00A8610BB84B54E99AE8099DB1FC20
EFD4A87E7C5DCBB64B7313A13B4B1012
http://104.232.71.7
http://172.93.184.62
http://23.227.199.69
http://mnmski.cafe24.com