Blueliv Intelligence Briefing

Your cybersecurity news summary

Friday,   July 3rd,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

ThiefQuest ransomware is a file-stealing Mac wiper in disguise

A new data wiper and info-stealer called ThiefQuest is using ransomware as a decoy to steal files from macOS users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers. While not common, ransomware has been known to target the macOS platform in the past, with KeRanger, FileCoder (aka Findzip), and Patcher being three other examples of malware designed to encrypt Mac systems Learn more >

How EKANS ransomware targets industrial control systems

The EKANS ransomware family is one strain that has been used in targeted ICS campaigns. Researchers were able to obtain two modern samples, one from May and another compiled in June, which revealed some interesting features. Both Windows-based samples are written in GO, a programming language widely used in the malware development community as it is relatively easy to compile to work on different operating systems. Learn more >

Thanos Ransomware | RIPlace, Bootlocker and More Added to Feature Set

Thanos is a RaaS (Ransomware as a Service) that provides buyers and affiliates with a customized tool to build unique payloads. This tool is far more complex and robust than many previous builder-based ransomware services such as NemeS1S and Project Root. The generated payloads can be configured with numerous features and options. Many of the options available in the Thanos builder are designed to evade endpoint security products, and this includes the use of the RIPlace technique. Learn more >

Xerox allegedly suffers Maze Ransomware attack

The company declared over $1.8 billion in revenue in Q1 2020 and has 27,000 employees across the globe. It’s currently tracking at 347 of the Fortune 500 list. Maze ransomware operators claim to have stolen more than 100GB of files from Xerox and threaten to publish them is the company will not may the ransom. Learn more >

New Mac ransomware spreading through piracy

Researchers found a malicious Little Snitch installer available for download on a Russian forum dedicated to sharing torrent links. A post offered a torrent download for Little Snitch, followed by several comments that the download included malware. They discovered that not only was it malware, but a new Mac ransomware variant that was spreading via piracy. Learn more >

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the Evil Corp group in 2020. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017.   Learn more >  

Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline

Indian conglomerate Indiabulls Group has allegedly been hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data. The CLOP Ransomware operators claimed to have breached Indiabulls and have posted screenshots of files that they have allegedly stolen during the attack. When performing a ransomware attack, the CLOP threat actors are known to steal unencrypted files before deploying the ransomware. Learn more >

Demo Free Trial MSSP