TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

    November 7, 2022

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

      November 7, 2022

      Devialet brings its sci-fi design aesthetics to a $790 portable speaker

      November 7, 2022

      Elon Musk’s response to fake verified Elon Twitter accounts: a new permanent ban policy for impersonation

      November 7, 2022

      The iPhone 14 Pro and Pro Max will come with ‘longer wait times’ due to factory lockdown

      November 6, 2022

      Meta’s reportedly planning to lay off ‘thousands’ of workers this week

      November 6, 2022
    • Business
    • Cyber Security
      National Security News

      List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

      September 24, 2022

      Cybersecurity ranked most serious enterprise risk in 2022

      August 31, 2022

      Registration open for CISA virtual summit on K-12 school safety

      August 31, 2022

      What do the Trickbot leaks reveal about Russian cybercrime?

      August 31, 2022

      What cybersecurity measures do CISOs outsource?

      August 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Was North Korea Wrongly Accused of Ransomware Attacks?
    Cyber Security

    Was North Korea Wrongly Accused of Ransomware Attacks?

    January 11, 2019Updated:January 14, 2019No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ryuk Ransomware’s Attribution to North Korea Likely Incorrect, Multiple Security Firms Believe

    The Ryuk ransomware that emerged in summer of 2018 is likely not the work of state-sponsored North Korean hackers, security researchers now say.

    First detailed in August 2018, the malware was tied to the Hermes ransomware, which was previously associated with Lazarus, a group of hackers notorious for a large number of high-profile attacks, including the attack against the Far Eastern International Bank (FEIB) in Taiwan.

    According to new research from FireEye, CrowdStrike, and McAfee, while Ryuk indeed features snippets of code previously observed in Hermes, the code similarities are insufficient to conclude that North Korea is indeed responsible for the Ryuk attacks.

    The Hermes ransomware, FireEye points out, was “advertised for sale in the underground community at one time,” which suggests other threat actors too might have had access to its code. 

    FireEye’s security researchers also observed Ryuk being deployed on systems that had been initially infected with the TrickBot malware. The TrickBot operator, which is likely based in Eastern Europe, is believed to be providing the malware to a small number of cybercriminals. 

    While not all TrickBot infections also deployed Ryuk, those that did showed consistency across gtags in the configuration files of TrickBot. The consistency supposedly resides in the propagation method, namely TrickBot’s worming module, which was configured to use those gtag values.

    The activity involving the TrickBot distribution and operation, and Ryuk deployment, the researchers say, might not be conducted by a common operator or group. 

    “It is also plausible that Ryuk malware is available to multiple eCrime actors who are also using TrickBot malware, or that at least one TrickBot user is selling access to environments they have compromised to a third party,” FireEye notes. 

    CrowdStrike’s security researchers, on the other hand, suggest that the eCrime actor named “GRIM SPIDER” is behind Ryuk, and that this group is a cell of the Russia-based criminal enterprise known for operating TrickBot (an actor the security firm refers to as “WIZARD SPIDER”). 

    Ryuk, CrowdStrike says, is specifically used to target enterprise environments, and its operators apparently “have netted over 705.80 BTC across 52 transactions for a total current value of $3,701,893.98.”

    The researchers note that there are indeed code similarities between Ryuk and Hermes, but also point out that Hermes was initially being sold on underground forums, in 2017. Lazarus did use Hermes in the attack on the Far Eastern International Bank in Taiwan, they say, which suggests the actor had access to the ransomware’s source code, “or a third party compiled and built a new version for them.” 

    The researchers also observed that the ransomware version used in the attack would not append the exported and encrypted AES key to the end of the encrypted files, making decryption impossible. Thus, the Hermes variant used in the FEIB SWIFT attack appears to have been designed to destroy the victim’s data. 

    The researchers also point out that Hermes initially emerged on a Russian-speaking forum, which would suggest that, if Hermes was indeed the work of North Korean-linked Lazarus, “nation-state threat actors are selling their services on Russian-speaking forums, which is unlikely.”

    McAfee, which analyzed the recent Ryuk cyberattack that disrupted the delivery of several major newspapers in the United States, says that evidence gathered during the investigation suggests that “the Ryuk attacks may not necessarily be backed by a nation-state, but rather share the hallmarks of a cybercrime operation.”

    A comparison between Ryuk and Hermes shows that the functionalities are generally equal, indicating that “the actors behind Ryuk have access to the Hermes source code,” McAfee notes. The security firm also points out that Hermes was being sold as a kit, meaning that the buyer had to do some fine tuning before distributing the ransomware, and that Ryuk might have emerged following such tuning. 

    “The most likely hypothesis in the Ryuk case is that of a cybercrime operation developed from a tool kit offered by a Russian-speaking actor. From the evidence, we see sample similarities over the past several months that indicate a tool kit is being used,” McAfee, which refrained from attributing the ransomware to a specific group, explains. 

    Do you have something related to Cybercrime to tell? Have you been attacked? Digitpol the global investigation firm can help you, visit Digitpol’s website to learn more.

    Related: Ransomware Attack Against Hosting Provider Confirms MSPs Are Prime Targets

    Related: Ryuk Ransomware Suspected in U.S. Newspaper Attack

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:

    Source link

    Do you need investigative support? Digitpol is a licensed and accredited investigation agency specialising in operational support and investigative services. Digitpol is specialise in the Investigation of Theft, Fraud, Corruption, Commercial Espionage, Cybercrime Investigation and Intellectual Property Crime. Digitpol’s team has extended skills in Data Recovery such as Computer Forensics, Mobile Phone Forensics, eDiscovery, Internet Monitoring and Automotive Forensic Investigation.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    National Security News

    List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

    September 24, 2022 Cyber Security

    Cybersecurity ranked most serious enterprise risk in 2022

    August 31, 2022 Cyber Security

    Registration open for CISA virtual summit on K-12 school safety

    August 31, 2022 Cyber Security

    What do the Trickbot leaks reveal about Russian cybercrime?

    August 31, 2022 Cyber Security

    What cybersecurity measures do CISOs outsource?

    August 30, 2022 Cyber Security

    SIA announces Women in Security Forum scholarship recipients

    August 30, 2022 Cyber Security
    Editors Picks

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022

    Google Cloud Says Running Validator on Solana Blockchain

    November 7, 2022

    European stocks rise as investors boosted by China speculation

    November 7, 2022
    Trending Now

    Evergrande creditors sell ‘Versailles mansion’ plot in Hong Kong

    By techbizweb

    OpenSea Creates Tool for NFT Creators to Enforce Royalties On-Chain

    By techbizweb

    FTSE chairs warn of declining relations with institutional investors

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2023 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.