TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    The end of the frictionless life

    July 2, 2022

    Twitch is testing channel surfing

    July 2, 2022

    You don’t need a crowd for a communal moment

    July 2, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Twitch is testing channel surfing

      July 2, 2022

      You can now play the “all your base are belong to us” game on your Switch

      July 2, 2022

      There’s a better way to bypass Windows 11 install restrictions

      July 2, 2022

      What is the best controller for Xbox consoles?

      July 1, 2022

      The GPU shortage is over

      July 1, 2022
    • Business
    • Cyber Security

      Tips to bolster cybersecurity, incident response this 4th of July weekend

      July 1, 2022

      Jon Raper named CISO at Costco

      July 1, 2022

      2022 RSAC takeaways: Risk management vs compliance

      July 1, 2022

      3 security lessons we haven’t learned from the Kaseya breach

      July 1, 2022

      Auston Davis named CISO at Versant Health

      June 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Was North Korea Wrongly Accused of Ransomware Attacks?
    Cyber Security

    Was North Korea Wrongly Accused of Ransomware Attacks?

    January 11, 2019Updated:January 14, 2019No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ryuk Ransomware’s Attribution to North Korea Likely Incorrect, Multiple Security Firms Believe

    The Ryuk ransomware that emerged in summer of 2018 is likely not the work of state-sponsored North Korean hackers, security researchers now say.

    First detailed in August 2018, the malware was tied to the Hermes ransomware, which was previously associated with Lazarus, a group of hackers notorious for a large number of high-profile attacks, including the attack against the Far Eastern International Bank (FEIB) in Taiwan.

    According to new research from FireEye, CrowdStrike, and McAfee, while Ryuk indeed features snippets of code previously observed in Hermes, the code similarities are insufficient to conclude that North Korea is indeed responsible for the Ryuk attacks.

    The Hermes ransomware, FireEye points out, was “advertised for sale in the underground community at one time,” which suggests other threat actors too might have had access to its code. 

    FireEye’s security researchers also observed Ryuk being deployed on systems that had been initially infected with the TrickBot malware. The TrickBot operator, which is likely based in Eastern Europe, is believed to be providing the malware to a small number of cybercriminals. 

    While not all TrickBot infections also deployed Ryuk, those that did showed consistency across gtags in the configuration files of TrickBot. The consistency supposedly resides in the propagation method, namely TrickBot’s worming module, which was configured to use those gtag values.

    The activity involving the TrickBot distribution and operation, and Ryuk deployment, the researchers say, might not be conducted by a common operator or group. 

    “It is also plausible that Ryuk malware is available to multiple eCrime actors who are also using TrickBot malware, or that at least one TrickBot user is selling access to environments they have compromised to a third party,” FireEye notes. 

    CrowdStrike’s security researchers, on the other hand, suggest that the eCrime actor named “GRIM SPIDER” is behind Ryuk, and that this group is a cell of the Russia-based criminal enterprise known for operating TrickBot (an actor the security firm refers to as “WIZARD SPIDER”). 

    Ryuk, CrowdStrike says, is specifically used to target enterprise environments, and its operators apparently “have netted over 705.80 BTC across 52 transactions for a total current value of $3,701,893.98.”

    The researchers note that there are indeed code similarities between Ryuk and Hermes, but also point out that Hermes was initially being sold on underground forums, in 2017. Lazarus did use Hermes in the attack on the Far Eastern International Bank in Taiwan, they say, which suggests the actor had access to the ransomware’s source code, “or a third party compiled and built a new version for them.” 

    The researchers also observed that the ransomware version used in the attack would not append the exported and encrypted AES key to the end of the encrypted files, making decryption impossible. Thus, the Hermes variant used in the FEIB SWIFT attack appears to have been designed to destroy the victim’s data. 

    The researchers also point out that Hermes initially emerged on a Russian-speaking forum, which would suggest that, if Hermes was indeed the work of North Korean-linked Lazarus, “nation-state threat actors are selling their services on Russian-speaking forums, which is unlikely.”

    McAfee, which analyzed the recent Ryuk cyberattack that disrupted the delivery of several major newspapers in the United States, says that evidence gathered during the investigation suggests that “the Ryuk attacks may not necessarily be backed by a nation-state, but rather share the hallmarks of a cybercrime operation.”

    A comparison between Ryuk and Hermes shows that the functionalities are generally equal, indicating that “the actors behind Ryuk have access to the Hermes source code,” McAfee notes. The security firm also points out that Hermes was being sold as a kit, meaning that the buyer had to do some fine tuning before distributing the ransomware, and that Ryuk might have emerged following such tuning. 

    “The most likely hypothesis in the Ryuk case is that of a cybercrime operation developed from a tool kit offered by a Russian-speaking actor. From the evidence, we see sample similarities over the past several months that indicate a tool kit is being used,” McAfee, which refrained from attributing the ransomware to a specific group, explains. 

    Do you have something related to Cybercrime to tell? Have you been attacked? Digitpol the global investigation firm can help you, visit Digitpol’s website to learn more.

    Related: Ransomware Attack Against Hosting Provider Confirms MSPs Are Prime Targets

    Related: Ryuk Ransomware Suspected in U.S. Newspaper Attack

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:

    Source link

    Do you need investigative support? Digitpol is a licensed and accredited investigation agency specialising in operational support and investigative services. Digitpol is specialise in the Investigation of Theft, Fraud, Corruption, Commercial Espionage, Cybercrime Investigation and Intellectual Property Crime. Digitpol’s team has extended skills in Data Recovery such as Computer Forensics, Mobile Phone Forensics, eDiscovery, Internet Monitoring and Automotive Forensic Investigation.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Tips to bolster cybersecurity, incident response this 4th of July weekend

    July 1, 2022 Cyber Security

    Jon Raper named CISO at Costco

    July 1, 2022 Cyber Security

    2022 RSAC takeaways: Risk management vs compliance

    July 1, 2022 Cyber Security

    3 security lessons we haven’t learned from the Kaseya breach

    July 1, 2022 Cyber Security

    Auston Davis named CISO at Versant Health

    June 30, 2022 Cyber Security

    Lessons learned from slew of recent data breaches

    June 30, 2022 Cyber Security
    Editors Picks

    Twitch is testing channel surfing

    July 2, 2022

    You don’t need a crowd for a communal moment

    July 2, 2022

    You can now play the “all your base are belong to us” game on your Switch

    July 2, 2022

    Crypto hedge fund Three Arrows files for bankruptcy

    July 2, 2022
    Trending Now

    Google closes data loophole amid privacy fears over abortion ruling

    By techbizweb

    Google will start auto-deleting abortion clinic visits from user location history

    By techbizweb

    Ryanair chief warns fares will rise for 5 years because flying is ‘too cheap’

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.